Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reg Svr 32 error, High CPU, and Dllhost.exe *32 COM Surrogate


  • This topic is locked This topic is locked
18 replies to this topic

#1 zengo

zengo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 18 February 2014 - 01:02 PM

Hello,

First of all I would just like to thank you this website has been a bastion for computer issues for over 2 years for me. I have looked at multiple forums but I still cannot solve a problem I am having with my dad's computer. I have run Microsoft security essentials, tdss killer, malwarebytes, and multiple other programs but have still not solved the problem of high CPU usage. When the desktop opens there is a pop up labeled Reg Svr 32, also the CPU usage is never stable spiking to as high as 80 to 100 percent when the computer is near idle. Occasionally, a window pops up saying that COM Surragate has stopped working. The number of processes in the wndows task manager also fluctuate and many of the processes are called  dllhost.exe *32 and their description is COM Surrogate. Thank you for all your help and I hope to hear from you soon as my dad really needs this computer for work.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16533
Run by Bob at 13:13:42 on 2014-02-18
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MDworks] regsvr32.exe C:\Users\Bob\AppData\Local\MDworks\CUDART32_32_7.DLL
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1 167.206.251.129
TCP: Interfaces\{B8024632-C5B4-427C-B055-F2C7C2E02023} : DHCPNameServer = 192.168.2.1 167.206.251.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R? atashost;WebEx Service Host for Support Center
R? BackupService;BackupService
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? Impcd;Impcd
R? TsUsbFlt;TsUsbFlt
R? UMVPFSrv;UMVPFSrv
R? WatAdminSvc;Windows Activation Technologies Service
R? WDBackup;WD Backup
R? WDC_SAM;WD SCSI Pass Thru driver
R? WDDriveService;WD Drive Manager
R? WDRulesService;WD Rules
S? !SASCORE;SAS Core Service
S? Blackberry Device Manager;Blackberry Device Manager
S? HECIx64;Intel® Management Engine Interface
S? IntcDAud;Intel® Display Audio
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? LVRS64;Logitech RightSound Filter Driver
S? LVUVC64;Logitech Webcam 500(UVC)
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? PxHlpa64;PxHlpa64
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2014-02-18 18:11:57 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44254565-D619-4754-91B6-29A735D58FDC}\offreg.dll
2014-02-18 16:24:06 -------- d-----w- C:\Users\Bob\AppData\Local\CrashDumps
2014-02-18 16:23:10 -------- d-----w- C:\AdwCleaner
2014-02-16 15:18:39 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44254565-D619-4754-91B6-29A735D58FDC}\mpengine.dll
2014-02-15 13:33:31 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-12 13:27:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 13:27:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 13:27:16 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 13:27:16 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 13:27:01 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 13:27:00 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 13:27:00 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 13:27:00 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-01 20:13:45 -------- d-----w- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-01 20:13:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-02-01 20:13:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-01-31 01:24:08 9680 ----a-w- C:\Windows\System32\cc_20140130_202402.reg
2014-01-25 22:41:15 -------- d-----w- C:\Users\Bob\AppData\Local\Blizzard
2014-01-25 22:31:44 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-01-25 22:29:09 -------- d-----w- C:\Users\Bob\AppData\Local\Blizzard Entertainment
2014-01-25 22:29:07 -------- d-----w- C:\Users\Bob\AppData\Roaming\Battle.net
2014-01-25 22:29:07 -------- d-----w- C:\Users\Bob\AppData\Local\Battle.net
2014-01-25 22:28:58 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-01-25 22:28:58 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-01-25 22:28:58 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-01-25 22:27:31 -------- d-----w- C:\ProgramData\Battle.net
2014-01-23 04:50:19 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{636DBF67-8299-400F-A151-AD1EAF67B8D7}\gapaengine.dll
.
==================== Find3M  ====================
.
2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:20:12.34 ===============

Edited by zengo, 18 February 2014 - 01:24 PM.


BC AdBot (Login to Remove)

 


#2 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 18 February 2014 - 01:28 PM

Unfortunately, I forgot to attach the DDS attach file and I was unable to figure out how to attach files after the initial post. If it is necessary to create a new post with the attached files please let me know.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 AM

Posted 21 February 2014 - 08:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#4 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 21 February 2014 - 12:41 PM

Hello, I couldnt find the mbr.dat file that you indicated would be on my desktop. If there is another way to retrieve this file let me know and I can send you a compressed copy of it. Also, I just had a pop from internet explorer, which I do not use ever, that says that there is a virus on my computer and asked me if I wanted to leave page.
 
 
 
11:44:02.0538 0x27f8  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
11:44:09.0138 0x27f8  ============================================================
11:44:09.0139 0x27f8  Current date / time: 2014/02/21 11:44:09.0138
11:44:09.0139 0x27f8  SystemInfo:
11:44:09.0139 0x27f8  
11:44:09.0139 0x27f8  OS Version: 6.1.7601 ServicePack: 1.0
11:44:09.0139 0x27f8  Product type: Workstation
11:44:09.0139 0x27f8  ComputerName: BOB-PC
11:44:09.0139 0x27f8  UserName: Bob
11:44:09.0139 0x27f8  Windows directory: C:\Windows
11:44:09.0139 0x27f8  System windows directory: C:\Windows
11:44:09.0139 0x27f8  Running under WOW64
11:44:09.0139 0x27f8  Processor architecture: Intel x64
11:44:09.0139 0x27f8  Number of processors: 4
11:44:09.0139 0x27f8  Page size: 0x1000
11:44:09.0139 0x27f8  Boot type: Normal boot
11:44:09.0139 0x27f8  ============================================================
11:44:15.0413 0x27f8  KLMD registered as C:\Windows\system32\drivers\87606145.sys
11:44:16.0838 0x27f8  System UUID: {B8B7F06C-E781-7CBA-D4E2-2B09BE0660D7}
11:44:18.0788 0x27f8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:18.0820 0x27f8  ============================================================
11:44:18.0820 0x27f8  \Device\Harddisk0\DR0:
11:44:18.0820 0x27f8  MBR partitions:
11:44:18.0820 0x27f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000
11:44:18.0820 0x27f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312F000
11:44:18.0820 0x27f8  ============================================================
11:44:18.0891 0x27f8  C: <-> \Device\Harddisk0\DR0\Partition2
11:44:18.0891 0x27f8  ============================================================
11:44:18.0891 0x27f8  Initialize success
11:44:18.0891 0x27f8  ============================================================
11:45:05.0269 0x1d88  ============================================================
11:45:05.0289 0x1d88  Scan started
11:45:05.0289 0x1d88  Mode: Manual; SigCheck; TDLFS; 
11:45:05.0289 0x1d88  ============================================================
11:45:05.0289 0x1d88  KSN ping started
11:45:58.0692 0x1d88  KSN ping finished: false
11:46:05.0352 0x1d88  ================ Scan system memory ========================
11:46:05.0352 0x1d88  System memory - ok
11:46:05.0352 0x1d88  ================ Scan services =============================
11:46:05.0712 0x1d88  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:46:08.0213 0x1d88  !SASCORE - ok
11:46:08.0988 0x1d88  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:46:09.0214 0x1d88  1394ohci - ok
11:46:09.0251 0x1d88  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:46:09.0281 0x1d88  ACPI - ok
11:46:09.0326 0x1d88  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:46:09.0383 0x1d88  AcpiPmi - ok
11:46:09.0652 0x1d88  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:46:09.0692 0x1d88  AdobeARMservice - ok
11:46:10.0025 0x1d88  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:46:10.0059 0x1d88  AdobeFlashPlayerUpdateSvc - ok
11:46:10.0101 0x1d88  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:10.0226 0x1d88  adp94xx - ok
11:46:10.0290 0x1d88  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:46:10.0319 0x1d88  adpahci - ok
11:46:10.0423 0x1d88  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:46:10.0448 0x1d88  adpu320 - ok
11:46:10.0555 0x1d88  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:46:10.0890 0x1d88  AeLookupSvc - ok
11:46:10.0978 0x1d88  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
11:46:11.0085 0x1d88  AFD - ok
11:46:11.0125 0x1d88  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
11:46:11.0166 0x1d88  agp440 - ok
11:46:11.0190 0x1d88  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:46:11.0455 0x1d88  ALG - ok
11:46:11.0469 0x1d88  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:46:11.0482 0x1d88  aliide - ok
11:46:11.0496 0x1d88  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:46:11.0523 0x1d88  amdide - ok
11:46:11.0533 0x1d88  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:46:11.0601 0x1d88  AmdK8 - ok
11:46:11.0619 0x1d88  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:46:11.0635 0x1d88  AmdPPM - ok
11:46:11.0665 0x1d88  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:46:11.0685 0x1d88  amdsata - ok
11:46:11.0720 0x1d88  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:11.0740 0x1d88  amdsbs - ok
11:46:11.0757 0x1d88  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:46:11.0777 0x1d88  amdxata - ok
11:46:11.0807 0x1d88  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
11:46:11.0927 0x1d88  AppID - ok
11:46:11.0947 0x1d88  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:46:11.0997 0x1d88  AppIDSvc - ok
11:46:12.0037 0x1d88  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
11:46:12.0097 0x1d88  Appinfo - ok
11:46:12.0137 0x1d88  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:46:12.0147 0x1d88  arc - ok
11:46:12.0167 0x1d88  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:46:12.0177 0x1d88  arcsas - ok
11:46:12.0347 0x1d88  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:46:12.0401 0x1d88  aspnet_state - ok
11:46:12.0419 0x1d88  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:12.0562 0x1d88  AsyncMac - ok
11:46:12.0583 0x1d88  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:46:12.0596 0x1d88  atapi - ok
11:46:12.0721 0x1d88  [ 3CC3E7786FFD8AF358C40B9CE592F321, F936F52E8B86DB8CFACD97D9C6283CE591B1C63DBDD45545BCCFF9C16E49AC32 ] atashost        C:\Windows\SysWOW64\atashost.exe
11:46:12.0776 0x1d88  atashost - ok
11:46:12.0843 0x1d88  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:46:12.0983 0x1d88  AudioEndpointBuilder - ok
11:46:13.0045 0x1d88  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:46:13.0170 0x1d88  AudioSrv - ok
11:46:13.0227 0x1d88  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:46:13.0317 0x1d88  AxInstSV - ok
11:46:13.0347 0x1d88  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:13.0467 0x1d88  b06bdrv - ok
11:46:13.0487 0x1d88  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:13.0547 0x1d88  b57nd60a - ok
11:46:13.0678 0x1d88  [ 68B86DD9D455A6A8DE6D13C84FB5CE31, ED02BCEE2874F2E1B32CB0F6E44712BEDF80ABC3E8F233D258D485CCE2714C17 ] BackupService   C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
11:46:14.0051 0x1d88  BackupService - ok
11:46:14.0091 0x1d88  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:46:14.0181 0x1d88  BDESVC - ok
11:46:14.0191 0x1d88  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:46:14.0271 0x1d88  Beep - ok
11:46:14.0343 0x1d88  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
11:46:14.0423 0x1d88  BFE - ok
11:46:14.0493 0x1d88  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
11:46:14.0713 0x1d88  BITS - ok
11:46:14.0923 0x1d88  [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
11:46:14.0953 0x1d88  Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
11:46:25.0229 0x1d88  Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - warning
11:46:38.0187 0x1d88  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:38.0260 0x1d88  blbdrive - ok
11:46:38.0309 0x1d88  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:46:38.0409 0x1d88  bowser - ok
11:46:38.0429 0x1d88  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:38.0529 0x1d88  BrFiltLo - ok
11:46:38.0549 0x1d88  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:38.0569 0x1d88  BrFiltUp - ok
11:46:38.0609 0x1d88  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:46:38.0714 0x1d88  BridgeMP - ok
11:46:38.0779 0x1d88  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
11:46:38.0881 0x1d88  Browser - ok
11:46:38.0931 0x1d88  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:46:39.0021 0x1d88  Brserid - ok
11:46:39.0021 0x1d88  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:39.0071 0x1d88  BrSerWdm - ok
11:46:39.0081 0x1d88  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:39.0140 0x1d88  BrUsbMdm - ok
11:46:39.0153 0x1d88  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:39.0183 0x1d88  BrUsbSer - ok
11:46:39.0193 0x1d88  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:39.0223 0x1d88  BTHMODEM - ok
11:46:39.0253 0x1d88  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:46:39.0333 0x1d88  bthserv - ok
11:46:39.0425 0x1d88  catchme - ok
11:46:39.0445 0x1d88  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:46:39.0495 0x1d88  cdfs - ok
11:46:39.0545 0x1d88  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:46:39.0599 0x1d88  cdrom - ok
11:46:39.0667 0x1d88  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:46:39.0707 0x1d88  CertPropSvc - ok
11:46:39.0717 0x1d88  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:46:39.0737 0x1d88  circlass - ok
11:46:39.0777 0x1d88  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
11:46:39.0807 0x1d88  CLFS - ok
11:46:39.0897 0x1d88  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:39.0907 0x1d88  clr_optimization_v2.0.50727_32 - ok
11:46:40.0017 0x1d88  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:46:40.0027 0x1d88  clr_optimization_v2.0.50727_64 - ok
11:46:40.0077 0x1d88  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:46:40.0207 0x1d88  clr_optimization_v4.0.30319_32 - ok
11:46:40.0237 0x1d88  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:46:40.0297 0x1d88  clr_optimization_v4.0.30319_64 - ok
11:46:40.0307 0x1d88  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:40.0367 0x1d88  CmBatt - ok
11:46:40.0397 0x1d88  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:46:40.0407 0x1d88  cmdide - ok
11:46:40.0457 0x1d88  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
11:46:40.0599 0x1d88  CNG - ok
11:46:40.0599 0x1d88  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:46:40.0619 0x1d88  Compbatt - ok
11:46:40.0639 0x1d88  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:46:40.0669 0x1d88  CompositeBus - ok
11:46:40.0689 0x1d88  COMSysApp - ok
11:46:40.0699 0x1d88  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:40.0709 0x1d88  crcdisk - ok
11:46:40.0729 0x1d88  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:46:40.0789 0x1d88  CryptSvc - ok
11:46:40.0829 0x1d88  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:46:40.0941 0x1d88  DcomLaunch - ok
11:46:41.0001 0x1d88  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:46:41.0091 0x1d88  defragsvc - ok
11:46:41.0131 0x1d88  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:46:41.0191 0x1d88  DfsC - ok
11:46:41.0291 0x1d88  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:46:41.0361 0x1d88  Dhcp - ok
11:46:41.0371 0x1d88  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:46:41.0431 0x1d88  discache - ok
11:46:41.0461 0x1d88  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:46:41.0481 0x1d88  Disk - ok
11:46:41.0511 0x1d88  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:46:41.0563 0x1d88  Dnscache - ok
11:46:41.0653 0x1d88  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:46:41.0713 0x1d88  dot3svc - ok
11:46:41.0733 0x1d88  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
11:46:41.0793 0x1d88  DPS - ok
11:46:41.0823 0x1d88  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:46:41.0883 0x1d88  drmkaud - ok
11:46:41.0965 0x1d88  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:46:42.0015 0x1d88  DXGKrnl - ok
11:46:42.0035 0x1d88  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:46:42.0085 0x1d88  EapHost - ok
11:46:42.0385 0x1d88  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:46:42.0587 0x1d88  ebdrv - ok
11:46:42.0737 0x1d88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
11:46:42.0957 0x1d88  EFS - ok
11:46:43.0537 0x1d88  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:46:43.0927 0x1d88  ehRecvr - ok
11:46:43.0947 0x1d88  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
11:46:44.0067 0x1d88  ehSched - ok
11:46:44.0194 0x1d88  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:46:44.0239 0x1d88  elxstor - ok
11:46:44.0299 0x1d88  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:46:44.0381 0x1d88  ErrDev - ok
11:46:44.0651 0x1d88  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:46:44.0741 0x1d88  EventSystem - ok
11:46:44.0803 0x1d88  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:46:44.0903 0x1d88  exfat - ok
11:46:44.0913 0x1d88  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:46:44.0973 0x1d88  fastfat - ok
11:46:45.0193 0x1d88  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
11:46:45.0283 0x1d88  Fax - ok
11:46:45.0323 0x1d88  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:46:45.0393 0x1d88  fdc - ok
11:46:45.0433 0x1d88  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:46:45.0515 0x1d88  fdPHost - ok
11:46:45.0525 0x1d88  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:46:45.0595 0x1d88  FDResPub - ok
11:46:45.0635 0x1d88  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:46:45.0645 0x1d88  FileInfo - ok
11:46:45.0695 0x1d88  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:46:45.0765 0x1d88  Filetrace - ok
11:46:45.0775 0x1d88  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:45.0795 0x1d88  flpydisk - ok
11:46:45.0855 0x1d88  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:46:45.0875 0x1d88  FltMgr - ok
11:46:46.0067 0x1d88  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
11:46:46.0199 0x1d88  FontCache - ok
11:46:46.0271 0x1d88  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:46:46.0331 0x1d88  FontCache3.0.0.0 - ok
11:46:46.0351 0x1d88  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:46:46.0371 0x1d88  FsDepends - ok
11:46:46.0411 0x1d88  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:46:46.0433 0x1d88  Fs_Rec - ok
11:46:46.0503 0x1d88  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:46:46.0543 0x1d88  fvevol - ok
11:46:46.0573 0x1d88  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:46:46.0617 0x1d88  gagp30kx - ok
11:46:46.0766 0x1d88  [ 5CC2B1D06AC1962AF5FBBCF88D781DD8, 87C13ADF3D88DB75A882B3568CC70C4DE748682118ECC1EED882EA6D999B3689 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
11:46:46.0937 0x1d88  GoToAssist - ok
11:46:47.0029 0x1d88  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:46:47.0139 0x1d88  gpsvc - ok
11:46:47.0229 0x1d88  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:46:47.0249 0x1d88  gupdate - ok
11:46:47.0269 0x1d88  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:46:47.0279 0x1d88  gupdatem - ok
11:46:47.0329 0x1d88  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:46:47.0429 0x1d88  hcw85cir - ok
11:46:47.0479 0x1d88  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:46:47.0519 0x1d88  HdAudAddService - ok
11:46:47.0575 0x1d88  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:46:47.0641 0x1d88  HDAudBus - ok
11:46:47.0811 0x1d88  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
11:46:48.0001 0x1d88  HECIx64 - ok
11:46:48.0051 0x1d88  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:46:48.0102 0x1d88  HidBatt - ok
11:46:48.0146 0x1d88  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:46:48.0202 0x1d88  HidBth - ok
11:46:48.0210 0x1d88  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:46:48.0263 0x1d88  HidIr - ok
11:46:48.0303 0x1d88  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
11:46:48.0381 0x1d88  hidserv - ok
11:46:48.0435 0x1d88  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:46:48.0643 0x1d88  HidUsb - ok
11:46:48.0674 0x1d88  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:46:49.0499 0x1d88  hkmsvc - ok
11:46:49.0591 0x1d88  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:46:49.0671 0x1d88  HomeGroupListener - ok
11:46:49.0771 0x1d88  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:46:49.0821 0x1d88  HomeGroupProvider - ok
11:46:49.0881 0x1d88  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:46:49.0911 0x1d88  HpSAMD - ok
11:46:50.0051 0x1d88  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:46:50.0181 0x1d88  HTTP - ok
11:46:50.0251 0x1d88  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:46:50.0321 0x1d88  hwpolicy - ok
11:46:50.0461 0x1d88  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:46:50.0561 0x1d88  i8042prt - ok
11:46:50.0841 0x1d88  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:46:50.0881 0x1d88  iaStorV - ok
11:46:51.0329 0x1d88  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:46:51.0739 0x1d88  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
11:46:51.0889 0x1d88  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:46:53.0119 0x1d88  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:46:53.0611 0x1d88  idsvc - ok
11:46:59.0730 0x1d88  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:47:01.0881 0x1d88  igfx - ok
11:47:02.0243 0x1d88  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:47:02.0525 0x1d88  iirsp - ok
11:47:03.0115 0x1d88  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
11:47:03.0307 0x1d88  IKEEXT - ok
11:47:03.0479 0x1d88  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
11:47:04.0463 0x1d88  Impcd - ok
11:47:06.0417 0x1d88  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:47:06.0722 0x1d88  IntcAzAudAddService - ok
11:47:06.0861 0x1d88  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:47:06.0949 0x1d88  IntcDAud - ok
11:47:07.0070 0x1d88  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:47:07.0131 0x1d88  intelide - ok
11:47:07.0271 0x1d88  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:47:07.0411 0x1d88  intelppm - ok
11:47:07.0801 0x1d88  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:47:08.0045 0x1d88  IPBusEnum - ok
11:47:08.0185 0x1d88  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:47:08.0255 0x1d88  IpFilterDriver - ok
11:47:08.0545 0x1d88  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:47:08.0785 0x1d88  iphlpsvc - ok
11:47:08.0845 0x1d88  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:47:09.0075 0x1d88  IPMIDRV - ok
11:47:09.0375 0x1d88  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:47:09.0545 0x1d88  IPNAT - ok
11:47:09.0817 0x1d88  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:47:12.0259 0x1d88  IRENUM - ok
11:47:12.0429 0x1d88  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:47:12.0449 0x1d88  isapnp - ok
11:47:12.0759 0x1d88  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:47:12.0821 0x1d88  iScsiPrt - ok
11:47:13.0121 0x1d88  [ 3C20F584BEF50C26D1B198039658A80C, B587C55B6A766F4A2677B6CCDD15B03D7C21BBB2956CF8B35FF40B742A42096D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
11:47:13.0281 0x1d88  k57nd60a - ok
11:47:13.0471 0x1d88  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:47:13.0591 0x1d88  kbdclass - ok
11:47:13.0751 0x1d88  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:47:13.0881 0x1d88  kbdhid - ok
11:47:14.0261 0x1d88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
11:47:14.0581 0x1d88  KeyIso - ok
11:47:14.0773 0x1d88  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:47:14.0913 0x1d88  KSecDD - ok
11:47:15.0223 0x1d88  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:47:15.0343 0x1d88  KSecPkg - ok
11:47:15.0645 0x1d88  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:47:15.0917 0x1d88  ksthunk - ok
11:47:16.0249 0x1d88  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:47:16.0481 0x1d88  KtmRm - ok
11:47:16.0631 0x1d88  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:47:16.0813 0x1d88  LanmanServer - ok
11:47:16.0993 0x1d88  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:47:18.0055 0x1d88  LanmanWorkstation - ok
11:47:18.0227 0x1d88  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:47:18.0407 0x1d88  lltdio - ok
11:47:19.0127 0x1d88  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:47:19.0227 0x1d88  lltdsvc - ok
11:47:19.0429 0x1d88  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:47:19.0607 0x1d88  lmhosts - ok
11:47:20.0021 0x1d88  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:47:20.0091 0x1d88  LSI_FC - ok
11:47:20.0131 0x1d88  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:47:20.0151 0x1d88  LSI_SAS - ok
11:47:20.0233 0x1d88  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:47:20.0723 0x1d88  LSI_SAS2 - ok
11:47:20.0809 0x1d88  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:47:20.0845 0x1d88  LSI_SCSI - ok
11:47:20.0987 0x1d88  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:47:21.0196 0x1d88  luafv - ok
11:47:21.0503 0x1d88  [ EF2BE2F45D4F06410A3BD2A3467325B0, F34741314ACD61A26F774FA91CBB5B5197F1853326C7CE4DF84B095906256696 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
11:47:21.0593 0x1d88  LVRS64 - ok
11:47:23.0651 0x1d88  [ AC22F92C6078640FE8A70D662A2F3AD5, 48AE7ADBE55CE15AACBD59869C1ECC609CCEA6DE7B4CAA263AF227070599D707 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
11:47:23.0951 0x1d88  LVUVC64 - ok
11:47:24.0411 0x1d88  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:47:24.0541 0x1d88  MBAMProtector - ok
11:47:25.0017 0x1d88  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:47:25.0645 0x1d88  MBAMScheduler - ok
11:47:26.0085 0x1d88  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:47:26.0157 0x1d88  MBAMService - ok
11:47:26.0377 0x1d88  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:47:27.0271 0x1d88  Mcx2Svc - ok
11:47:27.0323 0x1d88  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:47:27.0435 0x1d88  megasas - ok
11:47:27.0585 0x1d88  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:47:27.0665 0x1d88  MegaSR - ok
11:47:28.0965 0x1d88  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:47:29.0035 0x1d88  Microsoft Office Groove Audit Service - ok
11:47:29.0175 0x1d88  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:47:29.0295 0x1d88  MMCSS - ok
11:47:29.0405 0x1d88  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:47:29.0545 0x1d88  Modem - ok
11:47:29.0585 0x1d88  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:47:29.0755 0x1d88  monitor - ok
11:47:29.0905 0x1d88  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:47:30.0305 0x1d88  mouclass - ok
11:47:30.0615 0x1d88  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:47:31.0915 0x1d88  mouhid - ok
11:47:32.0275 0x1d88  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:47:32.0425 0x1d88  mountmgr - ok
11:47:33.0135 0x1d88  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:47:33.0285 0x1d88  MpFilter - ok
11:47:33.0394 0x1d88  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:47:33.0437 0x1d88  mpio - ok
11:47:33.0512 0x1d88  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:47:33.0728 0x1d88  mpsdrv - ok
11:47:34.0213 0x1d88  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:47:34.0410 0x1d88  MpsSvc - ok
11:47:34.0545 0x1d88  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:47:35.0465 0x1d88  MRxDAV - ok
11:47:35.0595 0x1d88  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:47:35.0875 0x1d88  mrxsmb - ok
11:47:36.0045 0x1d88  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:47:36.0125 0x1d88  mrxsmb10 - ok
11:47:36.0185 0x1d88  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:47:36.0275 0x1d88  mrxsmb20 - ok
11:47:36.0375 0x1d88  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:47:36.0495 0x1d88  msahci - ok
11:47:36.0555 0x1d88  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:47:36.0585 0x1d88  msdsm - ok
11:47:36.0695 0x1d88  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:47:37.0297 0x1d88  MSDTC - ok
11:47:37.0377 0x1d88  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:47:37.0487 0x1d88  Msfs - ok
11:47:37.0567 0x1d88  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:47:37.0657 0x1d88  mshidkmdf - ok
11:47:37.0687 0x1d88  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:47:37.0697 0x1d88  msisadrv - ok
11:47:37.0877 0x1d88  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:47:38.0097 0x1d88  MSiSCSI - ok
11:47:38.0107 0x1d88  msiserver - ok
11:47:38.0167 0x1d88  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:47:38.0257 0x1d88  MSKSSRV - ok
11:47:39.0347 0x1d88  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:47:39.0397 0x1d88  MsMpSvc - ok
11:47:39.0447 0x1d88  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:47:39.0507 0x1d88  MSPCLOCK - ok
11:47:39.0517 0x1d88  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:47:39.0587 0x1d88  MSPQM - ok
11:47:39.0707 0x1d88  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:47:39.0727 0x1d88  MsRPC - ok
11:47:39.0767 0x1d88  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:47:39.0817 0x1d88  mssmbios - ok
11:47:39.0909 0x1d88  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:47:39.0979 0x1d88  MSTEE - ok
11:47:39.0989 0x1d88  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:40.0079 0x1d88  MTConfig - ok
11:47:40.0149 0x1d88  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:47:40.0229 0x1d88  Mup - ok
11:47:40.0309 0x1d88  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
11:47:40.0399 0x1d88  napagent - ok
11:47:40.0539 0x1d88  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:47:40.0629 0x1d88  NativeWifiP - ok
11:47:40.0789 0x1d88  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:47:40.0859 0x1d88  NDIS - ok
11:47:40.0909 0x1d88  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:41.0009 0x1d88  NdisCap - ok
11:47:41.0049 0x1d88  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:41.0139 0x1d88  NdisTapi - ok
11:47:41.0209 0x1d88  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:41.0309 0x1d88  Ndisuio - ok
11:47:41.0369 0x1d88  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:41.0489 0x1d88  NdisWan - ok
11:47:41.0539 0x1d88  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:47:41.0709 0x1d88  NDProxy - ok
11:47:41.0809 0x1d88  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:47:41.0889 0x1d88  NetBIOS - ok
11:47:41.0959 0x1d88  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:47:42.0089 0x1d88  NetBT - ok
11:47:42.0179 0x1d88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
11:47:42.0209 0x1d88  Netlogon - ok
11:47:42.0379 0x1d88  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:47:42.0551 0x1d88  Netman - ok
11:47:42.0731 0x1d88  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:43.0307 0x1d88  NetMsmqActivator - ok
11:47:43.0347 0x1d88  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:43.0357 0x1d88  NetPipeActivator - ok
11:47:43.0489 0x1d88  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:47:43.0606 0x1d88  netprofm - ok
11:47:43.0711 0x1d88  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:43.0721 0x1d88  NetTcpActivator - ok
11:47:43.0771 0x1d88  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:43.0781 0x1d88  NetTcpPortSharing - ok
11:47:43.0913 0x1d88  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:44.0013 0x1d88  nfrd960 - ok
11:47:44.0775 0x1d88  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:47:44.0840 0x1d88  NisDrv - ok
11:47:45.0097 0x1d88  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:47:45.0157 0x1d88  NisSrv - ok
11:47:45.0287 0x1d88  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:47:45.0527 0x1d88  NlaSvc - ok
11:47:45.0587 0x1d88  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:47:45.0797 0x1d88  Npfs - ok
11:47:45.0937 0x1d88  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:47:46.0099 0x1d88  nsi - ok
11:47:46.0109 0x1d88  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:47:46.0186 0x1d88  nsiproxy - ok
11:47:46.0665 0x1d88  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:47:46.0821 0x1d88  Ntfs - ok
11:47:46.0866 0x1d88  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:47:47.0007 0x1d88  Null - ok
11:47:47.0083 0x1d88  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:47:47.0126 0x1d88  nvraid - ok
11:47:47.0158 0x1d88  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:47:47.0169 0x1d88  nvstor - ok
11:47:47.0314 0x1d88  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:47:47.0433 0x1d88  nv_agp - ok
11:47:47.0705 0x1d88  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:47:47.0796 0x1d88  odserv - ok
11:47:47.0867 0x1d88  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:47:48.0270 0x1d88  ohci1394 - ok
11:47:48.0479 0x1d88  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:47:48.0549 0x1d88  ose - ok
11:47:48.0624 0x1d88  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:47:48.0782 0x1d88  p2pimsvc - ok
11:47:48.0911 0x1d88  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:47:49.0023 0x1d88  p2psvc - ok
11:47:49.0088 0x1d88  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:47:49.0132 0x1d88  Parport - ok
11:47:49.0213 0x1d88  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:47:49.0257 0x1d88  partmgr - ok
11:47:49.0319 0x1d88  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:47:49.0370 0x1d88  PcaSvc - ok
11:47:49.0481 0x1d88  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
11:47:49.0862 0x1d88  pci - ok
11:47:49.0959 0x1d88  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:47:50.0133 0x1d88  pciide - ok
11:47:50.0303 0x1d88  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:47:50.0404 0x1d88  pcmcia - ok
11:47:50.0565 0x1d88  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:47:50.0585 0x1d88  pcw - ok
11:47:50.0667 0x1d88  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:47:50.0792 0x1d88  PEAUTH - ok
11:47:52.0164 0x1d88  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:47:52.0203 0x1d88  PerfHost - ok
11:47:52.0580 0x1d88  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
11:47:52.0739 0x1d88  pla - ok
11:47:52.0822 0x1d88  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:47:52.0952 0x1d88  PlugPlay - ok
11:47:53.0019 0x1d88  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:47:53.0132 0x1d88  PNRPAutoReg - ok
11:47:53.0166 0x1d88  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:47:53.0204 0x1d88  PNRPsvc - ok
11:47:53.0253 0x1d88  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:47:53.0330 0x1d88  PolicyAgent - ok
11:47:53.0383 0x1d88  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:47:53.0484 0x1d88  Power - ok
11:47:53.0526 0x1d88  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:47:53.0598 0x1d88  PptpMiniport - ok
11:47:53.0620 0x1d88  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:47:53.0721 0x1d88  Processor - ok
11:47:53.0789 0x1d88  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
11:47:53.0891 0x1d88  ProfSvc - ok
11:47:53.0952 0x1d88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:47:53.0984 0x1d88  ProtectedStorage - ok
11:47:54.0056 0x1d88  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:47:54.0116 0x1d88  Psched - ok
11:47:54.0173 0x1d88  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
11:47:54.0200 0x1d88  PxHlpa64 - ok
11:47:54.0350 0x1d88  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:47:54.0529 0x1d88  ql2300 - ok
11:47:54.0573 0x1d88  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:47:54.0592 0x1d88  ql40xx - ok
11:47:54.0666 0x1d88  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:47:54.0747 0x1d88  QWAVE - ok
11:47:54.0771 0x1d88  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:47:54.0811 0x1d88  QWAVEdrv - ok
11:47:54.0829 0x1d88  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:47:54.0983 0x1d88  RasAcd - ok
11:47:55.0079 0x1d88  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:47:55.0154 0x1d88  RasAgileVpn - ok
11:47:55.0204 0x1d88  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:47:55.0274 0x1d88  RasAuto - ok
11:47:55.0356 0x1d88  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:47:55.0488 0x1d88  Rasl2tp - ok
11:47:55.0590 0x1d88  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
11:47:55.0734 0x1d88  RasMan - ok
11:47:55.0814 0x1d88  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:47:55.0913 0x1d88  RasPppoe - ok
11:47:55.0988 0x1d88  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:47:56.0139 0x1d88  RasSstp - ok
11:47:56.0194 0x1d88  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:47:56.0327 0x1d88  rdbss - ok
11:47:56.0353 0x1d88  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:47:56.0812 0x1d88  rdpbus - ok
11:47:56.0882 0x1d88  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:47:56.0982 0x1d88  RDPCDD - ok
11:47:57.0012 0x1d88  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:47:57.0162 0x1d88  RDPENCDD - ok
11:47:57.0216 0x1d88  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:47:57.0345 0x1d88  RDPREFMP - ok
11:47:57.0404 0x1d88  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:47:57.0506 0x1d88  RDPWD - ok
11:47:57.0653 0x1d88  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:47:57.0691 0x1d88  rdyboost - ok
11:47:58.0012 0x1d88  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:47:58.0224 0x1d88  RemoteAccess - ok
11:47:58.0498 0x1d88  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:47:58.0680 0x1d88  RemoteRegistry - ok
11:47:58.0782 0x1d88  [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:47:59.0002 0x1d88  RimUsb - ok
11:47:59.0186 0x1d88  [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:47:59.0553 0x1d88  RimVSerPort - ok
11:47:59.0666 0x1d88  [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
11:47:59.0782 0x1d88  ROOTMODEM - ok
11:47:59.0977 0x1d88  RoxLiveShare9 - ok
11:48:00.0092 0x1d88  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:48:00.0162 0x1d88  RpcEptMapper - ok
11:48:00.0194 0x1d88  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:48:00.0224 0x1d88  RpcLocator - ok
11:48:00.0333 0x1d88  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
11:48:00.0444 0x1d88  RpcSs - ok
11:48:00.0536 0x1d88  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:48:00.0646 0x1d88  rspndr - ok
11:48:00.0670 0x1d88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
11:48:00.0775 0x1d88  SamSs - ok
11:48:00.0970 0x1d88  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:48:00.0990 0x1d88  SASDIFSV - ok
11:48:01.0030 0x1d88  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:48:01.0070 0x1d88  SASKUTIL - ok
11:48:01.0132 0x1d88  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:48:01.0152 0x1d88  sbp2port - ok
11:48:01.0182 0x1d88  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:48:01.0242 0x1d88  SCardSvr - ok
11:48:01.0282 0x1d88  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:48:01.0344 0x1d88  scfilter - ok
11:48:01.0744 0x1d88  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
11:48:01.0904 0x1d88  Schedule - ok
11:48:02.0084 0x1d88  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:48:02.0154 0x1d88  SCPolicySvc - ok
11:48:02.0924 0x1d88  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:48:02.0994 0x1d88  SDRSVC - ok
11:48:03.0064 0x1d88  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:48:03.0144 0x1d88  secdrv - ok
11:48:03.0174 0x1d88  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
11:48:03.0280 0x1d88  seclogon - ok
11:48:03.0376 0x1d88  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
11:48:03.0475 0x1d88  SENS - ok
11:48:03.0509 0x1d88  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:48:03.0619 0x1d88  SensrSvc - ok
11:48:03.0680 0x1d88  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:48:03.0740 0x1d88  Serenum - ok
11:48:03.0872 0x1d88  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:48:03.0932 0x1d88  Serial - ok
11:48:03.0952 0x1d88  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:48:04.0009 0x1d88  sermouse - ok
11:48:04.0054 0x1d88  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
11:48:04.0153 0x1d88  SessionEnv - ok
11:48:04.0203 0x1d88  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:48:04.0281 0x1d88  sffdisk - ok
11:48:04.0292 0x1d88  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:48:04.0326 0x1d88  sffp_mmc - ok
11:48:04.0366 0x1d88  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:48:05.0201 0x1d88  sffp_sd - ok
11:48:05.0342 0x1d88  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:48:05.0482 0x1d88  sfloppy - ok
11:48:06.0092 0x1d88  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:48:06.0272 0x1d88  SharedAccess - ok
11:48:06.0556 0x1d88  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:06.0712 0x1d88  ShellHWDetection - ok
11:48:07.0018 0x1d88  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:48:07.0098 0x1d88  SiSRaid2 - ok
11:48:07.0138 0x1d88  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:48:07.0178 0x1d88  SiSRaid4 - ok
11:48:07.0208 0x1d88  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:48:07.0283 0x1d88  Smb - ok
11:48:07.0350 0x1d88  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:48:07.0390 0x1d88  SNMPTRAP - ok
11:48:07.0440 0x1d88  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:48:07.0450 0x1d88  spldr - ok
11:48:07.0510 0x1d88  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
11:48:07.0580 0x1d88  Spooler - ok
11:48:08.0858 0x1d88  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
11:48:10.0140 0x1d88  sppsvc - ok
11:48:10.0424 0x1d88  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:48:11.0026 0x1d88  sppuinotify - ok
11:48:11.0498 0x1d88  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:48:12.0304 0x1d88  srv - ok
11:48:12.0384 0x1d88  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:48:12.0654 0x1d88  srv2 - ok
11:48:12.0834 0x1d88  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:48:12.0944 0x1d88  srvnet - ok
11:48:13.0144 0x1d88  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:48:13.0244 0x1d88  SSDPSRV - ok
11:48:13.0404 0x1d88  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:48:13.0524 0x1d88  SstpSvc - ok
11:48:13.0704 0x1d88  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:48:13.0874 0x1d88  stexstor - ok
11:48:14.0296 0x1d88  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
11:48:15.0448 0x1d88  stisvc - ok
11:48:15.0630 0x1d88  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:48:15.0790 0x1d88  swenum - ok
11:48:16.0510 0x1d88  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:48:16.0720 0x1d88  swprv - ok
11:48:17.0220 0x1d88  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
11:48:17.0902 0x1d88  SysMain - ok
11:48:17.0963 0x1d88  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:48:18.0584 0x1d88  TabletInputService - ok
11:48:19.0018 0x1d88  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:48:19.0206 0x1d88  TapiSrv - ok
11:48:19.0262 0x1d88  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
11:48:19.0417 0x1d88  TBS - ok
11:48:20.0274 0x1d88  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:48:20.0529 0x1d88  Tcpip - ok
11:48:21.0612 0x1d88  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:48:21.0662 0x1d88  TCPIP6 - ok
11:48:21.0972 0x1d88  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:48:22.0292 0x1d88  tcpipreg - ok
11:48:22.0486 0x1d88  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:48:23.0180 0x1d88  TDPIPE - ok
11:48:23.0290 0x1d88  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:48:23.0560 0x1d88  TDTCP - ok
11:48:23.0790 0x1d88  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:48:24.0020 0x1d88  tdx - ok
11:48:24.0191 0x1d88  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:48:24.0272 0x1d88  TermDD - ok
11:48:25.0326 0x1d88  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
11:48:25.0526 0x1d88  TermService - ok
11:48:25.0736 0x1d88  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:48:26.0306 0x1d88  Themes - ok
11:48:26.0326 0x1d88  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:48:26.0408 0x1d88  THREADORDER - ok
11:48:26.0500 0x1d88  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:48:26.0635 0x1d88  TrkWks - ok
11:48:26.0862 0x1d88  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:48:27.0024 0x1d88  TrustedInstaller - ok
11:48:27.0134 0x1d88  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:27.0234 0x1d88  tssecsrv - ok
11:48:27.0364 0x1d88  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:48:27.0474 0x1d88  TsUsbFlt - ok
11:48:27.0634 0x1d88  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:48:27.0818 0x1d88  tunnel - ok
11:48:28.0018 0x1d88  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:48:28.0098 0x1d88  uagp35 - ok
11:48:28.0450 0x1d88  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:48:28.0586 0x1d88  udfs - ok
11:48:28.0642 0x1d88  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:48:28.0762 0x1d88  UI0Detect - ok
11:48:29.0074 0x1d88  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:48:29.0124 0x1d88  uliagpkx - ok
11:48:29.0444 0x1d88  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
11:48:30.0144 0x1d88  umbus - ok
11:48:31.0094 0x1d88  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:48:31.0474 0x1d88  UmPass - ok
11:48:31.0816 0x1d88  [ 927754ABF077AEB5504BE4E0F2C60C1B, 14DBDB8DAD85432D310C4F3DDF99C07AA5E23DC3D92280CB8B9ECC7456B9F6E1 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:48:32.0146 0x1d88  UMVPFSrv - ok
11:48:32.0556 0x1d88  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:48:32.0698 0x1d88  upnphost - ok
11:48:32.0928 0x1d88  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:48:33.0028 0x1d88  usbaudio - ok
11:48:33.0101 0x1d88  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:33.0370 0x1d88  usbccgp - ok
11:48:33.0472 0x1d88  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:48:33.0804 0x1d88  usbcir - ok
11:48:33.0864 0x1d88  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:48:34.0116 0x1d88  usbehci - ok
11:48:34.0398 0x1d88  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:48:34.0508 0x1d88  usbhub - ok
11:48:34.0578 0x1d88  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:48:34.0760 0x1d88  usbohci - ok
11:48:35.0080 0x1d88  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:48:37.0910 0x1d88  usbprint - ok
11:48:38.0632 0x1d88  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:48:38.0997 0x1d88  USBSTOR - ok
11:48:39.0192 0x1d88  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:48:39.0586 0x1d88  usbuhci - ok
11:48:40.0070 0x1d88  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:48:40.0340 0x1d88  usbvideo - ok
11:48:40.0520 0x1d88  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:48:40.0660 0x1d88  UxSms - ok
11:48:40.0700 0x1d88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
11:48:40.0780 0x1d88  VaultSvc - ok
11:48:40.0832 0x1d88  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:48:41.0042 0x1d88  vdrvroot - ok
11:48:41.0292 0x1d88  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
11:48:41.0452 0x1d88  vds - ok
11:48:41.0502 0x1d88  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:41.0582 0x1d88  vga - ok
11:48:41.0772 0x1d88  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:48:41.0884 0x1d88  VgaSave - ok
11:48:42.0034 0x1d88  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:48:42.0154 0x1d88  vhdmp - ok
11:48:42.0314 0x1d88  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:48:42.0414 0x1d88  viaide - ok
11:48:42.0604 0x1d88  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:48:42.0794 0x1d88  volmgr - ok
11:48:43.0174 0x1d88  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:48:43.0394 0x1d88  volmgrx - ok
11:48:43.0584 0x1d88  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:48:43.0784 0x1d88  volsnap - ok
11:48:44.0464 0x1d88  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:48:44.0594 0x1d88  vsmraid - ok
11:48:45.0444 0x1d88  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
11:48:45.0774 0x1d88  VSS - ok
11:48:45.0864 0x1d88  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:48:46.0654 0x1d88  vwifibus - ok
11:48:46.0804 0x1d88  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:48:46.0904 0x1d88  W32Time - ok
11:48:46.0954 0x1d88  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:48:47.0134 0x1d88  WacomPen - ok
11:48:47.0364 0x1d88  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:48:47.0474 0x1d88  WANARP - ok
11:48:47.0564 0x1d88  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:48:47.0594 0x1d88  Wanarpv6 - ok
11:48:47.0864 0x1d88  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:48:48.0014 0x1d88  WatAdminSvc - ok
11:48:48.0244 0x1d88  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
11:48:48.0514 0x1d88  wbengine - ok
11:48:48.0614 0x1d88  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:48:48.0674 0x1d88  WbioSrvc - ok
11:48:48.0694 0x1d88  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:48:48.0794 0x1d88  wcncsvc - ok
11:48:48.0864 0x1d88  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:48:49.0064 0x1d88  WcsPlugInService - ok
11:48:49.0104 0x1d88  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:48:49.0154 0x1d88  Wd - ok
11:48:49.0414 0x1d88  [ 96C4C98FE4866C16FC64E4578A0AA975, 978942885AE949BC131E991B8FB6C773FA4F925E5CF5EC653F3E1ED8CCB8886F ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
11:48:55.0604 0x1d88  WDBackup - ok
11:48:55.0906 0x1d88  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
11:48:56.0176 0x1d88  WDC_SAM - ok
11:48:56.0903 0x1d88  [ 80F8944EA183004D6EDCBBDCEC166404, AA89D6A49AB0B0E049485977E36E54A06AB1BC7D92DD3924AA8A12C5005BF5F6 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
11:48:59.0904 0x1d88  WDDriveService - ok
11:49:00.0154 0x1d88  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:49:00.0225 0x1d88  Wdf01000 - ok
11:49:00.0338 0x1d88  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:49:01.0140 0x1d88  WdiServiceHost - ok
11:49:01.0150 0x1d88  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:49:01.0180 0x1d88  WdiSystemHost - ok
11:49:01.0382 0x1d88  [ FD2D1C60CDBDFAB63EF182539D8FFC2D, 6774CACC3EAC8764E860C2AABD6F3843AD2C8E6E8D4943B3785E8C7A85FAB1E0 ] WDRulesService  C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
11:49:01.0485 0x1d88  WDRulesService - ok
11:49:01.0544 0x1d88  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
11:49:01.0604 0x1d88  WebClient - ok
11:49:01.0684 0x1d88  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:49:01.0774 0x1d88  Wecsvc - ok
11:49:01.0826 0x1d88  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:49:01.0906 0x1d88  wercplsupport - ok
11:49:01.0946 0x1d88  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:49:01.0996 0x1d88  WerSvc - ok
11:49:02.0046 0x1d88  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:02.0086 0x1d88  WfpLwf - ok
11:49:02.0136 0x1d88  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
11:49:02.0146 0x1d88  WimFltr - ok
11:49:02.0186 0x1d88  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:49:02.0196 0x1d88  WIMMount - ok
11:49:02.0446 0x1d88  WinDefend - ok
11:49:02.0548 0x1d88  WinHttpAutoProxySvc - ok
11:49:02.0648 0x1d88  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:49:02.0708 0x1d88  Winmgmt - ok
11:49:03.0068 0x1d88  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:49:03.0198 0x1d88  WinRM - ok
11:49:03.0308 0x1d88  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:03.0398 0x1d88  WinUsb - ok
11:49:03.0438 0x1d88  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:49:03.0528 0x1d88  Wlansvc - ok
11:49:03.0558 0x1d88  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:49:03.0578 0x1d88  WmiAcpi - ok
11:49:03.0598 0x1d88  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:49:03.0638 0x1d88  wmiApSrv - ok
11:49:03.0678 0x1d88  WMPNetworkSvc - ok
11:49:03.0688 0x1d88  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:49:03.0770 0x1d88  WPCSvc - ok
11:49:03.0800 0x1d88  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:49:03.0880 0x1d88  WPDBusEnum - ok
11:49:03.0900 0x1d88  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:49:03.0950 0x1d88  ws2ifsl - ok
11:49:04.0042 0x1d88  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
11:49:04.0082 0x1d88  wscsvc - ok
11:49:04.0082 0x1d88  WSearch - ok
11:49:04.0842 0x1d88  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:49:04.0992 0x1d88  wuauserv - ok
11:49:05.0022 0x1d88  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:49:05.0142 0x1d88  WudfPf - ok
11:49:05.0242 0x1d88  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:05.0312 0x1d88  WUDFRd - ok
11:49:05.0342 0x1d88  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:49:05.0502 0x1d88  wudfsvc - ok
11:49:05.0522 0x1d88  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:49:05.0612 0x1d88  WwanSvc - ok
11:49:05.0642 0x1d88  ================ Scan global ===============================
11:49:05.0672 0x1d88  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:49:05.0784 0x1d88  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:49:05.0824 0x1d88  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:49:05.0864 0x1d88  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:49:05.0984 0x1d88  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:49:06.0044 0x1d88  [ Global ] - ok
11:49:06.0044 0x1d88  ================ Scan MBR ==================================
11:49:06.0084 0x1d88  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
11:49:08.0084 0x1d88  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
11:49:08.0084 0x1d88  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:49:08.0084 0x1d88  ================ Scan VBR ==================================
11:49:08.0124 0x1d88  [ 3A8B486BD42E92BB17BCF65977401097 ] \Device\Harddisk0\DR0\Partition1
11:49:08.0264 0x1d88  \Device\Harddisk0\DR0\Partition1 - ok
11:49:08.0314 0x1d88  [ 6140CE09BD45F7F1FE7FAA462F30ED45 ] \Device\Harddisk0\DR0\Partition2
11:49:08.0574 0x1d88  \Device\Harddisk0\DR0\Partition2 - ok
11:49:12.0810 0x1d88  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
11:49:13.0110 0x1d88  Win FW state via NFP2: enabled
11:49:13.0110 0x1d88  ============================================================
11:49:13.0110 0x1d88  Scan finished
11:49:13.0110 0x1d88  ============================================================
11:49:13.0110 0x1198  Detected object count: 3
11:49:13.0110 0x1198  Actual detected object count: 3
11:51:24.0411 0x1198  Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:24.0411 0x1198  Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:24.0411 0x1198  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:24.0411 0x1198  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:24.0411 0x1198  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:51:24.0411 0x1198  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-21 11:55:35
-----------------------------
11:55:35.871    OS Version: Windows x64 6.1.7601 Service Pack 1
11:55:35.871    Number of processors: 4 586 0x2505
11:55:35.872    ComputerName: BOB-PC  UserName: Bob
11:55:45.664    Initialize success
11:56:08.857    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:56:08.859    Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
11:56:08.991    Disk 0 MBR read successfully
11:56:08.993    Disk 0 MBR scan
11:56:08.995    Disk 0 Windows VISTA default MBR code
11:56:09.018    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
11:56:09.036    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        11142 MB offset 81920
11:56:09.053    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       942686 MB offset 22900736
11:56:09.140    Disk 0 scanning C:\Windows\system32\drivers
11:56:36.969    Service scanning
11:57:00.297    Modules scanning
11:57:00.306    Disk 0 trace - called modules:
11:57:00.355    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 
11:57:00.359    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b1b060]
11:57:00.705    3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80048e8930]
11:57:00.710    5 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048f1060]
11:57:00.715    Scan finished successfully
11:58:14.616    Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
11:58:14.868    The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Bob (administrator) on BOB-PC on 21-02-2014 12:08:10
Running from C:\Users\Bob\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Kaspersky Lab ZAO) C:\Users\Bob\AppData\Local\Temp\Temp1_tdsskiller (1).zip\TDSSKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Google\Update\Install\{1F9B8828-CBE7-43E7-821E-8B8452E72275}\33.0.1750.117_32.0.1700.107_chrome_updater.exe
(Google Inc.) C:\Windows\TEMP\CR_0BCB2.tmp\setup.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-10-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...\Run: [MDworks] - regsvr32.exe C:\Users\Bob\AppData\Local\MDworks\CUDART32_32_7.DLL <===== ATTENTION
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {19161FA3-F67E-4B64-B973-302A79F40646} URL = 
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 167.206.251.129
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 BackupService; C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
S4 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\C:\Users\Bob\AppData\Local\Temp\aswMBR.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-21 12:08 - 2014-02-21 12:13 - 00011893 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-02-21 12:05 - 2014-02-21 12:08 - 00000000 ____D () C:\FRST
2014-02-21 12:03 - 2014-02-21 12:02 - 02153984 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 02153984 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 00013674 _____ () C:\Users\Bob\Desktop\TDSSKiller.3.0.0.23_21.02.2014_11.44.02_log - Shortcut.lnk
2014-02-21 12:01 - 2014-02-21 12:01 - 02117706 _____ () C:\Users\Bob\Desktop\aswMBR.zip
2014-02-21 12:00 - 2014-02-21 11:54 - 04745728 _____ (AVAST Software) C:\Users\Bob\Desktop\aswMBR.exe
2014-02-21 11:58 - 2014-02-21 11:58 - 00001704 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-02-21 11:54 - 2014-02-21 11:54 - 04745728 _____ (AVAST Software) C:\Users\Bob\Downloads\aswMBR.exe
2014-02-21 11:44 - 2014-02-21 11:44 - 00233056 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\87606145.sys
2014-02-21 11:41 - 2014-02-21 11:42 - 04102163 _____ () C:\Users\Bob\Downloads\tdsskiller (1).zip
2014-02-21 11:26 - 2014-02-21 11:27 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (4).exe
2014-02-18 13:20 - 2014-02-18 13:21 - 00012469 _____ () C:\Users\Bob\Desktop\dds.txt
2014-02-18 13:20 - 2014-02-18 13:21 - 00008763 _____ () C:\Users\Bob\Desktop\attach.txt
2014-02-18 13:11 - 2014-02-18 13:12 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-02-18 12:40 - 2014-02-18 12:41 - 01241834 _____ () C:\Users\Bob\Downloads\adwcleaner (3).exe
2014-02-18 12:13 - 2014-02-18 12:15 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (3).exe
2014-02-18 11:38 - 2014-02-18 11:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\rkill.exe
2014-02-18 11:31 - 2014-02-18 11:33 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner (1).exe
2014-02-18 11:24 - 2014-02-18 14:16 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-02-18 11:23 - 2014-02-18 12:43 - 00000000 ____D () C:\AdwCleaner
2014-02-18 11:22 - 2014-02-18 11:22 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner.exe
2014-02-18 11:13 - 2014-02-18 11:13 - 03813376 _____ () C:\Users\Bob\Downloads\RogueKiller.exe
2014-02-13 03:00 - 2014-02-05 05:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-05 05:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-05 05:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-05 04:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-05 04:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-05 04:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-05 04:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 03:00 - 2014-02-05 04:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-05 04:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-05 04:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-05 04:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 03:00 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-13 03:00 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 08:27 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:27 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:27 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:27 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:27 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:27 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:27 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:27 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 23:37 - 2014-02-21 11:44 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Desktop\TDSSKiller.exe
2014-02-06 14:03 - 2014-02-12 08:41 - 00000000 ____D () C:\Users\Bob\Documents\SLTM 2014
2014-02-06 02:04 - 2014-02-06 02:04 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online-NFA
2014-02-06 02:03 - 2014-02-06 02:04 - 00001426 _____ () C:\Users\Bob\Downloads\cgoban-nfa.jnlp
2014-02-02 06:17 - 2014-02-02 06:17 - 00413312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 06:17 - 2014-02-02 06:17 - 00108840 _____ () C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 01:00 - 2014-02-21 11:14 - 00001580 _____ () C:\Windows\setupact.log
2014-02-02 01:00 - 2014-02-02 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 17:37 - 2014-02-01 17:41 - 00000000 ____D () C:\Users\Bob\Documents\Research Tools
2014-02-01 16:17 - 2014-02-01 16:17 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 16:16 - 2014-02-01 16:16 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup.exe
2014-02-01 15:13 - 2014-02-01 15:13 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-01 15:12 - 2014-02-01 15:13 - 17929896 _____ (SUPERAntiSpyware) C:\Users\Bob\Downloads\SUPERAntiSpyware.exe
2014-02-01 15:04 - 2014-02-01 15:05 - 05179159 _____ (Swearware) C:\Users\Bob\Downloads\ComboFix (1).exe
2014-02-01 14:49 - 2014-02-01 14:49 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (2).exe
2014-02-01 14:48 - 2014-02-01 14:48 - 02218636 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-01-30 20:47 - 2014-02-21 11:50 - 01482422 _____ () C:\Windows\WindowsUpdate.log
2014-01-30 20:24 - 2014-01-30 20:24 - 00009680 _____ () C:\Windows\system32\cc_20140130_202402.reg
2014-01-29 15:59 - 2014-02-02 15:16 - 00000000 ____D () C:\Users\Bob\Documents\Castle Hill
2014-01-26 22:31 - 2014-01-26 22:31 - 00173096 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bob\Downloads\GoToAssistStarter (1).exe
2014-01-26 11:50 - 2014-02-18 16:00 - 00000000 ____D () C:\Users\Bob\Documents\CTCEF
2014-01-25 17:41 - 2014-01-25 17:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard
2014-01-25 17:31 - 2014-01-25 17:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-25 17:29 - 2014-02-13 22:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Battle.net
2014-01-25 17:29 - 2014-01-25 17:31 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Battle.net
2014-01-25 17:29 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard Entertainment
2014-01-25 17:28 - 2014-02-13 20:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-25 17:28 - 2014-01-25 17:29 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-01-25 17:27 - 2014-01-25 17:27 - 00000000 ____D () C:\ProgramData\Battle.net
2014-01-25 17:26 - 2014-01-25 17:27 - 05971136 _____ (Blizzard Entertainment) C:\Users\Bob\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-01-22 21:41 - 2014-01-22 21:41 - 00056832 _____ () C:\Users\Bob\Downloads\Monthly Report to CAEL From LAPA Fundraising of Recent Accomplishments (1).msg
2014-01-22 21:39 - 2014-01-22 21:39 - 00237056 _____ () C:\Users\Bob\Downloads\CAEL Competitors--Individual Donors Information.msg
2014-01-22 21:38 - 2014-01-22 21:38 - 00148992 _____ () C:\Users\Bob\Downloads\next batch of Call Reports from Interviews (1).msg
 
==================== One Month Modified Files and Folders =======
 
2014-02-21 12:14 - 2013-08-04 14:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 12:13 - 2014-02-21 12:08 - 00011893 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-02-21 12:08 - 2014-02-21 12:05 - 00000000 ____D () C:\FRST
2014-02-21 12:02 - 2014-02-21 12:03 - 02153984 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 02153984 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 00013674 _____ () C:\Users\Bob\Desktop\TDSSKiller.3.0.0.23_21.02.2014_11.44.02_log - Shortcut.lnk
2014-02-21 12:01 - 2014-02-21 12:01 - 02117706 _____ () C:\Users\Bob\Desktop\aswMBR.zip
2014-02-21 11:58 - 2014-02-21 11:58 - 00001704 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-02-21 11:54 - 2014-02-21 12:00 - 04745728 _____ (AVAST Software) C:\Users\Bob\Desktop\aswMBR.exe
2014-02-21 11:54 - 2014-02-21 11:54 - 04745728 _____ (AVAST Software) C:\Users\Bob\Downloads\aswMBR.exe
2014-02-21 11:51 - 2013-11-16 16:35 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 11:50 - 2014-01-30 20:47 - 01482422 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 11:44 - 2014-02-21 11:44 - 00233056 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\87606145.sys
2014-02-21 11:44 - 2014-02-10 23:37 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Desktop\TDSSKiller.exe
2014-02-21 11:42 - 2014-02-21 11:41 - 04102163 _____ () C:\Users\Bob\Downloads\tdsskiller (1).zip
2014-02-21 11:33 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 11:33 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 11:27 - 2014-02-21 11:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (4).exe
2014-02-21 11:17 - 2013-11-16 16:35 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 11:14 - 2014-02-02 01:00 - 00001580 _____ () C:\Windows\setupact.log
2014-02-21 11:14 - 2012-11-08 20:59 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-02-21 11:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 17:10 - 2012-01-27 13:47 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Skype
2014-02-18 16:44 - 2013-03-28 07:08 - 00000000 ____D () C:\Users\Bob\Documents\'r Kids
2014-02-18 16:00 - 2014-01-26 11:50 - 00000000 ____D () C:\Users\Bob\Documents\CTCEF
2014-02-18 14:16 - 2014-02-18 11:24 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-02-18 13:38 - 2011-11-25 17:18 - 00141526 _____ () C:\Users\Bob\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-02-18 13:38 - 2011-11-25 17:18 - 00140205 _____ () C:\Users\Bob\AppData\Roaming\Rim.Desktop.Exception.log
2014-02-18 13:21 - 2014-02-18 13:20 - 00012469 _____ () C:\Users\Bob\Desktop\dds.txt
2014-02-18 13:21 - 2014-02-18 13:20 - 00008763 _____ () C:\Users\Bob\Desktop\attach.txt
2014-02-18 13:12 - 2014-02-18 13:11 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-02-18 12:43 - 2014-02-18 11:23 - 00000000 ____D () C:\AdwCleaner
2014-02-18 12:41 - 2014-02-18 12:40 - 01241834 _____ () C:\Users\Bob\Downloads\adwcleaner (3).exe
2014-02-18 12:15 - 2014-02-18 12:13 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (3).exe
2014-02-18 11:39 - 2014-02-18 11:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\rkill.exe
2014-02-18 11:33 - 2014-02-18 11:31 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner (1).exe
2014-02-18 11:26 - 2009-07-14 00:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 11:22 - 2014-02-18 11:22 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner.exe
2014-02-18 11:13 - 2014-02-18 11:13 - 03813376 _____ () C:\Users\Bob\Downloads\RogueKiller.exe
2014-02-16 07:06 - 2009-07-14 00:13 - 00782902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 17:53 - 2013-09-09 12:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\PMB Files
2014-02-15 17:53 - 2013-09-09 12:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-15 16:28 - 2013-09-17 16:52 - 00000000 ____D () C:\Users\Bob\Desktop\Andrew's NEW stuff
2014-02-15 13:24 - 2013-05-21 15:18 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-02-15 13:24 - 2012-11-08 20:59 - 00054917 _____ () C:\Windows\system32\lvcoinst.log
2014-02-15 02:35 - 2013-07-15 22:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 02:33 - 2011-05-23 18:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 22:29 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Battle.net
2014-02-13 20:22 - 2014-01-25 17:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-13 15:46 - 2013-11-16 16:35 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 15:46 - 2013-11-16 16:35 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 03:09 - 2011-08-02 01:50 - 00776626 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 08:41 - 2014-02-06 14:03 - 00000000 ____D () C:\Users\Bob\Documents\SLTM 2014
2014-02-11 13:54 - 2013-10-23 08:09 - 00000000 ____D () C:\Users\Bob\Documents\Leila Day
2014-02-08 15:09 - 2011-05-23 21:10 - 00000000 ____D () C:\Users\Bob\Desktop\Photos
2014-02-06 13:52 - 2012-09-07 11:34 - 00000000 ____D () C:\Users\Bob\Documents\Women and Family Life
2014-02-06 02:04 - 2014-02-06 02:04 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online-NFA
2014-02-06 02:04 - 2014-02-06 02:03 - 00001426 _____ () C:\Users\Bob\Downloads\cgoban-nfa.jnlp
2014-02-05 05:19 - 2014-02-13 03:00 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 05:02 - 2014-02-13 03:00 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 05:00 - 2014-02-13 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 04:54 - 2014-02-13 03:00 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 04:54 - 2014-02-13 03:00 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 04:52 - 2014-02-13 03:00 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 04:52 - 2014-02-13 03:00 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 04:52 - 2014-02-13 03:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 04:50 - 2014-02-13 03:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 04:50 - 2014-02-13 03:00 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 04:50 - 2014-02-13 03:00 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:58 - 2014-02-13 03:00 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 03:56 - 2014-02-13 03:00 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 03:53 - 2014-02-13 03:00 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 03:51 - 2014-02-13 03:00 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 03:50 - 2014-02-13 03:00 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 03:49 - 2014-02-13 03:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 03:49 - 2014-02-13 03:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 03:48 - 2014-02-13 03:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 03:47 - 2014-02-13 03:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 03:47 - 2014-02-13 03:00 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 03:47 - 2014-02-13 03:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 03:46 - 2014-02-13 03:00 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-03 18:47 - 2013-11-16 16:35 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 15:16 - 2014-01-29 15:59 - 00000000 ____D () C:\Users\Bob\Documents\Castle Hill
2014-02-02 06:17 - 2014-02-02 06:17 - 00413312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 06:17 - 2014-02-02 06:17 - 00108840 _____ () C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 01:00 - 2014-02-02 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 17:41 - 2014-02-01 17:37 - 00000000 ____D () C:\Users\Bob\Documents\Research Tools
2014-02-01 17:10 - 2013-12-25 13:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\MDworks
2014-02-01 16:17 - 2014-02-01 16:17 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 16:17 - 2013-07-30 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 16:16 - 2014-02-01 16:16 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup.exe
2014-02-01 15:13 - 2014-02-01 15:13 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-01 15:13 - 2014-02-01 15:12 - 17929896 _____ (SUPERAntiSpyware) C:\Users\Bob\Downloads\SUPERAntiSpyware.exe
2014-02-01 15:05 - 2014-02-01 15:04 - 05179159 _____ (Swearware) C:\Users\Bob\Downloads\ComboFix (1).exe
2014-02-01 14:49 - 2014-02-01 14:49 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (2).exe
2014-02-01 14:48 - 2014-02-01 14:48 - 02218636 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-01-30 20:24 - 2014-01-30 20:24 - 00009680 _____ () C:\Windows\system32\cc_20140130_202402.reg
2014-01-30 20:22 - 2011-10-28 07:46 - 00000000 ____D () C:\Windows\Minidump
2014-01-30 01:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-30 00:59 - 2011-05-23 17:56 - 00000000 ____D () C:\Users\Bob
2014-01-26 22:31 - 2014-01-26 22:31 - 00173096 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bob\Downloads\GoToAssistStarter (1).exe
2014-01-25 17:41 - 2014-01-25 17:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard
2014-01-25 17:41 - 2014-01-25 17:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-25 17:31 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Battle.net
2014-01-25 17:29 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard Entertainment
2014-01-25 17:29 - 2014-01-25 17:28 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-01-25 17:27 - 2014-01-25 17:27 - 00000000 ____D () C:\ProgramData\Battle.net
2014-01-25 17:27 - 2014-01-25 17:26 - 05971136 _____ (Blizzard Entertainment) C:\Users\Bob\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-01-24 16:27 - 2013-12-14 12:15 - 00000000 ____D () C:\Users\Bob\Documents\HHYEP
2014-01-22 21:41 - 2014-01-22 21:41 - 00056832 _____ () C:\Users\Bob\Downloads\Monthly Report to CAEL From LAPA Fundraising of Recent Accomplishments (1).msg
2014-01-22 21:39 - 2014-01-22 21:39 - 00237056 _____ () C:\Users\Bob\Downloads\CAEL Competitors--Individual Donors Information.msg
2014-01-22 21:38 - 2014-01-22 21:38 - 00148992 _____ () C:\Users\Bob\Downloads\next batch of Call Reports from Interviews (1).msg
 
Alureon:
C:\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll
 
Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 12:15
 
==================== End Of Log ============================
 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 AM

Posted 21 February 2014 - 01:52 PM

Please run the TDSSKiller once more and fix these items.

11:51:24.0411 0x1198 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:51:24.0411 0x1198 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Restart the computer normally.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start


(Google Inc.) C:\Windows\TEMP\CR_0BCB2.tmp\setup.exe
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...\Run: [MDworks] - regsvr32.exe C:\Users\Bob\AppData\Local\MDworks\CUDART32_32_7.DLL <===== ATTENTION
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {19161FA3-F67E-4B64-B973-302A79F40646} URL =
C:\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

=================


p.s. If you wish to remove these startup items copy them before the end command in the quoted box.
Then save is as requested.


Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)


Restart the computer normally again.
Please post a fresh FRST log. Let me know what problem persists.

#6 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 21 February 2014 - 03:01 PM

k, here is the log from the FRST fix

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014
Ran by Bob at 2014-02-21 14:59:37 Run:1
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
 
(Google Inc.) C:\Windows\TEMP\CR_0BCB2.tmp\setup.exe
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...\Run: [MDworks] - regsvr32.exe C:\Users\Bob\AppData\Local\MDworks\CUDART32_32_7.DLL <===== ATTENTION
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {19161FA3-F67E-4B64-B973-302A79F40646} URL =
C:\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
end
*****************
 
C:\Windows\TEMP\CR_0BCB2.tmp\setup.exe => No running process found
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MDworks => Value deleted successfully.
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19161FA3-F67E-4B64-B973-302A79F40646} => Key deleted successfully.
HKCR\CLSID\{19161FA3-F67E-4B64-B973-302A79F40646} => Key not found.
C:\Users\Bob\AppData\Local\Temp\sqepeel\sprttdi\wow.dll => Moved successfully.
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk => Moved successfully.
C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe => Moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
 
==== End of Fixlog ====


#7 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 21 February 2014 - 03:10 PM

Here is the frst scan after the restart. I am no longer getting the reg32 error but the cpu is till unstable. Its not spiking as high as it was before but it still fluctuates sometimes jumping to around 15 percent when the computer is idle.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Bob (administrator) on BOB-PC on 21-02-2014 15:06:18
Running from C:\Users\Bob\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-10-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3264511361-3993067736-179394885-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 167.206.251.129
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 BackupService; C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
S4 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-21 12:17 - 2014-02-21 12:31 - 00023316 _____ () C:\Users\Bob\Desktop\Addition.txt
2014-02-21 12:08 - 2014-02-21 15:06 - 00008479 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-02-21 12:05 - 2014-02-21 15:06 - 00000000 ____D () C:\FRST
2014-02-21 12:03 - 2014-02-21 12:02 - 02153984 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 02153984 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 00013674 _____ () C:\Users\Bob\Desktop\TDSSKiller.3.0.0.23_21.02.2014_11.44.02_log - Shortcut.lnk
2014-02-21 12:01 - 2014-02-21 12:01 - 02117706 _____ () C:\Users\Bob\Desktop\aswMBR.zip
2014-02-21 12:00 - 2014-02-21 11:54 - 04745728 _____ (AVAST Software) C:\Users\Bob\Desktop\aswMBR.exe
2014-02-21 11:58 - 2014-02-21 11:58 - 00001704 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-02-21 11:54 - 2014-02-21 11:54 - 04745728 _____ (AVAST Software) C:\Users\Bob\Downloads\aswMBR.exe
2014-02-21 11:41 - 2014-02-21 11:42 - 04102163 _____ () C:\Users\Bob\Downloads\tdsskiller (1).zip
2014-02-21 11:26 - 2014-02-21 11:27 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (4).exe
2014-02-18 13:20 - 2014-02-18 13:21 - 00012469 _____ () C:\Users\Bob\Desktop\dds.txt
2014-02-18 13:20 - 2014-02-18 13:21 - 00008763 _____ () C:\Users\Bob\Desktop\attach.txt
2014-02-18 13:11 - 2014-02-18 13:12 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-02-18 12:40 - 2014-02-18 12:41 - 01241834 _____ () C:\Users\Bob\Downloads\adwcleaner (3).exe
2014-02-18 12:13 - 2014-02-18 12:15 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (3).exe
2014-02-18 11:38 - 2014-02-18 11:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\rkill.exe
2014-02-18 11:31 - 2014-02-18 11:33 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner (1).exe
2014-02-18 11:24 - 2014-02-18 14:16 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-02-18 11:23 - 2014-02-18 12:43 - 00000000 ____D () C:\AdwCleaner
2014-02-18 11:22 - 2014-02-18 11:22 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner.exe
2014-02-18 11:13 - 2014-02-18 11:13 - 03813376 _____ () C:\Users\Bob\Downloads\RogueKiller.exe
2014-02-13 03:00 - 2014-02-05 05:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-05 05:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-05 05:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-05 04:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-05 04:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-05 04:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-05 04:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 03:00 - 2014-02-05 04:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:00 - 2014-02-05 04:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-05 04:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-05 04:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-05 04:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 03:00 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-13 03:00 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 08:27 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:27 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:27 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:27 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:27 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:27 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:27 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:27 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 23:37 - 2014-02-21 11:44 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Desktop\TDSSKiller.exe
2014-02-06 14:03 - 2014-02-12 08:41 - 00000000 ____D () C:\Users\Bob\Documents\SLTM 2014
2014-02-06 02:04 - 2014-02-06 02:04 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online-NFA
2014-02-06 02:03 - 2014-02-06 02:04 - 00001426 _____ () C:\Users\Bob\Downloads\cgoban-nfa.jnlp
2014-02-02 06:17 - 2014-02-02 06:17 - 00413312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 06:17 - 2014-02-02 06:17 - 00108840 _____ () C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 01:00 - 2014-02-21 15:04 - 00001782 _____ () C:\Windows\setupact.log
2014-02-02 01:00 - 2014-02-02 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 17:37 - 2014-02-01 17:41 - 00000000 ____D () C:\Users\Bob\Documents\Research Tools
2014-02-01 16:17 - 2014-02-01 16:17 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 16:16 - 2014-02-01 16:16 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup.exe
2014-02-01 15:13 - 2014-02-01 15:13 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-01 15:12 - 2014-02-01 15:13 - 17929896 _____ (SUPERAntiSpyware) C:\Users\Bob\Downloads\SUPERAntiSpyware.exe
2014-02-01 15:04 - 2014-02-01 15:05 - 05179159 _____ (Swearware) C:\Users\Bob\Downloads\ComboFix (1).exe
2014-02-01 14:49 - 2014-02-01 14:49 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (2).exe
2014-02-01 14:48 - 2014-02-01 14:48 - 02218636 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-01-30 20:47 - 2014-02-21 15:03 - 01543410 _____ () C:\Windows\WindowsUpdate.log
2014-01-30 20:24 - 2014-01-30 20:24 - 00009680 _____ () C:\Windows\system32\cc_20140130_202402.reg
2014-01-29 15:59 - 2014-02-02 15:16 - 00000000 ____D () C:\Users\Bob\Documents\Castle Hill
2014-01-26 22:31 - 2014-01-26 22:31 - 00173096 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bob\Downloads\GoToAssistStarter (1).exe
2014-01-26 11:50 - 2014-02-18 16:00 - 00000000 ____D () C:\Users\Bob\Documents\CTCEF
2014-01-25 17:41 - 2014-01-25 17:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard
2014-01-25 17:31 - 2014-01-25 17:41 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-25 17:29 - 2014-02-13 22:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Battle.net
2014-01-25 17:29 - 2014-01-25 17:31 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Battle.net
2014-01-25 17:29 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard Entertainment
2014-01-25 17:28 - 2014-02-13 20:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-25 17:28 - 2014-01-25 17:29 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-01-25 17:27 - 2014-01-25 17:27 - 00000000 ____D () C:\ProgramData\Battle.net
2014-01-25 17:26 - 2014-01-25 17:27 - 05971136 _____ (Blizzard Entertainment) C:\Users\Bob\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-01-22 21:41 - 2014-01-22 21:41 - 00056832 _____ () C:\Users\Bob\Downloads\Monthly Report to CAEL From LAPA Fundraising of Recent Accomplishments (1).msg
2014-01-22 21:39 - 2014-01-22 21:39 - 00237056 _____ () C:\Users\Bob\Downloads\CAEL Competitors--Individual Donors Information.msg
2014-01-22 21:38 - 2014-01-22 21:38 - 00148992 _____ () C:\Users\Bob\Downloads\next batch of Call Reports from Interviews (1).msg
 
==================== One Month Modified Files and Folders =======
 
2014-02-21 15:06 - 2014-02-21 12:08 - 00008479 _____ () C:\Users\Bob\Desktop\FRST.txt
2014-02-21 15:06 - 2014-02-21 12:05 - 00000000 ____D () C:\FRST
2014-02-21 15:04 - 2014-02-02 01:00 - 00001782 _____ () C:\Windows\setupact.log
2014-02-21 15:04 - 2013-11-16 16:35 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 15:04 - 2012-11-08 20:59 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-02-21 15:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 15:03 - 2014-01-30 20:47 - 01543410 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 15:03 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 15:03 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 14:59 - 2013-11-03 09:08 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 14:59 - 2011-12-07 19:12 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\HP SimpleSave Application
2014-02-21 14:59 - 2011-05-23 17:56 - 00000000 ___RD () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 14:59 - 2011-04-13 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 14:59 - 2011-04-13 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 14:59 - 2011-04-13 22:47 - 00000000 ____D () C:\ProgramData\Best Buy pc app
2014-02-21 14:51 - 2013-11-16 16:35 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 14:36 - 2013-12-25 15:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-21 12:41 - 2013-11-16 16:35 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 12:31 - 2014-02-21 12:17 - 00023316 _____ () C:\Users\Bob\Desktop\Addition.txt
2014-02-21 12:14 - 2013-08-04 14:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 12:02 - 2014-02-21 12:03 - 02153984 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 02153984 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2014-02-21 12:02 - 2014-02-21 12:02 - 00013674 _____ () C:\Users\Bob\Desktop\TDSSKiller.3.0.0.23_21.02.2014_11.44.02_log - Shortcut.lnk
2014-02-21 12:01 - 2014-02-21 12:01 - 02117706 _____ () C:\Users\Bob\Desktop\aswMBR.zip
2014-02-21 11:58 - 2014-02-21 11:58 - 00001704 _____ () C:\Users\Bob\Desktop\aswMBR.txt
2014-02-21 11:54 - 2014-02-21 12:00 - 04745728 _____ (AVAST Software) C:\Users\Bob\Desktop\aswMBR.exe
2014-02-21 11:54 - 2014-02-21 11:54 - 04745728 _____ (AVAST Software) C:\Users\Bob\Downloads\aswMBR.exe
2014-02-21 11:44 - 2014-02-10 23:37 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Desktop\TDSSKiller.exe
2014-02-21 11:42 - 2014-02-21 11:41 - 04102163 _____ () C:\Users\Bob\Downloads\tdsskiller (1).zip
2014-02-21 11:27 - 2014-02-21 11:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (4).exe
2014-02-18 17:10 - 2012-01-27 13:47 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Skype
2014-02-18 16:44 - 2013-03-28 07:08 - 00000000 ____D () C:\Users\Bob\Documents\'r Kids
2014-02-18 16:00 - 2014-01-26 11:50 - 00000000 ____D () C:\Users\Bob\Documents\CTCEF
2014-02-18 14:16 - 2014-02-18 11:24 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-02-18 13:38 - 2011-11-25 17:18 - 00141526 _____ () C:\Users\Bob\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-02-18 13:38 - 2011-11-25 17:18 - 00140205 _____ () C:\Users\Bob\AppData\Roaming\Rim.Desktop.Exception.log
2014-02-18 13:21 - 2014-02-18 13:20 - 00012469 _____ () C:\Users\Bob\Desktop\dds.txt
2014-02-18 13:21 - 2014-02-18 13:20 - 00008763 _____ () C:\Users\Bob\Desktop\attach.txt
2014-02-18 13:12 - 2014-02-18 13:11 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-02-18 12:43 - 2014-02-18 11:23 - 00000000 ____D () C:\AdwCleaner
2014-02-18 12:41 - 2014-02-18 12:40 - 01241834 _____ () C:\Users\Bob\Downloads\adwcleaner (3).exe
2014-02-18 12:15 - 2014-02-18 12:13 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (3).exe
2014-02-18 11:39 - 2014-02-18 11:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\rkill.exe
2014-02-18 11:33 - 2014-02-18 11:31 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner (1).exe
2014-02-18 11:26 - 2009-07-14 00:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 11:22 - 2014-02-18 11:22 - 01241834 _____ () C:\Users\Bob\Downloads\AdwCleaner.exe
2014-02-18 11:13 - 2014-02-18 11:13 - 03813376 _____ () C:\Users\Bob\Downloads\RogueKiller.exe
2014-02-16 07:06 - 2009-07-14 00:13 - 00782902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 17:53 - 2013-09-09 12:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\PMB Files
2014-02-15 17:53 - 2013-09-09 12:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-15 16:28 - 2013-09-17 16:52 - 00000000 ____D () C:\Users\Bob\Desktop\Andrew's NEW stuff
2014-02-15 13:24 - 2013-05-21 15:18 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-02-15 13:24 - 2012-11-08 20:59 - 00054917 _____ () C:\Windows\system32\lvcoinst.log
2014-02-15 02:35 - 2013-07-15 22:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 02:33 - 2011-05-23 18:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 22:29 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Battle.net
2014-02-13 20:22 - 2014-01-25 17:28 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-13 15:46 - 2013-11-16 16:35 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 15:46 - 2013-11-16 16:35 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 03:09 - 2011-08-02 01:50 - 00776626 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 08:41 - 2014-02-06 14:03 - 00000000 ____D () C:\Users\Bob\Documents\SLTM 2014
2014-02-11 13:54 - 2013-10-23 08:09 - 00000000 ____D () C:\Users\Bob\Documents\Leila Day
2014-02-08 15:09 - 2011-05-23 21:10 - 00000000 ____D () C:\Users\Bob\Desktop\Photos
2014-02-06 13:52 - 2012-09-07 11:34 - 00000000 ____D () C:\Users\Bob\Documents\Women and Family Life
2014-02-06 02:04 - 2014-02-06 02:04 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online-NFA
2014-02-06 02:04 - 2014-02-06 02:03 - 00001426 _____ () C:\Users\Bob\Downloads\cgoban-nfa.jnlp
2014-02-05 05:19 - 2014-02-13 03:00 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 05:02 - 2014-02-13 03:00 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 05:00 - 2014-02-13 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 04:54 - 2014-02-13 03:00 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 04:54 - 2014-02-13 03:00 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 04:52 - 2014-02-13 03:00 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 04:52 - 2014-02-13 03:00 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 04:52 - 2014-02-13 03:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 04:51 - 2014-02-13 03:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 04:50 - 2014-02-13 03:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 04:50 - 2014-02-13 03:00 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 04:50 - 2014-02-13 03:00 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:58 - 2014-02-13 03:00 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 03:56 - 2014-02-13 03:00 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 03:53 - 2014-02-13 03:00 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 03:51 - 2014-02-13 03:00 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 03:50 - 2014-02-13 03:00 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 03:49 - 2014-02-13 03:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 03:49 - 2014-02-13 03:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 03:48 - 2014-02-13 03:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 03:48 - 2014-02-13 03:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 03:47 - 2014-02-13 03:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 03:47 - 2014-02-13 03:00 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 03:47 - 2014-02-13 03:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 03:46 - 2014-02-13 03:00 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-02 15:16 - 2014-01-29 15:59 - 00000000 ____D () C:\Users\Bob\Documents\Castle Hill
2014-02-02 06:17 - 2014-02-02 06:17 - 00413312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 06:17 - 2014-02-02 06:17 - 00108840 _____ () C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 01:00 - 2014-02-02 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 17:41 - 2014-02-01 17:37 - 00000000 ____D () C:\Users\Bob\Documents\Research Tools
2014-02-01 17:10 - 2013-12-25 13:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\MDworks
2014-02-01 16:17 - 2014-02-01 16:17 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 16:17 - 2013-07-30 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 16:16 - 2014-02-01 16:16 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup.exe
2014-02-01 15:13 - 2014-02-01 15:13 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-01 15:13 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-01 15:13 - 2014-02-01 15:12 - 17929896 _____ (SUPERAntiSpyware) C:\Users\Bob\Downloads\SUPERAntiSpyware.exe
2014-02-01 15:05 - 2014-02-01 15:04 - 05179159 _____ (Swearware) C:\Users\Bob\Downloads\ComboFix (1).exe
2014-02-01 14:49 - 2014-02-01 14:49 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (2).exe
2014-02-01 14:48 - 2014-02-01 14:48 - 02218636 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-01-30 20:24 - 2014-01-30 20:24 - 00009680 _____ () C:\Windows\system32\cc_20140130_202402.reg
2014-01-30 20:22 - 2011-10-28 07:46 - 00000000 ____D () C:\Windows\Minidump
2014-01-30 01:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-30 00:59 - 2011-05-23 17:56 - 00000000 ____D () C:\Users\Bob
2014-01-26 22:31 - 2014-01-26 22:31 - 00173096 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bob\Downloads\GoToAssistStarter (1).exe
2014-01-25 17:41 - 2014-01-25 17:41 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard
2014-01-25 17:41 - 2014-01-25 17:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-25 17:31 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Battle.net
2014-01-25 17:29 - 2014-01-25 17:29 - 00000000 ____D () C:\Users\Bob\AppData\Local\Blizzard Entertainment
2014-01-25 17:29 - 2014-01-25 17:28 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-01-25 17:27 - 2014-01-25 17:27 - 00000000 ____D () C:\ProgramData\Battle.net
2014-01-25 17:27 - 2014-01-25 17:26 - 05971136 _____ (Blizzard Entertainment) C:\Users\Bob\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-01-24 16:27 - 2013-12-14 12:15 - 00000000 ____D () C:\Users\Bob\Documents\HHYEP
2014-01-22 21:41 - 2014-01-22 21:41 - 00056832 _____ () C:\Users\Bob\Downloads\Monthly Report to CAEL From LAPA Fundraising of Recent Accomplishments (1).msg
2014-01-22 21:39 - 2014-01-22 21:39 - 00237056 _____ () C:\Users\Bob\Downloads\CAEL Competitors--Individual Donors Information.msg
2014-01-22 21:38 - 2014-01-22 21:38 - 00148992 _____ () C:\Users\Bob\Downloads\next batch of Call Reports from Interviews (1).msg
 
Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 12:15
 
==================== End Of Log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 AM

Posted 22 February 2014 - 08:15 AM

Your last log is clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

#9 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 February 2014 - 11:55 AM

here is the combofix log

 

ComboFix 14-02-20.01 - Bob 02/22/2014  11:47:55.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2253 [GMT -5:00]
Running from: c:\users\Bob\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-22 to 2014-02-22  )))))))))))))))))))))))))))))))
.
.
2014-02-22 16:52 . 2014-02-22 16:52 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-02-22 16:52 . 2014-02-22 16:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-22 16:52 . 2014-02-22 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-21 20:03 . 2014-02-21 20:01 1031560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A432ABA-8C4B-437D-96AD-6442E67A543A}\gapaengine.dll ERROR(0x00000005)
2014-02-21 17:05 . 2014-02-21 20:07 -------- d-----w- C:\FRST
2014-02-18 16:24 . 2014-02-22 02:54 -------- d-----w- c:\users\Bob\AppData\Local\CrashDumps
2014-02-18 16:23 . 2014-02-18 17:43 -------- d-----w- C:\AdwCleaner
2014-02-16 15:18 . 2013-12-04 03:28 10315576 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44254565-D619-4754-91B6-29A735D58FDC}\mpengine.dll ERROR(0x00000005)
2014-02-15 13:33 . 2013-12-04 03:28 10315576 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2014-02-12 13:27 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 13:27 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 13:27 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 13:27 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 13:27 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 13:27 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 13:27 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 13:27 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-01 20:13 . 2014-02-01 20:13 -------- d-----w- c:\users\Bob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-01 20:13 . 2014-02-01 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-01-31 01:24 . 2014-01-31 01:24 9680 ----a-w- c:\windows\system32\cc_20140130_202402.reg
2014-01-25 22:41 . 2014-01-25 22:41 -------- d-----w- c:\users\Bob\AppData\Local\Blizzard
2014-01-25 22:31 . 2014-01-25 22:41 -------- d-----w- c:\program files (x86)\Hearthstone
2014-01-25 22:29 . 2014-01-25 22:29 -------- d-----w- c:\users\Bob\AppData\Local\Blizzard Entertainment
2014-01-25 22:29 . 2014-02-14 03:29 -------- d-----w- c:\users\Bob\AppData\Local\Battle.net
2014-01-25 22:29 . 2014-01-25 22:31 -------- d-----w- c:\users\Bob\AppData\Roaming\Battle.net
2014-01-25 22:28 . 2014-02-14 01:22 -------- d-----w- c:\program files (x86)\Battle.net
2014-01-25 22:28 . 2014-01-25 22:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-15 07:33 . 2011-05-23 23:25 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2011-05-23 23:47 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-25 19:10 . 2013-12-25 19:10 53248 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows\DRM\AFC.tmp ERROR(0x00000005)
2013-12-25 19:10 . 2013-12-25 19:10 53248 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows\DRM\AFB.tmp ERROR(0x00000005)
2013-11-27 01:41 . 2014-01-15 14:14 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 14:14 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 14:14 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 14:14 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 14:14 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 14:14 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 14:14 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 10:32 . 2014-01-15 14:14 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-20 5236664]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe" [2013-10-09 829832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
R4 BackupService;BackupService;c:\users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe;c:\users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R4 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R4 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 16:54 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-04 05:12]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-16 21:35]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-16 21:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 167.206.251.129
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-86897497.sys
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-22  11:53:52
ComboFix-quarantined-files.txt  2014-02-22 16:53
ComboFix2.txt  2013-12-27 06:49
ComboFix3.txt  2013-07-15 13:00
ComboFix4.txt  2012-01-02 17:28
.
Pre-Run: 928,804,536,320 bytes free
Post-Run: 928,330,702,848 bytes free
.
- - End Of File - - DCC951CFC4D95346EAE8E0D5D5ACC7A3
CDB4DE4BBD714F152979DA2DCBEF57EB


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 AM

Posted 22 February 2014 - 01:54 PM

The log is clean.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#11 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 February 2014 - 02:39 PM

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Remove -- Date : 02/22/2014 14:38:08
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{314BE709-7083-49D6-A975-4BD82A6164E3}.exe - --uninstall=1 [x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1001FAES-75W7A0 ATA Device +++++
--- User ---
[MBR] ed5538cabb5fc13ea818291eeb2ad8be
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22900736 | Size: 942686 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_02222014_143808.txt >>
RKreport[0]_S_02222014_143801.txt


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 AM

Posted 23 February 2014 - 08:36 AM

Please run this tool. Let me know what problem persists.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#13 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 23 February 2014 - 11:07 AM

Here is the log, the computer seems to be working great!

 

Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 


#14 zengo

zengo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 23 February 2014 - 11:08 AM

I still am getting random cpu spikes though, as high as 27 percent.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 AM

Posted 23 February 2014 - 01:35 PM

Execute a Clean Startup. You may be able to find out what is causing this.

HO to: perform a Clean Startup
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

Follow the instructions on the page.

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users