Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS/Rovnix.w and more cannot remove


  • This topic is locked This topic is locked
14 replies to this topic

#1 JosephSchiavone

JosephSchiavone

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 26 February 2014 - 05:32 PM

Machine: Windows 7 64 bit OS

 

Problem:  I have ran AdwCleaner, JRT, Malwarebytes, Malwarebytes Anti-Root, SuperAntispyware, Microsoft Security Essentials, and Windows Defender. I cannot keep Dos/Rovnix.w off of my machine.

 

The following are present currently:

 

Win64/Rovnix.gen!c

Dos/Rovnix.w

Trojan:win32/Tesch.B

Trojan:Wind32/Alureon.GQ

 

I read the forum rules, and the above actions were taken prior to reach out for help.

Any advice/guidance would be greatly appreciated.

Thank you for your time as I am aware that you are all volunteers.

 

 

Kind regards,

 

Joseph 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 27 February 2014 - 03:08 AM

Hello Joseph,

 

The following are present currently

Which program report these threats? Can you please post up the complete log file?

And in addition please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 10:44 AM

I am having trouble getting these to post, so I am going to send each in a different reply/post.
 
avast! Antirootkit, version 1.0
Scan started: Thursday, February 27, 2014 8:38:10 AM
 
Process  [0] 
Process  [4] 
Process C:\Windows\System32\smss.exe [404] 
Process C:\Windows\System32\csrss.exe [536] 
Process C:\Windows\System32\csrss.exe [608] 
Process C:\Windows\System32\wininit.exe [616] 
Process C:\Windows\System32\winlogon.exe [652] 
Process C:\Windows\System32\services.exe [712] 
Process C:\Windows\System32\lsass.exe [720] 
Process C:\Windows\System32\lsm.exe [728] 
Process C:\Windows\System32\svchost.exe [832] 
Process C:\Windows\System32\svchost.exe [904] 
Process C:\Windows\System32\atiesrxx.exe [476] 
Process C:\Windows\System32\svchost.exe [784] 
Process C:\Windows\System32\svchost.exe [1036] 
Process C:\Windows\System32\svchost.exe [1060] 
Process C:\Windows\System32\svchost.exe [1084] 
Process C:\Windows\System32\svchost.exe [1184] 
Process C:\Windows\System32\atieclxx.exe [1244] 
Process C:\Windows\System32\svchost.exe [1328] 
Process C:\Windows\System32\spoolsv.exe [1524] 
Process C:\Windows\System32\svchost.exe [1584] 
Process C:\Windows\System32\taskhost.exe [1696] 
Process C:\Windows\System32\dwm.exe [1756] 
Process C:\Windows\explorer.exe [1768] 
Process C:\Program Files\SUPERAntiSpyware\SASCore64.exe [1892] 
Process C:\Windows\SysWOW64\atashost.exe [1920] 
Process C:\Windows\System32\taskeng.exe [1056] 
Process C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2008] 
Process C:\Windows\SysWOW64\svchost.exe [2004] 
Process C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2104] 
Process C:\Windows\System32\svchost.exe [2152] 
Process C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2256] 
Process C:\Windows\System32\svchost.exe [2324] 
Process C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2348] 
Process C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2384] 
Process C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2656] 
Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2712] 
Process C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2788] 
Process C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [2864] 
Process C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2872] 
Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [2888] 
Process C:\Program Files\Microsoft Device Center\itype.exe [2904] 
Process C:\Program Files\Microsoft Device Center\ipoint.exe [2956] 
Process C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe [2984] 
Process C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3044] 
Process C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2244] 
Process C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe [532] 
Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [600] 
Process C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [3176] 
Process C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [3264] 
Process C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [3308] 
Process C:\Windows\System32\SearchIndexer.exe [3988] 
Process C:\Windows\System32\svchost.exe [4636] 
Process C:\Windows\System32\dllhost.exe [4900] 
Process C:\Windows\System32\svchost.exe [5052] 
Process C:\Windows\System32\svchost.exe [5088] 
Process C:\Windows\System32\WUDFHost.exe [3260] 
Process C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [6028] 
Process C:\Program Files\Windows Media Player\wmpnetwk.exe [6132] 
Process C:\Windows\System32\svchost.exe [3116] 
Process C:\Windows\servicing\TrustedInstaller.exe [4580] 
Process C:\Windows\System32\wuauclt.exe [3336] 
Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe [4760] 
Process C:\Program Files\AVAST Software\Avast\AvastUI.exe [3316] 
Process C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2024] 
Process C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [6088] 
Process C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [236] 
Process C:\Windows\SysWOW64\svchost.exe [6104] 
Process C:\Windows\SysWOW64\svchost.exe [1224] 
Process C:\Windows\SysWOW64\svchost.exe [5196] 
Process C:\Windows\SysWOW64\svchost.exe [3692] 
Process C:\Windows\System32\taskeng.exe [3456] 
Disk 0 MBR
Service !SASCORE [C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE] 
Service .NET CLR Data [???] 
Service .NET CLR Networking [???] 
Service .NET CLR Networking 4.0.0.0 [???] 
Service .NET Data Provider for Oracle [???] 
Service .NET Data Provider for SqlServer [???] 
Service .NET Memory Cache 4.0 [???] 
Service .NETFramework [???] 
Service 1394ohci [C:\Windows\system32\drivers\1394ohci.sys] 
Service ACPI [C:\Windows\system32\drivers\ACPI.sys] 
Service AcpiPmi [C:\Windows\system32\drivers\acpipmi.sys] 
Service AdobeFlashPlayerUpdateSvc [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] 
Service adp94xx [C:\Windows\system32\DRIVERS\adp94xx.sys] 
Service adpahci [C:\Windows\system32\DRIVERS\adpahci.sys] 
Service adpu320 [C:\Windows\system32\DRIVERS\adpu320.sys] 
Service adsi [???] 
Service AeLookupSvc [C:\Windows\System32\aelupsvc.dll] 
Service AFD [C:\Windows\system32\drivers\afd.sys] 
Service agp440 [C:\Windows\system32\drivers\agp440.sys] 
Service ALG [C:\Windows\System32\alg.exe] 
Service aliide [C:\Windows\system32\drivers\aliide.sys] 
Service AMD External Events Utility [C:\Windows\system32\atiesrxx.exe] 
Service amdide [C:\Windows\system32\drivers\amdide.sys] 
Service AmdK8 [C:\Windows\system32\DRIVERS\amdk8.sys] 
Service amdkmdag [C:\Windows\system32\DRIVERS\atikmdag.sys] 
Service amdkmdap [C:\Windows\system32\DRIVERS\atikmpag.sys] 
Service AmdPPM [C:\Windows\system32\DRIVERS\amdppm.sys] 
Service amdsata [C:\Windows\system32\drivers\amdsata.sys] 
Service amdsbs [C:\Windows\system32\DRIVERS\amdsbs.sys] 
Service amdxata [C:\Windows\system32\drivers\amdxata.sys] 
Service amd_sata [C:\Windows\system32\DRIVERS\amd_sata.sys] 
Service amd_xata [C:\Windows\system32\DRIVERS\amd_xata.sys] 
Service AppID [C:\Windows\system32\drivers\appid.sys] 
Service AppIDSvc [C:\Windows\System32\appidsvc.dll] 
Service Appinfo [C:\Windows\System32\appinfo.dll] 
Service AppMgmt [???] 
Service arc [C:\Windows\system32\DRIVERS\arc.sys] 
Service arcsas [C:\Windows\system32\DRIVERS\arcsas.sys] 
Service ASP.NET [???] 
Service ASP.NET_4.0.30319 [???] 
Service aspnet_state [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe] 
Service aswMonFlt [C:\Windows\system32\drivers\aswMonFlt.sys] 
Service aswRdr [???] 
Service aswRvrt [C:\Windows\System32\Drivers\aswRvrt.sys] 
Service aswSnx [C:\Windows\system32\drivers\aswSnx.sys] 
Service aswSP [C:\Windows\system32\drivers\aswSP.sys] 
Service aswVmm [C:\Windows\System32\Drivers\aswVmm.sys] 
Service AsyncMac [C:\Windows\system32\DRIVERS\asyncmac.sys] 
Service atapi [C:\Windows\system32\drivers\atapi.sys] 
Service atashost [C:\Windows\SysWOW64\atashost.exe] 
Service Atierecord [???] 
Service atikmdag [C:\Windows\system32\DRIVERS\atikmdag.sys] 
Service AtiPcie [C:\Windows\system32\DRIVERS\AtiPcie64.sys] 
Service AudioEndpointBuilder [C:\Windows\System32\Audiosrv.dll] 
Service AudioSrv [C:\Windows\System32\Audiosrv.dll] 
Service avast! Antivirus [C:\Program Files\AVAST Software\Avast\AvastSvc.exe] 
Service AxInstSV [C:\Windows\System32\AxInstSV.dll] 
Service b06bdrv [C:\Windows\system32\DRIVERS\bxvbda.sys] 
Service b57nd60a [C:\Windows\system32\DRIVERS\b57nd60a.sys] 
Service BattC [???] 
Service BBSvc [C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE] 
Service BDESVC [C:\Windows\System32\bdesvc.dll] 
Service Beep [C:\Windows\System32\Drivers\Beep.sys] 
Service BFE [C:\Windows\System32\bfe.dll] 
Service BITS [C:\Windows\system32\qmgr.dll] 
Service blbdrive [C:\Windows\system32\DRIVERS\blbdrive.sys] 
Service bowser [C:\Windows\system32\DRIVERS\bowser.sys] 
Service BrFiltLo [C:\Windows\system32\DRIVERS\BrFiltLo.sys] 
Service BrFiltUp [C:\Windows\system32\DRIVERS\BrFiltUp.sys] 
Service BridgeMP [C:\Windows\system32\DRIVERS\bridge.sys] 
Service Browser [C:\Windows\System32\browser.dll] 
Service Brserid [C:\Windows\System32\Drivers\Brserid.sys] 
Service BrSerWdm [C:\Windows\System32\Drivers\BrSerWdm.sys] 
Service BrUsbMdm [C:\Windows\System32\Drivers\BrUsbMdm.sys] 
Service BrUsbSer [C:\Windows\System32\Drivers\BrUsbSer.sys] 
Service BTHMODEM [C:\Windows\system32\DRIVERS\bthmodem.sys] 
Service BTHPORT [???] 
Service bthserv [C:\Windows\system32\bthserv.dll] 
Service catchme [C:\ComboFix\catchme.sys] 
Service cdfs [C:\Windows\system32\DRIVERS\cdfs.sys] 
Service cdrom [C:\Windows\system32\drivers\cdrom.sys] 
Service CertPropSvc [C:\Windows\System32\certprop.dll] 
Service circlass [C:\Windows\system32\DRIVERS\circlass.sys] 
Service CLFS [C:\Windows\System32\CLFS.sys] 
Service clr_optimization_v2.0.50727_32 [C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe] 
Service clr_optimization_v2.0.50727_64 [C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe] 
Service clr_optimization_v4.0.30319_32 [C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe] 
Service clr_optimization_v4.0.30319_64 [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe] 
Service CmBatt [C:\Windows\system32\DRIVERS\CmBatt.sys] 
Service cmdide [C:\Windows\system32\drivers\cmdide.sys] 
Service CNG [C:\Windows\System32\Drivers\cng.sys] 
Service Compbatt [C:\Windows\system32\DRIVERS\compbatt.sys] 
Service CompositeBus [C:\Windows\system32\drivers\CompositeBus.sys] 
Service COMSysApp [C:\Windows\system32\dllhost.exe] 
Service crcdisk [C:\Windows\system32\DRIVERS\crcdisk.sys] 
Service crypt32 [???] 
Service CryptSvc [C:\Windows\system32\cryptsvc.dll] 
Service cvhsvc [C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE] 
Service DCLocator [???] 
Service DcomLaunch [C:\Windows\system32\rpcss.dll] 
Service defragsvc [C:\Windows\System32\defragsvc.dll] 
Service DfsC [C:\Windows\System32\Drivers\dfsc.sys] 
Service Dhcp [C:\Windows\system32\dhcpcore.dll] 
Service discache [C:\Windows\System32\drivers\discache.sys] 
Service Disk [C:\Windows\system32\DRIVERS\disk.sys] 
Service Dnscache [C:\Windows\System32\dnsrslvr.dll] 
Service dot3svc [C:\Windows\System32\dot3svc.dll] 
Service Dot4 [C:\Windows\system32\DRIVERS\Dot4.sys] 
Service Dot4Print [C:\Windows\system32\DRIVERS\Dot4Prt.sys] 
Service dot4usb [C:\Windows\system32\DRIVERS\dot4usb.sys] 
Service DPS [C:\Windows\system32\dps.dll] 
Service drmkaud [C:\Windows\system32\drivers\drmkaud.sys] 
Service DXGKrnl [C:\Windows\System32\drivers\dxgkrnl.sys] 
Service EapHost [C:\Windows\System32\eapsvc.dll] 
Service ebdrv [C:\Windows\system32\DRIVERS\evbda.sys] 
Service EFS [C:\Windows\System32\lsass.exe] 
Service ehRecvr [C:\Windows\ehome\ehRecvr.exe] 
Service ehSched [C:\Windows\ehome\ehsched.exe] 
Service elxstor [C:\Windows\system32\DRIVERS\elxstor.sys] 
Service ErrDev [C:\Windows\system32\drivers\errdev.sys] 
Service ESENT [???] 
Service eventlog [C:\Windows\System32\wevtsvc.dll] 
Service EventSystem [C:\Windows\system32\es.dll] 
Service exfat [C:\Windows\System32\Drivers\exfat.sys] 
Service fastfat [C:\Windows\System32\Drivers\fastfat.sys] 
Service Fax [C:\Windows\system32\fxssvc.exe] 
Service fdc [C:\Windows\system32\DRIVERS\fdc.sys] 
Service fdPHost [C:\Windows\system32\fdPHost.dll] 
Service FDResPub [C:\Windows\system32\fdrespub.dll] 
Service FileInfo [C:\Windows\system32\drivers\fileinfo.sys] 
Service Filetrace [C:\Windows\system32\drivers\filetrace.sys] 
Service flpydisk [C:\Windows\system32\DRIVERS\flpydisk.sys] 
Service FltMgr [C:\Windows\system32\drivers\fltmgr.sys] 
Service FontCache [C:\Windows\system32\FntCache.dll] 
Service FontCache3.0.0.0 [C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe] 
Service FsDepends [C:\Windows\System32\drivers\FsDepends.sys] 
Service Fs_Rec [C:\Windows\System32\Drivers\Fs_Rec.sys] 
Service fvevol [C:\Windows\System32\DRIVERS\fvevol.sys] 
Service gagp30kx [C:\Windows\system32\DRIVERS\gagp30kx.sys] 
Service GameConsoleService [C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe] 
Service gpsvc [C:\Windows\System32\gpsvc.dll] 
Service gupdate [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] 
Service gupdatem [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] 
Service gusvc [C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe] 
Service hcw85cir [C:\Windows\system32\drivers\hcw85cir.sys] 
Service HdAudAddService [C:\Windows\system32\drivers\HdAudio.sys] 
Service HDAudBus [C:\Windows\system32\drivers\HDAudBus.sys] 
Service HidBatt [C:\Windows\system32\DRIVERS\HidBatt.sys] 
Service HidBth [C:\Windows\system32\DRIVERS\hidbth.sys] 
Service HidIr [C:\Windows\system32\DRIVERS\hidir.sys] 
Service hidserv [C:\Windows\System32\hidserv.dll] 
Service HidUsb [C:\Windows\system32\DRIVERS\hidusb.sys] 
Service hkmsvc [C:\Windows\system32\kmsvc.dll] 
Service HomeGroupListener [C:\Windows\system32\ListSvc.dll] 
Service HomeGroupProvider [C:\Windows\system32\provsvc.dll] 
Service HP Support Assistant Service [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe] 
Service HPClientSvc [C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe] 
Service hpqcxs08 [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll] 
Service hpqddsvc [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll] 
Service hpqwmiex [C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe] 
Service HpSAMD [C:\Windows\system32\drivers\HpSAMD.sys] 
Service HPSLPSVC [C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL] 
Service HTTP [C:\Windows\system32\drivers\HTTP.sys] 
Service hwpolicy [C:\Windows\System32\drivers\hwpolicy.sys] 
Service i8042prt [C:\Windows\system32\drivers\i8042prt.sys] 
Service iaStorV [C:\Windows\system32\drivers\iaStorV.sys] 
Service idsvc [C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe] 
Service IEEtwCollectorService [C:\Windows\system32\IEEtwCollector.exe] 
Service iirsp [C:\Windows\system32\DRIVERS\iirsp.sys] 
Service IKEEXT [C:\Windows\System32\ikeext.dll] 
Service inetaccs [???] 
Service IntcAzAudAddService [C:\Windows\system32\drivers\RTKVHD64.sys] 
Service intelide [C:\Windows\system32\drivers\intelide.sys] 
Service intelppm [C:\Windows\system32\DRIVERS\intelppm.sys] 
Service IPBusEnum [C:\Windows\system32\ipbusenum.dll] 
Service IpFilterDriver [C:\Windows\system32\DRIVERS\ipfltdrv.sys] 
Service iphlpsvc [C:\Windows\System32\iphlpsvc.dll] 
Service IPMIDRV [C:\Windows\system32\drivers\IPMIDrv.sys] 
Service IPNAT [C:\Windows\System32\drivers\ipnat.sys] 
Service IRENUM [C:\Windows\system32\drivers\irenum.sys] 
Service isapnp [C:\Windows\system32\drivers\isapnp.sys] 
Service iScsiPrt [C:\Windows\system32\drivers\msiscsi.sys] 
Service kbdclass [C:\Windows\system32\DRIVERS\kbdclass.sys] 
Service kbdhid [C:\Windows\system32\DRIVERS\kbdhid.sys] 
Service KeyIso [C:\Windows\system32\lsass.exe] 
Service KSecDD [C:\Windows\System32\Drivers\ksecdd.sys] 
Service KSecPkg [C:\Windows\System32\Drivers\ksecpkg.sys] 
Service ksthunk [C:\Windows\system32\drivers\ksthunk.sys] 
Service KtmRm [C:\Windows\system32\msdtckrm.dll] 
Service LanmanServer [C:\Windows\System32\srvsvc.dll] 
Service LanmanWorkstation [C:\Windows\System32\wkssvc.dll] 
Service ldap [???] 
Service LightScribeService [c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe] 
Service lltdio [C:\Windows\system32\DRIVERS\lltdio.sys] 
Service lltdsvc [C:\Windows\System32\lltdsvc.dll] 
Service lmhosts [C:\Windows\System32\lmhsvc.dll] 
Service Lsa [???] 
Service LSI_FC [C:\Windows\system32\DRIVERS\lsi_fc.sys] 
Service LSI_SAS [C:\Windows\system32\DRIVERS\lsi_sas.sys] 
Service LSI_SAS2 [C:\Windows\system32\DRIVERS\lsi_sas2.sys] 
Service LSI_SCSI [C:\Windows\system32\DRIVERS\lsi_scsi.sys] 
Service luafv [C:\Windows\system32\drivers\luafv.sys] 
Service MAV Client PerfMon Provider [???] 
Service Mcx2Svc [C:\Windows\system32\Mcx2Svc.dll] 
Service megasas [C:\Windows\system32\DRIVERS\megasas.sys] 
Service MegaSR [C:\Windows\system32\DRIVERS\MegaSR.sys] 
Service MMCSS [C:\Windows\system32\mmcss.dll] 
Service Modem [C:\Windows\system32\drivers\modem.sys] 
Service monitor [C:\Windows\system32\DRIVERS\monitor.sys] 
Service mouclass [C:\Windows\system32\DRIVERS\mouclass.sys] 
Service mouhid [C:\Windows\system32\DRIVERS\mouhid.sys] 
Service mountmgr [C:\Windows\System32\drivers\mountmgr.sys] 
Service mpio [C:\Windows\system32\drivers\mpio.sys] 
Service mpsdrv [C:\Windows\System32\drivers\mpsdrv.sys] 
Service MpsSvc [C:\Windows\system32\mpssvc.dll] 
Service MRxDAV [C:\Windows\system32\drivers\mrxdav.sys] 
Service mrxsmb [C:\Windows\system32\DRIVERS\mrxsmb.sys] 
Service mrxsmb10 [C:\Windows\system32\DRIVERS\mrxsmb10.sys] 
Service mrxsmb20 [C:\Windows\system32\DRIVERS\mrxsmb20.sys] 
Service msahci [C:\Windows\system32\drivers\msahci.sys] 
Service msdsm [C:\Windows\system32\drivers\msdsm.sys] 
Service MSDTC [C:\Windows\System32\msdtc.exe] 
Service MSDTC Bridge 3.0.0.0 [???] 
Service MSDTC Bridge 4.0.0.0 [???] 
Service Msfs [C:\Windows\System32\Drivers\Msfs.sys] 
Service mshidkmdf [C:\Windows\System32\drivers\mshidkmdf.sys] 
Service msisadrv [C:\Windows\system32\drivers\msisadrv.sys] 
Service MSiSCSI [C:\Windows\system32\iscsiexe.dll] 
Service msiserver [C:\Windows\system32\msiexec.exe] 
Service MSKSSRV [C:\Windows\system32\drivers\MSKSSRV.sys] 
Service MSPCLOCK [C:\Windows\system32\drivers\MSPCLOCK.sys] 
Service MSPQM [C:\Windows\system32\drivers\MSPQM.sys] 
Service MsRPC [C:\Windows\System32\Drivers\MsRPC.sys] 
Service MSSCNTRS [???] 
Service mssmbios [C:\Windows\system32\drivers\mssmbios.sys] 
Service MSTEE [C:\Windows\system32\drivers\MSTEE.sys] 
Service MTConfig [C:\Windows\system32\DRIVERS\MTConfig.sys] 
Service Mup [C:\Windows\System32\Drivers\mup.sys] 
Service napagent [C:\Windows\system32\qagentRT.dll] 
Service NativeWifiP [C:\Windows\system32\DRIVERS\nwifi.sys] 
Service NDIS [C:\Windows\system32\drivers\ndis.sys] 
Service NdisCap [C:\Windows\system32\DRIVERS\ndiscap.sys] 
Service NdisTapi [C:\Windows\system32\DRIVERS\ndistapi.sys] 
Service Ndisuio [C:\Windows\system32\DRIVERS\ndisuio.sys] 
Service NdisWan [C:\Windows\system32\DRIVERS\ndiswan.sys] 
Service NDProxy [C:\Windows\System32\Drivers\NDProxy.sys] 
Service Net Driver HPZ12 [C:\Windows\system32\HPZinw12.dll] 
Service NetBIOS [C:\Windows\system32\DRIVERS\netbios.sys] 
Service NetBT [C:\Windows\System32\DRIVERS\netbt.sys] 
Service Netlogon [C:\Windows\system32\lsass.exe] 
Service Netman [C:\Windows\System32\netman.dll] 
Service NetMsmqActivator [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe] 
Service NetPipeActivator [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe] 
Service netprofm [C:\Windows\System32\netprofm.dll] 
Service NetTcpActivator [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe] 
Service NetTcpPortSharing [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe] 
Service nfrd960 [C:\Windows\system32\DRIVERS\nfrd960.sys] 
Service NlaSvc [C:\Windows\System32\nlasvc.dll] 
Service nmservice [C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe] 
Service Npfs [C:\Windows\System32\Drivers\Npfs.sys] 
Service nsi [C:\Windows\system32\nsisvc.dll] 
Service nsiproxy [C:\Windows\system32\drivers\nsiproxy.sys] 
Service NTDS [???] 
Service Ntfs [C:\Windows\System32\Drivers\Ntfs.sys] 
Service Null [C:\Windows\System32\Drivers\Null.sys] 
Service nvraid [C:\Windows\system32\drivers\nvraid.sys] 
Service nvstor [C:\Windows\system32\drivers\nvstor.sys] 
Service nv_agp [C:\Windows\system32\drivers\nv_agp.sys] 
Service ohci1394 [C:\Windows\system32\drivers\ohci1394.sys] 
Service ose [C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE] 
Service osppsvc [C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE] 
Service Outlook [???] 
Service oyrxjikw [C:\Windows\system32\drivers\oyrxjikw.sys] 
Service p2pimsvc [C:\Windows\system32\pnrpsvc.dll] 
Service p2psvc [C:\Windows\system32\p2psvc.dll] 
Service Parport [C:\Windows\system32\DRIVERS\parport.sys] 
Service partmgr [C:\Windows\System32\drivers\partmgr.sys] 
Service PcaSvc [C:\Windows\System32\pcasvc.dll] 
Service pci [C:\Windows\system32\drivers\pci.sys] 
Service pciide [C:\Windows\system32\drivers\pciide.sys] 
Service pcmcia [C:\Windows\system32\DRIVERS\pcmcia.sys] 
Service pcw [C:\Windows\System32\drivers\pcw.sys] 
Service pdfcDispatcher [C:\Program Files (x86)\PDF Complete\pdfsvc.exe] 
Service PEAUTH [C:\Windows\system32\drivers\peauth.sys] 
Service PerfDisk [???] 
Service PerfHost [C:\Windows\SysWow64\perfhost.exe] 
Service PerfNet [???] 
Service PerfOS [???] 
Service PerfProc [???] 
Service pla [C:\Windows\system32\pla.dll] 
Service PlugPlay [C:\Windows\system32\umpnpmgr.dll] 
Service Pml Driver HPZ12 [C:\Windows\system32\HPZipm12.dll] 
Service pnarp [C:\Windows\system32\DRIVERS\pnarp.sys] 
Service PNRPAutoReg [C:\Windows\system32\pnrpauto.dll] 
Service PNRPsvc [C:\Windows\system32\pnrpsvc.dll] 
Service Point64 [C:\Windows\system32\DRIVERS\point64.sys] 
Service PolicyAgent [C:\Windows\System32\ipsecsvc.dll] 
Service PortProxy [???] 
Service Power [C:\Windows\system32\umpo.dll] 
Service PptpMiniport [C:\Windows\system32\DRIVERS\raspptp.sys] 
Service Processor [C:\Windows\system32\DRIVERS\processr.sys] 
Service ProfSvc [C:\Windows\system32\profsvc.dll] 
Service ProtectedStorage [C:\Windows\system32\lsass.exe] 
Service Psched [C:\Windows\system32\DRIVERS\pacer.sys] 
Service purendis [C:\Windows\system32\DRIVERS\purendis.sys] 
Service ql2300 [C:\Windows\system32\DRIVERS\ql2300.sys] 
Service ql40xx [C:\Windows\system32\DRIVERS\ql40xx.sys] 
Service QWAVE [C:\Windows\system32\qwave.dll] 
Service QWAVEdrv [C:\Windows\system32\drivers\qwavedrv.sys] 
Service RasAcd [C:\Windows\System32\DRIVERS\rasacd.sys] 
Service RasAgileVpn [C:\Windows\system32\DRIVERS\AgileVpn.sys] 
Service RasAuto [C:\Windows\System32\rasauto.dll] 
Service Rasl2tp [C:\Windows\system32\DRIVERS\rasl2tp.sys] 
Service RasMan [C:\Windows\System32\rasmans.dll] 
Service RasPppoe [C:\Windows\system32\DRIVERS\raspppoe.sys] 
Service RasSstp [C:\Windows\system32\DRIVERS\rassstp.sys] 
Service rdbss [C:\Windows\system32\DRIVERS\rdbss.sys] 
Service rdpbus [C:\Windows\system32\DRIVERS\rdpbus.sys] 
Service RDPCDD [C:\Windows\System32\DRIVERS\RDPCDD.sys] 
Service RDPDD [???] 
Service RDPENCDD [C:\Windows\system32\drivers\rdpencdd.sys] 
Service RDPNP [???] 
Service RDPREFMP [C:\Windows\system32\drivers\rdprefmp.sys] 
Service RDPUDD [???] 
Service RdpVideoMiniport [C:\Windows\System32\drivers\rdpvideominiport.sys] 
Service RDPWD [C:\Windows\System32\Drivers\RDPWD.sys] 
Service rdyboost [C:\Windows\System32\drivers\rdyboost.sys] 
Service RemoteAccess [C:\Windows\System32\mprdim.dll] 
Service RemoteRegistry [C:\Windows\system32\regsvc.dll] 
Service RoxioNow Service [C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe] 
Service RpcEptMapper [C:\Windows\System32\RpcEpMap.dll] 
Service RpcLocator [C:\Windows\system32\locator.exe] 
Service RpcSs [C:\Windows\system32\rpcss.dll] 
Service rspndr [C:\Windows\system32\DRIVERS\rspndr.sys] 
Service RTL8167 [C:\Windows\system32\DRIVERS\Rt64win7.sys] 
Service SamSs [C:\Windows\system32\lsass.exe] 
Service SASDIFSV [C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS] 
Service SASKUTIL [C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS] 
Service sbp2port [C:\Windows\system32\drivers\sbp2port.sys] 
Service SCardSvr [C:\Windows\System32\SCardSvr.dll] 
Service scfilter [C:\Windows\System32\DRIVERS\scfilter.sys] 
Service Schedule [C:\Windows\system32\schedsvc.dll] 
Service SCPolicySvc [C:\Windows\System32\certprop.dll] 
Service SDRSVC [C:\Windows\System32\SDRSVC.dll] 
Service SeaPort [C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE] 
Service secdrv [C:\Windows\System32\Drivers\secdrv.sys] 
Service seclogon [C:\Windows\system32\seclogon.dll] 
Service SENS [C:\Windows\system32\sens.dll] 
Service SensrSvc [C:\Windows\system32\sensrsvc.dll] 
Service Serenum [C:\Windows\system32\DRIVERS\serenum.sys] 
Service Serial [C:\Windows\system32\DRIVERS\serial.sys] 
Service sermouse [C:\Windows\system32\DRIVERS\sermouse.sys] 
Service ServiceModelEndpoint 3.0.0.0 [???] 
Service ServiceModelOperation 3.0.0.0 [???] 
Service ServiceModelService 3.0.0.0 [???] 
Service SessionEnv [C:\Windows\system32\sessenv.dll] 
Service sffdisk [C:\Windows\system32\drivers\sffdisk.sys] 
Service sffp_mmc [C:\Windows\system32\drivers\sffp_mmc.sys] 
Service sffp_sd [C:\Windows\system32\drivers\sffp_sd.sys] 
Service sfloppy [C:\Windows\system32\DRIVERS\sfloppy.sys] 
Service Sftfs [C:\Windows\system32\DRIVERS\Sftfslh.sys] 
Service sftlist [C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe] 
Service Sftplay [C:\Windows\system32\DRIVERS\Sftplaylh.sys] 
Service Sftredir [C:\Windows\system32\DRIVERS\Sftredirlh.sys] 
Service Sftvol [C:\Windows\system32\DRIVERS\Sftvollh.sys] 
Service sftvsa [C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe] 
Service SharedAccess [C:\Windows\System32\ipnathlp.dll] 
Service ShellHWDetection [C:\Windows\System32\shsvcs.dll] 
Service SiSRaid2 [C:\Windows\system32\DRIVERS\SiSRaid2.sys] 
Service SiSRaid4 [C:\Windows\system32\DRIVERS\sisraid4.sys] 
Service Smb [C:\Windows\system32\DRIVERS\smb.sys] 
Service SMSvcHost 3.0.0.0 [???] 
Service SMSvcHost 4.0.0.0 [???] 
Service SNMPTRAP [C:\Windows\System32\snmptrap.exe] 
Service spldr [C:\Windows\System32\Drivers\spldr.sys] 
Service Spooler [C:\Windows\System32\spoolsv.exe] 
Service sppsvc [C:\Windows\system32\sppsvc.exe] 
Service sppuinotify [C:\Windows\system32\sppuinotify.dll] 
Service srv [C:\Windows\System32\DRIVERS\srv.sys] 
Service srv2 [C:\Windows\System32\DRIVERS\srv2.sys] 
Service srvnet [C:\Windows\System32\DRIVERS\srvnet.sys] 
Service SSDPSRV [C:\Windows\System32\ssdpsrv.dll] 
Service SstpSvc [C:\Windows\system32\sstpsvc.dll] 
Service stexstor [C:\Windows\system32\DRIVERS\stexstor.sys] 
Service stisvc [C:\Windows\System32\wiaservc.dll] 
Service swenum [C:\Windows\system32\drivers\swenum.sys] 
Service swprv [C:\Windows\System32\swprv.dll] 
Service SysMain [C:\Windows\system32\sysmain.dll] 
Service TabletInputService [C:\Windows\System32\TabSvc.dll] 
Service TapiSrv [C:\Windows\System32\tapisrv.dll] 
Service TBS [C:\Windows\System32\tbssvc.dll] 
Service Tcpip [C:\Windows\System32\drivers\tcpip.sys] 
Service TCPIP6 [C:\Windows\system32\DRIVERS\tcpip.sys] 
Service TCPIP6TUNNEL [???] 
Service tcpipreg [C:\Windows\System32\drivers\tcpipreg.sys] 
Service TCPIPTUNNEL [???] 
Service TDPIPE [C:\Windows\system32\drivers\tdpipe.sys] 
Service TDTCP [C:\Windows\system32\drivers\tdtcp.sys] 
Service tdx [C:\Windows\system32\DRIVERS\tdx.sys] 
Service TermDD [C:\Windows\system32\drivers\termdd.sys] 
Service TermService [C:\Windows\System32\termsrv.dll] 
Service Themes [C:\Windows\system32\themeservice.dll] 
Service THREADORDER [C:\Windows\system32\mmcss.dll] 
Service TrkWks [C:\Windows\System32\trkwks.dll] 
Service TrustedInstaller [C:\Windows\servicing\TrustedInstaller.exe] 
Service TSDDD [???] 
Service tssecsrv [C:\Windows\System32\DRIVERS\tssecsrv.sys] 
Service TsUsbFlt [C:\Windows\system32\drivers\tsusbflt.sys] 
Service tunnel [C:\Windows\system32\DRIVERS\tunnel.sys] 
Service uagp35 [C:\Windows\system32\DRIVERS\uagp35.sys] 
Service udfs [C:\Windows\system32\DRIVERS\udfs.sys] 
Service UGatherer [???] 
Service UGTHRSVC [???] 
Service UI0Detect [C:\Windows\system32\UI0Detect.exe] 
Service uliagpkx [C:\Windows\system32\drivers\uliagpkx.sys] 
Service umbus [C:\Windows\system32\drivers\umbus.sys] 
Service UmPass [C:\Windows\system32\DRIVERS\umpass.sys] 
Service upnphost [C:\Windows\System32\upnphost.dll] 
Service usbccgp [C:\Windows\system32\DRIVERS\usbccgp.sys] 
Service usbcir [C:\Windows\system32\drivers\usbcir.sys] 
Service usbehci [C:\Windows\system32\DRIVERS\usbehci.sys] 
Service usbfilter [C:\Windows\system32\DRIVERS\usbfilter.sys] 
Service usbhub [C:\Windows\system32\DRIVERS\usbhub.sys] 
Service usbohci [C:\Windows\system32\DRIVERS\usbohci.sys] 
Service usbprint [C:\Windows\system32\DRIVERS\usbprint.sys] 
Service USBSTOR [C:\Windows\system32\DRIVERS\USBSTOR.SYS] 
Service usbuhci [C:\Windows\system32\drivers\usbuhci.sys] 
Service UxSms [C:\Windows\System32\uxsms.dll] 
Service VaultSvc [C:\Windows\system32\lsass.exe] 
Service vdrvroot [C:\Windows\system32\drivers\vdrvroot.sys] 
Service vds [C:\Windows\System32\vds.exe] 
Service vga [C:\Windows\system32\DRIVERS\vgapnp.sys] 
Service VgaSave [C:\Windows\System32\drivers\vga.sys] 
Service vhdmp [C:\Windows\system32\drivers\vhdmp.sys] 
Service viaide [C:\Windows\system32\drivers\viaide.sys] 
Service volmgr [C:\Windows\system32\drivers\volmgr.sys] 
Service volmgrx [C:\Windows\System32\drivers\volmgrx.sys] 
Service volsnap [C:\Windows\system32\drivers\volsnap.sys] 
Service vsmraid [C:\Windows\system32\DRIVERS\vsmraid.sys] 
Service VSS [C:\Windows\system32\vssvc.exe] 
Service vwifibus [C:\Windows\System32\drivers\vwifibus.sys] 
Service W32Time [C:\Windows\system32\w32time.dll] 
Service W3SVC [???] 
Service WacomPen [C:\Windows\system32\DRIVERS\wacompen.sys] 
Service WANARP [C:\Windows\system32\DRIVERS\wanarp.sys] 
Service Wanarpv6 [C:\Windows\system32\DRIVERS\wanarp.sys] 
Service WatAdminSvc [C:\Windows\system32\Wat\WatAdminSvc.exe] 
Service wbengine [C:\Windows\system32\wbengine.exe] 
Service WbioSrvc [C:\Windows\System32\wbiosrvc.dll] 
Service wcncsvc [C:\Windows\System32\wcncsvc.dll] 
Service WcsPlugInService [C:\Windows\System32\WcsPlugInService.dll] 
Service Wd [C:\Windows\system32\DRIVERS\wd.sys] 
Service Wdf01000 [C:\Windows\system32\drivers\Wdf01000.sys] 
Service WdiServiceHost [C:\Windows\system32\wdi.dll] 
Service WdiSystemHost [C:\Windows\system32\wdi.dll] 
Service WebClient [C:\Windows\System32\webclnt.dll] 
Service Wecsvc [C:\Windows\system32\wecsvc.dll] 
Service wercplsupport [C:\Windows\System32\wercplsupport.dll] 
Service WerSvc [C:\Windows\System32\WerSvc.dll] 
Service WfpLwf [C:\Windows\system32\DRIVERS\wfplwf.sys] 
Service WIMMount [C:\Windows\system32\drivers\wimmount.sys] 
Service WinDefend [C:\Program Files\Windows Defender\mpsvc.dll] 
Service Windows Workflow Foundation 3.0.0.0 [???] 
Service Windows Workflow Foundation 4.0.0.0 [???] 
Service WinHttpAutoProxySvc [C:\Windows\system32\winhttp.dll] 
Service Winmgmt [C:\Windows\system32\wbem\WMIsvc.dll] 
Service WinRM [C:\Windows\system32\WsmSvc.dll] 
Service Winsock [C:\Windows\System32\Drivers\Winsock.sys] 
Service WinSock2 [???] 
Service Wlansvc [C:\Windows\System32\wlansvc.dll] 
Service wlidsvc [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE] 
Service WmiAcpi [C:\Windows\system32\drivers\wmiacpi.sys] 
Service WmiApRpl [???] 
Service wmiApSrv [C:\Windows\system32\wbem\WmiApSrv.exe] 
Service WMPNetworkSvc [C:\Program Files\Windows Media Player\wmpnetwk.exe] 
Service WPCSvc [C:\Windows\System32\wpcsvc.dll] 
Service WPDBusEnum [C:\Windows\system32\wpdbusenum.dll] 
Service ws2ifsl [C:\Windows\system32\drivers\ws2ifsl.sys] 
Service wscsvc [C:\Windows\system32\wscsvc.dll] 
Service WSearch [C:\Windows\system32\SearchIndexer.exe] 
Service WSearchIdxPi [???] 
Service wuauserv [C:\Windows\system32\wuaueng.dll] 
Service WudfPf [C:\Windows\system32\drivers\WudfPf.sys] 
Service WUDFRd [C:\Windows\system32\DRIVERS\WUDFRd.sys] 
Service wudfsvc [C:\Windows\System32\WUDFSvc.dll] 
Service WwanSvc [C:\Windows\System32\wwansvc.dll] 
Service xmlprov [???] 
Service {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B} [???] 
Service {57D6F195-2E53-4917-ACD6-BE11ED4F9A50} [???] 
 
Scan finished: Thursday, February 27, 2014 9:54:49 AM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
 
 
----------


#4 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 10:47 AM

09:58:29.0610 0x1b3c  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
09:58:32.0215 0x1b3c  ============================================================
09:58:32.0215 0x1b3c  Current date / time: 2014/02/27 09:58:32.0215
09:58:32.0215 0x1b3c  SystemInfo:
09:58:32.0215 0x1b3c  
09:58:32.0215 0x1b3c  OS Version: 6.1.7601 ServicePack: 1.0
09:58:32.0215 0x1b3c  Product type: Workstation
09:58:32.0215 0x1b3c  ComputerName: RON-HP
09:58:32.0215 0x1b3c  UserName: Ron
09:58:32.0215 0x1b3c  Windows directory: C:\Windows
09:58:32.0215 0x1b3c  System windows directory: C:\Windows
09:58:32.0215 0x1b3c  Running under WOW64
09:58:32.0215 0x1b3c  Processor architecture: Intel x64
09:58:32.0215 0x1b3c  Number of processors: 2
09:58:32.0215 0x1b3c  Page size: 0x1000
09:58:32.0215 0x1b3c  Boot type: Normal boot
09:58:32.0215 0x1b3c  ============================================================
09:58:32.0558 0x1b3c  KLMD registered as C:\Windows\system32\drivers\17816117.sys
09:58:32.0668 0x1b3c  System UUID: {22861D1E-A438-1259-5812-82576004EC20}
09:58:32.0995 0x1b3c  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:58:33.0011 0x1b3c  Drive \Device\Harddisk2\DR2 - Size: 0x3EB80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:58:33.0011 0x1b3c  Drive \Device\Harddisk3\DR3 - Size: 0x3EB80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:58:33.0011 0x1b3c  ============================================================
09:58:33.0011 0x1b3c  \Device\Harddisk0\DR0:
09:58:33.0011 0x1b3c  MBR partitions:
09:58:33.0011 0x1b3c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:58:33.0011 0x1b3c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x48D9B800
09:58:33.0011 0x1b3c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48DCE000, BlocksNum 0x1A89800
09:58:33.0011 0x1b3c  \Device\Harddisk2\DR2:
09:58:33.0026 0x1b3c  MBR partitions:
09:58:33.0026 0x1b3c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x1C8, BlocksNum 0x1F5A38
09:58:33.0026 0x1b3c  \Device\Harddisk3\DR3:
09:58:33.0026 0x1b3c  MBR partitions:
09:58:33.0026 0x1b3c  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x1C8, BlocksNum 0x1F5A38
09:58:33.0026 0x1b3c  ============================================================
09:58:33.0042 0x1b3c  C: <-> \Device\Harddisk0\DR0\Partition2
09:58:33.0089 0x1b3c  D: <-> \Device\Harddisk0\DR0\Partition3
09:58:33.0089 0x1b3c  ============================================================
09:58:33.0089 0x1b3c  Initialize success
09:58:33.0089 0x1b3c  ============================================================
09:59:12.0136 0x1bb4  ============================================================
09:59:12.0136 0x1bb4  Scan started
09:59:12.0136 0x1bb4  Mode: Manual; SigCheck; TDLFS; 
09:59:12.0136 0x1bb4  ============================================================
09:59:12.0136 0x1bb4  KSN ping started
09:59:14.0491 0x1bb4  KSN ping finished: true
09:59:14.0772 0x1bb4  ================ Scan system memory ========================
09:59:14.0772 0x1bb4  System memory - ok
09:59:14.0772 0x1bb4  ================ Scan services =============================
09:59:14.0944 0x1bb4  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:59:15.0053 0x1bb4  !SASCORE - ok
09:59:15.0225 0x1bb4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:59:15.0256 0x1bb4  1394ohci - ok
09:59:15.0287 0x1bb4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:59:15.0303 0x1bb4  ACPI - ok
09:59:15.0303 0x1bb4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:59:15.0349 0x1bb4  AcpiPmi - ok
09:59:15.0474 0x1bb4  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:59:15.0490 0x1bb4  AdobeFlashPlayerUpdateSvc - ok
09:59:15.0521 0x1bb4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:59:15.0537 0x1bb4  adp94xx - ok
09:59:15.0568 0x1bb4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:59:15.0583 0x1bb4  adpahci - ok
09:59:15.0599 0x1bb4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:59:15.0615 0x1bb4  adpu320 - ok
09:59:15.0630 0x1bb4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:59:15.0739 0x1bb4  AeLookupSvc - ok
09:59:15.0849 0x1bb4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
09:59:15.0895 0x1bb4  AFD - ok
09:59:15.0927 0x1bb4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:59:15.0942 0x1bb4  agp440 - ok
09:59:15.0958 0x1bb4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:59:15.0973 0x1bb4  ALG - ok
09:59:16.0005 0x1bb4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:59:16.0020 0x1bb4  aliide - ok
09:59:16.0051 0x1bb4  [ CA0D6C1390F4B3BAF2A0A69D1A7F8332, 7C0D484F5A0608DB199D2C3A0855BDCF30580826F36BDCA87AD7049BF723ADAD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:59:16.0098 0x1bb4  AMD External Events Utility - ok
09:59:16.0129 0x1bb4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:59:16.0129 0x1bb4  amdide - ok
09:59:16.0176 0x1bb4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:59:16.0207 0x1bb4  AmdK8 - ok
09:59:16.0379 0x1bb4  [ 75E4BACA583AE02C11E9AC8747E2ABE0, FB39DAB5F37AB44A51126F2E04BB3901363FB0D5474F82E4FB1A770351967113 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:59:16.0551 0x1bb4  amdkmdag - ok
09:59:16.0597 0x1bb4  [ B765CF4B32F347BE747B21AE22641025, 47A580DEF9096795BE3CEB2D73A4201BF6EE05BDDAEAE035E9C65C6F5727FB85 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:59:16.0613 0x1bb4  amdkmdap - ok
09:59:16.0629 0x1bb4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:59:16.0644 0x1bb4  AmdPPM - ok
09:59:16.0675 0x1bb4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:59:16.0691 0x1bb4  amdsata - ok
09:59:16.0691 0x1bb4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:59:16.0707 0x1bb4  amdsbs - ok
09:59:16.0722 0x1bb4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:59:16.0738 0x1bb4  amdxata - ok
09:59:16.0753 0x1bb4  [ 352476C98EF3952563A14F767491BBA9, 386EE7663E04479465145CF41A9226446E4C0473EB31FBC9A81D0500166B812A ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
09:59:16.0769 0x1bb4  amd_sata - ok
09:59:16.0785 0x1bb4  [ F4805C309FE48D6939147FE5CCDB1AD4, 2F6C95401A38448460E4B0902A9026B416B2D4133239E04787E4F77152F2DE41 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
09:59:16.0785 0x1bb4  amd_xata - ok
09:59:16.0831 0x1bb4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:59:16.0925 0x1bb4  AppID - ok
09:59:16.0925 0x1bb4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:59:16.0956 0x1bb4  AppIDSvc - ok
09:59:17.0003 0x1bb4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:59:17.0034 0x1bb4  Appinfo - ok
09:59:17.0081 0x1bb4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:59:17.0097 0x1bb4  arc - ok
09:59:17.0097 0x1bb4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:59:17.0112 0x1bb4  arcsas - ok
09:59:17.0284 0x1bb4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:59:17.0346 0x1bb4  aspnet_state - ok
09:59:17.0393 0x1bb4  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
09:59:17.0409 0x1bb4  aswMonFlt - ok
09:59:17.0440 0x1bb4  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
09:59:17.0455 0x1bb4  aswRvrt - ok
09:59:17.0502 0x1bb4  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
09:59:17.0533 0x1bb4  aswSnx - ok
09:59:17.0596 0x1bb4  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
09:59:17.0611 0x1bb4  aswSP - ok
09:59:17.0643 0x1bb4  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
09:59:17.0658 0x1bb4  aswVmm - ok
09:59:17.0674 0x1bb4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:59:17.0705 0x1bb4  AsyncMac - ok
09:59:17.0736 0x1bb4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:59:17.0752 0x1bb4  atapi - ok
09:59:17.0767 0x1bb4  [ 6A995B27FBBFB2514238343474BCFF7D, 2B7738FF69E1EB294B549F7DA9A1AC1E70A38D3B7442308012A828CAC4B83D70 ] atashost        C:\Windows\SysWOW64\atashost.exe
09:59:17.0799 0x1bb4  atashost - ok
09:59:17.0970 0x1bb4  [ 75E4BACA583AE02C11E9AC8747E2ABE0, FB39DAB5F37AB44A51126F2E04BB3901363FB0D5474F82E4FB1A770351967113 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:59:18.0142 0x1bb4  atikmdag - ok
09:59:18.0173 0x1bb4  [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie64.sys
09:59:18.0189 0x1bb4  AtiPcie - ok
09:59:18.0235 0x1bb4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:59:18.0267 0x1bb4  AudioEndpointBuilder - ok
09:59:18.0298 0x1bb4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:59:18.0345 0x1bb4  AudioSrv - ok
09:59:18.0438 0x1bb4  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:59:18.0438 0x1bb4  avast! Antivirus - ok
09:59:18.0485 0x1bb4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:59:18.0532 0x1bb4  AxInstSV - ok
09:59:18.0563 0x1bb4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:59:18.0625 0x1bb4  b06bdrv - ok
09:59:18.0657 0x1bb4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:59:18.0672 0x1bb4  b57nd60a - ok
09:59:18.0766 0x1bb4  [ 825F81A6F7DD073509DB101F0BA6DC59, 25555D1DDB223DD10C328E4FC4A55698607004A9FA6C55DA3317AC2400897E94 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:59:18.0781 0x1bb4  BBSvc - ok
09:59:18.0813 0x1bb4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:59:18.0859 0x1bb4  BDESVC - ok
09:59:18.0875 0x1bb4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:59:18.0906 0x1bb4  Beep - ok
09:59:18.0969 0x1bb4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:59:19.0000 0x1bb4  BFE - ok
09:59:19.0047 0x1bb4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
09:59:19.0093 0x1bb4  BITS - ok
09:59:19.0109 0x1bb4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:59:19.0125 0x1bb4  blbdrive - ok
09:59:19.0156 0x1bb4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:59:19.0187 0x1bb4  bowser - ok
09:59:19.0218 0x1bb4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:59:19.0249 0x1bb4  BrFiltLo - ok
09:59:19.0265 0x1bb4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:59:19.0281 0x1bb4  BrFiltUp - ok
09:59:19.0312 0x1bb4  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:59:19.0343 0x1bb4  BridgeMP - ok
09:59:19.0390 0x1bb4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:59:19.0421 0x1bb4  Browser - ok
09:59:19.0437 0x1bb4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:59:19.0468 0x1bb4  Brserid - ok
09:59:19.0499 0x1bb4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:59:19.0515 0x1bb4  BrSerWdm - ok
09:59:19.0515 0x1bb4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:59:19.0530 0x1bb4  BrUsbMdm - ok
09:59:19.0530 0x1bb4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:59:19.0546 0x1bb4  BrUsbSer - ok
09:59:19.0577 0x1bb4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:59:19.0593 0x1bb4  BTHMODEM - ok
09:59:19.0624 0x1bb4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:59:19.0655 0x1bb4  bthserv - ok
09:59:19.0702 0x1bb4  catchme - ok
09:59:19.0717 0x1bb4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:59:19.0749 0x1bb4  cdfs - ok
09:59:19.0780 0x1bb4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
09:59:19.0795 0x1bb4  cdrom - ok
09:59:19.0827 0x1bb4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:59:19.0858 0x1bb4  CertPropSvc - ok
09:59:19.0889 0x1bb4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:59:19.0905 0x1bb4  circlass - ok
09:59:19.0920 0x1bb4  [ FE1EC06F2999253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:59:19.0936 0x1bb4  CLFS - ok
09:59:19.0983 0x1bb4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:59:19.0998 0x1bb4  clr_optimization_v2.0.50727_32 - ok
09:59:20.0029 0x1bb4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:59:20.0029 0x1bb4  clr_optimization_v2.0.50727_64 - ok
09:59:20.0154 0x1bb4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:59:20.0232 0x1bb4  clr_optimization_v4.0.30319_32 - ok
09:59:20.0263 0x1bb4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:59:20.0326 0x1bb4  clr_optimization_v4.0.30319_64 - ok
09:59:20.0357 0x1bb4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:59:20.0373 0x1bb4  CmBatt - ok
09:59:20.0388 0x1bb4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:59:20.0404 0x1bb4  cmdide - ok
09:59:20.0435 0x1bb4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:59:20.0466 0x1bb4  CNG - ok
09:59:20.0466 0x1bb4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:59:20.0482 0x1bb4  Compbatt - ok
09:59:20.0513 0x1bb4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:59:20.0529 0x1bb4  CompositeBus - ok
09:59:20.0544 0x1bb4  COMSysApp - ok
09:59:20.0560 0x1bb4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:59:20.0575 0x1bb4  crcdisk - ok
09:59:20.0607 0x1bb4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:59:20.0638 0x1bb4  CryptSvc - ok
09:59:20.0731 0x1bb4  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:59:20.0763 0x1bb4  cvhsvc - ok
09:59:20.0809 0x1bb4  [ 61D981CFC6337661F1D9B81A73442E16, 343414DB407E5ABBE2D704571BCC61DD85BF2D3CACDB026046AB2FB2B83EA710 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:59:20.0825 0x1bb4  DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )
09:59:23.0664 0x1bb4  Object is SCO, delete is not allowed
09:59:23.0664 0x1bb4  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
09:59:26.0238 0x1bb4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:59:26.0285 0x1bb4  defragsvc - ok
09:59:26.0316 0x1bb4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:59:26.0347 0x1bb4  DfsC - ok
09:59:26.0394 0x1bb4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:59:26.0425 0x1bb4  Dhcp - ok
09:59:26.0441 0x1bb4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:59:26.0472 0x1bb4  discache - ok
09:59:26.0519 0x1bb4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:59:26.0519 0x1bb4  Disk - ok
09:59:26.0566 0x1bb4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:59:26.0597 0x1bb4  Dnscache - ok
09:59:26.0628 0x1bb4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:59:26.0659 0x1bb4  dot3svc - ok
09:59:26.0706 0x1bb4  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
09:59:26.0722 0x1bb4  Dot4 - ok
09:59:26.0737 0x1bb4  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:59:26.0737 0x1bb4  Dot4Print - ok
09:59:26.0753 0x1bb4  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
09:59:26.0784 0x1bb4  dot4usb - ok
09:59:26.0815 0x1bb4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:59:26.0847 0x1bb4  DPS - ok
09:59:26.0878 0x1bb4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:59:26.0909 0x1bb4  drmkaud - ok
09:59:26.0940 0x1bb4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:59:26.0971 0x1bb4  DXGKrnl - ok
09:59:27.0003 0x1bb4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:59:27.0034 0x1bb4  EapHost - ok
09:59:27.0127 0x1bb4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:59:27.0221 0x1bb4  ebdrv - ok
09:59:27.0252 0x1bb4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
09:59:27.0283 0x1bb4  EFS - ok
09:59:27.0361 0x1bb4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:59:27.0393 0x1bb4  ehRecvr - ok
09:59:27.0424 0x1bb4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:59:27.0455 0x1bb4  ehSched - ok
09:59:27.0486 0x1bb4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:59:27.0517 0x1bb4  elxstor - ok
09:59:27.0549 0x1bb4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:59:27.0564 0x1bb4  ErrDev - ok
09:59:27.0611 0x1bb4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:59:27.0642 0x1bb4  EventSystem - ok
09:59:27.0673 0x1bb4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:59:27.0705 0x1bb4  exfat - ok
09:59:27.0720 0x1bb4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:59:27.0751 0x1bb4  fastfat - ok
09:59:27.0798 0x1bb4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:59:27.0861 0x1bb4  Fax - ok
09:59:27.0861 0x1bb4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:59:27.0876 0x1bb4  fdc - ok
09:59:27.0892 0x1bb4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:59:27.0939 0x1bb4  fdPHost - ok
09:59:27.0954 0x1bb4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:59:27.0985 0x1bb4  FDResPub - ok
09:59:28.0001 0x1bb4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:59:28.0001 0x1bb4  FileInfo - ok
09:59:28.0017 0x1bb4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:59:28.0048 0x1bb4  Filetrace - ok
09:59:28.0048 0x1bb4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:59:28.0063 0x1bb4  flpydisk - ok
09:59:28.0095 0x1bb4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:59:28.0110 0x1bb4  FltMgr - ok
09:59:28.0173 0x1bb4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:59:28.0235 0x1bb4  FontCache - ok
09:59:28.0266 0x1bb4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:59:28.0282 0x1bb4  FontCache3.0.0.0 - ok
09:59:28.0297 0x1bb4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:59:28.0297 0x1bb4  FsDepends - ok
09:59:28.0329 0x1bb4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:59:28.0329 0x1bb4  Fs_Rec - ok
09:59:28.0375 0x1bb4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:59:28.0391 0x1bb4  fvevol - ok
09:59:28.0422 0x1bb4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:59:28.0438 0x1bb4  gagp30kx - ok
09:59:28.0469 0x1bb4  [ D154305DE6090E6E84E525F84BB08A06, 7B235178C3F26043AB7DB9EAD9A2185CEAF3C07BC48D63CA0EB6D56BCFEDF41A ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:59:28.0485 0x1bb4  GameConsoleService - ok
09:59:28.0531 0x1bb4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:59:28.0578 0x1bb4  gpsvc - ok
09:59:28.0641 0x1bb4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:59:28.0656 0x1bb4  gupdate - ok
09:59:28.0672 0x1bb4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:59:28.0687 0x1bb4  gupdatem - ok
09:59:28.0734 0x1bb4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:59:28.0734 0x1bb4  gusvc - ok
09:59:28.0750 0x1bb4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:59:28.0797 0x1bb4  hcw85cir - ok
09:59:28.0828 0x1bb4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:59:28.0843 0x1bb4  HdAudAddService - ok
09:59:28.0859 0x1bb4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:59:28.0890 0x1bb4  HDAudBus - ok
09:59:28.0890 0x1bb4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:59:28.0906 0x1bb4  HidBatt - ok
09:59:28.0921 0x1bb4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:59:28.0937 0x1bb4  HidBth - ok
09:59:28.0953 0x1bb4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:59:28.0968 0x1bb4  HidIr - ok
09:59:28.0984 0x1bb4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
09:59:29.0015 0x1bb4  hidserv - ok
09:59:29.0046 0x1bb4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:59:29.0077 0x1bb4  HidUsb - ok
09:59:29.0124 0x1bb4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:59:29.0155 0x1bb4  hkmsvc - ok
09:59:29.0187 0x1bb4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:59:29.0202 0x1bb4  HomeGroupListener - ok
09:59:29.0233 0x1bb4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:59:29.0249 0x1bb4  HomeGroupProvider - ok
09:59:29.0311 0x1bb4  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:59:29.0327 0x1bb4  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
09:59:31.0729 0x1bb4  Detect skipped due to KSN trusted
09:59:31.0729 0x1bb4  HP Support Assistant Service - ok
09:59:31.0807 0x1bb4  [ 3DC11A802353401332D49C3CBFBBE5FC, E812E8A4ED64FEC346BE6B175CE651CFC553A23F31B0ABC5D50E6995A7F130DF ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:59:31.0807 0x1bb4  HPClientSvc - ok
09:59:31.0901 0x1bb4  [ 97AAC45A375168C6A2297BEEB9692E31, 9C7285988D0C5DE8E3608F4E9F50A5C9398FFD0DA0F4C965C953859001FC76C8 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:59:31.0917 0x1bb4  hpqcxs08 - ok
09:59:31.0932 0x1bb4  [ 19A4FB67B1C97EA18EDFF44340973CD9, F1B6A7C1E450FF9A1D10F315F17D42DFE8390E88FF1AED4DE35237C4B81FC81D ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:59:31.0932 0x1bb4  hpqddsvc - ok
09:59:32.0026 0x1bb4  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
09:59:32.0057 0x1bb4  hpqwmiex - ok
09:59:32.0104 0x1bb4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:59:32.0104 0x1bb4  HpSAMD - ok
09:59:32.0166 0x1bb4  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:59:32.0197 0x1bb4  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
09:59:34.0771 0x1bb4  Detect skipped due to KSN trusted
09:59:34.0771 0x1bb4  HPSLPSVC - ok
09:59:34.0834 0x1bb4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:59:34.0881 0x1bb4  HTTP - ok
09:59:34.0896 0x1bb4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:59:34.0912 0x1bb4  hwpolicy - ok
09:59:34.0943 0x1bb4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:59:34.0959 0x1bb4  i8042prt - ok
09:59:34.0990 0x1bb4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:59:35.0021 0x1bb4  iaStorV - ok
09:59:35.0068 0x1bb4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:59:35.0099 0x1bb4  idsvc - ok
09:59:35.0130 0x1bb4  IEEtwCollectorService - ok
09:59:35.0146 0x1bb4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:59:35.0161 0x1bb4  iirsp - ok
09:59:35.0208 0x1bb4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:59:35.0239 0x1bb4  IKEEXT - ok
09:59:35.0317 0x1bb4  [ 3C4B4EE54FEBB09F7E9F58776DE96DCA, 4E0320281FB9D02A4D8571597D157C0DF2A85CF17D53775D93CF3C54BEC34B24 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:59:35.0380 0x1bb4  IntcAzAudAddService - ok
09:59:35.0411 0x1bb4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:59:35.0427 0x1bb4  intelide - ok
09:59:35.0442 0x1bb4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:59:35.0458 0x1bb4  intelppm - ok
09:59:35.0489 0x1bb4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:59:35.0520 0x1bb4  IPBusEnum - ok
09:59:35.0551 0x1bb4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:35.0567 0x1bb4  IpFilterDriver - ok
09:59:35.0614 0x1bb4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:59:35.0676 0x1bb4  iphlpsvc - ok
09:59:35.0707 0x1bb4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:59:35.0723 0x1bb4  IPMIDRV - ok
09:59:35.0739 0x1bb4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:59:35.0770 0x1bb4  IPNAT - ok
09:59:35.0785 0x1bb4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:59:35.0832 0x1bb4  IRENUM - ok
09:59:35.0848 0x1bb4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:59:35.0863 0x1bb4  isapnp - ok
09:59:35.0879 0x1bb4  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:59:35.0895 0x1bb4  iScsiPrt - ok
09:59:35.0941 0x1bb4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:59:35.0941 0x1bb4  kbdclass - ok
09:59:35.0973 0x1bb4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:59:35.0973 0x1bb4  kbdhid - ok
09:59:35.0988 0x1bb4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
09:59:36.0004 0x1bb4  KeyIso - ok
09:59:36.0035 0x1bb4  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:59:36.0051 0x1bb4  KSecDD - ok
09:59:36.0066 0x1bb4  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:59:36.0082 0x1bb4  KSecPkg - ok
09:59:36.0097 0x1bb4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:59:36.0129 0x1bb4  ksthunk - ok
09:59:36.0160 0x1bb4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:59:36.0191 0x1bb4  KtmRm - ok
09:59:36.0238 0x1bb4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:59:36.0269 0x1bb4  LanmanServer - ok
09:59:36.0316 0x1bb4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:59:36.0347 0x1bb4  LanmanWorkstation - ok
09:59:36.0378 0x1bb4  [ 7550D101BF49FDB1F92666A233EE36C4, 281EE6C9AAE0A3FDA8D0FE7CD6BA55C481B8719799A526601FEA0542345CAF18 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:59:36.0378 0x1bb4  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
09:59:38.0968 0x1bb4  Detect skipped due to KSN trusted
09:59:38.0968 0x1bb4  LightScribeService - ok
09:59:39.0015 0x1bb4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:59:39.0046 0x1bb4  lltdio - ok
09:59:39.0077 0x1bb4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:59:39.0108 0x1bb4  lltdsvc - ok
09:59:39.0124 0x1bb4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:59:39.0155 0x1bb4  lmhosts - ok
09:59:39.0202 0x1bb4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:59:39.0202 0x1bb4  LSI_FC - ok
09:59:39.0217 0x1bb4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:59:39.0233 0x1bb4  LSI_SAS - ok
09:59:39.0249 0x1bb4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:59:39.0249 0x1bb4  LSI_SAS2 - ok
09:59:39.0280 0x1bb4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:59:39.0280 0x1bb4  LSI_SCSI - ok
09:59:39.0311 0x1bb4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:59:39.0342 0x1bb4  luafv - ok
09:59:39.0373 0x1bb4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:59:39.0389 0x1bb4  Mcx2Svc - ok
09:59:39.0405 0x1bb4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:59:39.0405 0x1bb4  megasas - ok
09:59:39.0436 0x1bb4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:59:39.0451 0x1bb4  MegaSR - ok
09:59:39.0467 0x1bb4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:59:39.0498 0x1bb4  MMCSS - ok
09:59:39.0514 0x1bb4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:59:39.0545 0x1bb4  Modem - ok
09:59:39.0561 0x1bb4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:59:39.0576 0x1bb4  monitor - ok
09:59:39.0607 0x1bb4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:59:39.0607 0x1bb4  mouclass - ok
09:59:39.0639 0x1bb4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:59:39.0654 0x1bb4  mouhid - ok
09:59:39.0685 0x1bb4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:59:39.0685 0x1bb4  mountmgr - ok
09:59:39.0701 0x1bb4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:59:39.0717 0x1bb4  mpio - ok
09:59:39.0748 0x1bb4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:59:39.0779 0x1bb4  mpsdrv - ok
09:59:39.0841 0x1bb4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:59:39.0888 0x1bb4  MpsSvc - ok
09:59:39.0919 0x1bb4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:59:39.0951 0x1bb4  MRxDAV - ok
09:59:39.0982 0x1bb4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:40.0013 0x1bb4  mrxsmb - ok
09:59:40.0060 0x1bb4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:40.0075 0x1bb4  mrxsmb10 - ok
09:59:40.0091 0x1bb4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:40.0107 0x1bb4  mrxsmb20 - ok
09:59:40.0138 0x1bb4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:59:40.0138 0x1bb4  msahci - ok
09:59:40.0185 0x1bb4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:59:40.0200 0x1bb4  msdsm - ok
09:59:40.0216 0x1bb4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:59:40.0231 0x1bb4  MSDTC - ok
09:59:40.0247 0x1bb4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:59:40.0278 0x1bb4  Msfs - ok
09:59:40.0294 0x1bb4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:59:40.0325 0x1bb4  mshidkmdf - ok
09:59:40.0341 0x1bb4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:59:40.0341 0x1bb4  msisadrv - ok
09:59:40.0372 0x1bb4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:59:40.0403 0x1bb4  MSiSCSI - ok
09:59:40.0419 0x1bb4  msiserver - ok
09:59:40.0434 0x1bb4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:59:40.0465 0x1bb4  MSKSSRV - ok
09:59:40.0481 0x1bb4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:40.0497 0x1bb4  MSPCLOCK - ok
09:59:40.0512 0x1bb4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:59:40.0543 0x1bb4  MSPQM - ok
09:59:40.0575 0x1bb4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:59:40.0590 0x1bb4  MsRPC - ok
09:59:40.0606 0x1bb4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:59:40.0606 0x1bb4  mssmbios - ok
09:59:40.0621 0x1bb4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:59:40.0668 0x1bb4  MSTEE - ok
09:59:40.0684 0x1bb4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:59:40.0684 0x1bb4  MTConfig - ok
09:59:40.0715 0x1bb4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:59:40.0731 0x1bb4  Mup - ok
09:59:40.0762 0x1bb4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:59:40.0809 0x1bb4  napagent - ok
09:59:40.0824 0x1bb4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:59:40.0871 0x1bb4  NativeWifiP - ok
09:59:40.0918 0x1bb4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:59:40.0949 0x1bb4  NDIS - ok
09:59:40.0965 0x1bb4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:59:40.0996 0x1bb4  NdisCap - ok
09:59:41.0011 0x1bb4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:41.0043 0x1bb4  NdisTapi - ok
09:59:41.0074 0x1bb4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:41.0105 0x1bb4  Ndisuio - ok
09:59:41.0136 0x1bb4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:41.0167 0x1bb4  NdisWan - ok
09:59:41.0199 0x1bb4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:59:41.0214 0x1bb4  NDProxy - ok
09:59:41.0245 0x1bb4  [ DC6530A291D4BDF6DF399F1F128E7F8F, 85123D802063383646EEBC60F4ABBCDBA2AE3180E99A8A99C024B1EBB0C6690E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:59:41.0261 0x1bb4  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
09:59:44.0053 0x1bb4  Detect skipped due to KSN trusted
09:59:44.0053 0x1bb4  Net Driver HPZ12 - ok
09:59:44.0085 0x1bb4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:59:44.0116 0x1bb4  NetBIOS - ok
09:59:44.0147 0x1bb4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:59:44.0178 0x1bb4  NetBT - ok
09:59:44.0178 0x1bb4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
09:59:44.0194 0x1bb4  Netlogon - ok
09:59:44.0225 0x1bb4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:59:44.0272 0x1bb4  Netman - ok
09:59:44.0303 0x1bb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:44.0319 0x1bb4  NetMsmqActivator - ok
09:59:44.0334 0x1bb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:44.0350 0x1bb4  NetPipeActivator - ok
09:59:44.0397 0x1bb4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:59:44.0428 0x1bb4  netprofm - ok
09:59:44.0443 0x1bb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:44.0459 0x1bb4  NetTcpActivator - ok
09:59:44.0459 0x1bb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:59:44.0475 0x1bb4  NetTcpPortSharing - ok
09:59:44.0506 0x1bb4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:59:44.0506 0x1bb4  nfrd960 - ok
09:59:44.0537 0x1bb4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:59:44.0568 0x1bb4  NlaSvc - ok
09:59:44.0631 0x1bb4  [ CD2FE9C33CFD0FE0AF124E05907E5C3D, B7F880EB08F86B87DAE70A42389C768B539C8D70C11E98F1D7816636F6B6403C ] nmservice       C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
09:59:44.0646 0x1bb4  nmservice - ok
09:59:44.0662 0x1bb4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:59:44.0677 0x1bb4  Npfs - ok
09:59:44.0709 0x1bb4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:59:44.0740 0x1bb4  nsi - ok
09:59:44.0740 0x1bb4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:59:44.0771 0x1bb4  nsiproxy - ok
09:59:44.0833 0x1bb4  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:59:44.0880 0x1bb4  Ntfs - ok
09:59:44.0896 0x1bb4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:59:44.0927 0x1bb4  Null - ok
09:59:44.0958 0x1bb4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:59:44.0974 0x1bb4  nvraid - ok
09:59:45.0005 0x1bb4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:59:45.0021 0x1bb4  nvstor - ok
09:59:45.0067 0x1bb4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:59:45.0067 0x1bb4  nv_agp - ok
09:59:45.0083 0x1bb4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:59:45.0099 0x1bb4  ohci1394 - ok
09:59:45.0130 0x1bb4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:45.0145 0x1bb4  ose - ok
09:59:45.0286 0x1bb4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:59:45.0395 0x1bb4  osppsvc - ok
09:59:45.0457 0x1bb4  oyrxjikw - ok
09:59:45.0473 0x1bb4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:59:45.0504 0x1bb4  p2pimsvc - ok
09:59:45.0535 0x1bb4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:59:45.0551 0x1bb4  p2psvc - ok
09:59:45.0582 0x1bb4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:59:45.0598 0x1bb4  Parport - ok
09:59:45.0629 0x1bb4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:59:45.0629 0x1bb4  partmgr - ok
09:59:45.0660 0x1bb4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:59:45.0691 0x1bb4  PcaSvc - ok
09:59:45.0754 0x1bb4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:59:45.0769 0x1bb4  pci - ok
09:59:45.0785 0x1bb4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:59:45.0801 0x1bb4  pciide - ok
09:59:45.0816 0x1bb4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:59:45.0832 0x1bb4  pcmcia - ok
09:59:45.0847 0x1bb4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:59:45.0863 0x1bb4  pcw - ok
09:59:45.0879 0x1bb4  pdfcDispatcher - ok
09:59:45.0910 0x1bb4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:59:45.0957 0x1bb4  PEAUTH - ok
09:59:46.0019 0x1bb4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:59:46.0050 0x1bb4  PerfHost - ok
09:59:46.0113 0x1bb4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:59:46.0175 0x1bb4  pla - ok
09:59:46.0222 0x1bb4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:59:46.0269 0x1bb4  PlugPlay - ok
09:59:46.0315 0x1bb4  [ 71F62C51DFDFBC04C83C5C64B2B8058E, CAB12E6D27BE421BD5A3CB04066EA50303A3210332ECC4B5C03B5F19735FC857 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:59:46.0331 0x1bb4  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
09:59:48.0921 0x1bb4  Detect skipped due to KSN trusted
09:59:48.0921 0x1bb4  Pml Driver HPZ12 - ok
09:59:48.0999 0x1bb4  [ 4FF73A83A25D0EEAD4F5E6C841BB6704, 41C6DD521D163851253B7E50259EC78D52E978B75578C60BC61B3774A12C6FAE ] pnarp           C:\Windows\system32\DRIVERS\pnarp.sys
09:59:48.0999 0x1bb4  pnarp - ok
09:59:49.0014 0x1bb4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:59:49.0030 0x1bb4  PNRPAutoReg - ok
09:59:49.0045 0x1bb4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:59:49.0061 0x1bb4  PNRPsvc - ok
09:59:49.0092 0x1bb4  [ 32D374C60778253B81FA76C2FE19E155, 6BD6B360EAC4F9988921281B52B4B1A29DDD287C6DB18688B4CEA5B1B4F22106 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
09:59:49.0108 0x1bb4  Point64 - ok
09:59:49.0155 0x1bb4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:59:49.0186 0x1bb4  PolicyAgent - ok
09:59:49.0201 0x1bb4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:59:49.0248 0x1bb4  Power - ok
09:59:49.0295 0x1bb4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:59:49.0326 0x1bb4  PptpMiniport - ok
09:59:49.0357 0x1bb4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:59:49.0357 0x1bb4  Processor - ok
09:59:49.0389 0x1bb4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:59:49.0435 0x1bb4  ProfSvc - ok
09:59:49.0435 0x1bb4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:59:49.0451 0x1bb4  ProtectedStorage - ok
09:59:49.0498 0x1bb4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:59:49.0529 0x1bb4  Psched - ok
09:59:49.0576 0x1bb4  [ 9A68A89F10F283A23AFEE2A1BFE4BFFB, 9E29B82EFC9D58DEC56C98057F31AD218B7EB29DEFBE6D3FB55249FE82A4B0D2 ] purendis        C:\Windows\system32\DRIVERS\purendis.sys
09:59:49.0576 0x1bb4  purendis - ok
09:59:49.0638 0x1bb4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:59:49.0685 0x1bb4  ql2300 - ok
09:59:49.0716 0x1bb4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:59:49.0716 0x1bb4  ql40xx - ok
09:59:49.0747 0x1bb4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:59:49.0779 0x1bb4  QWAVE - ok
09:59:49.0794 0x1bb4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:59:49.0825 0x1bb4  QWAVEdrv - ok
09:59:49.0841 0x1bb4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:59:49.0872 0x1bb4  RasAcd - ok
09:59:49.0903 0x1bb4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:59:49.0919 0x1bb4  RasAgileVpn - ok
09:59:49.0935 0x1bb4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:59:49.0981 0x1bb4  RasAuto - ok
09:59:50.0013 0x1bb4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:50.0044 0x1bb4  Rasl2tp - ok
09:59:50.0059 0x1bb4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:59:50.0106 0x1bb4  RasMan - ok
09:59:50.0122 0x1bb4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:50.0153 0x1bb4  RasPppoe - ok
09:59:50.0153 0x1bb4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:59:50.0200 0x1bb4  RasSstp - ok
09:59:50.0231 0x1bb4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:59:50.0262 0x1bb4  rdbss - ok
09:59:50.0278 0x1bb4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:59:50.0293 0x1bb4  rdpbus - ok
09:59:50.0309 0x1bb4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:50.0340 0x1bb4  RDPCDD - ok
09:59:50.0356 0x1bb4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:59:50.0387 0x1bb4  RDPENCDD - ok
09:59:50.0418 0x1bb4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:59:50.0434 0x1bb4  RDPREFMP - ok
09:59:50.0481 0x1bb4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:59:50.0512 0x1bb4  RdpVideoMiniport - ok
09:59:50.0543 0x1bb4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:59:50.0574 0x1bb4  RDPWD - ok
09:59:50.0605 0x1bb4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:59:50.0621 0x1bb4  rdyboost - ok
09:59:50.0652 0x1bb4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:59:50.0683 0x1bb4  RemoteAccess - ok
09:59:50.0715 0x1bb4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:59:50.0746 0x1bb4  RemoteRegistry - ok
09:59:50.0793 0x1bb4  [ C1568E17039B2EC2B73A4F880DDD51E5, B193BA01D3EA9EF8052F2053CB70DC528232F21FECBE78C83E8048A7F90E8951 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
09:59:50.0808 0x1bb4  RoxioNow Service - ok
09:59:50.0824 0x1bb4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:59:50.0871 0x1bb4  RpcEptMapper - ok
09:59:50.0886 0x1bb4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:59:50.0902 0x1bb4  RpcLocator - ok
09:59:50.0949 0x1bb4  [ 61D981CFC6337661F1D9B81A73442E16, 343414DB407E5ABBE2D704571BCC61DD85BF2D3CACDB026046AB2FB2B83EA710 ] RpcSs           C:\Windows\system32\rpcss.dll
09:59:50.0964 0x1bb4  RpcSs - detected UnsignedFile.Multi.Generic ( 1 )
09:59:50.0964 0x1bb4  Object is SCO, delete is not allowed
09:59:50.0964 0x1bb4  RpcSs ( UnsignedFile.Multi.Generic ) - warning
09:59:53.0538 0x1bb4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:59:53.0569 0x1bb4  rspndr - ok
09:59:53.0601 0x1bb4  [ AFC12DFA4C7B089673AD67402CA19EDB, 9CA430E8DFAE9B7A245FCD766CB60245418C80CEBCD2E9FACA9DE62E3E60ADDF ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:59:53.0616 0x1bb4  RTL8167 - ok
09:59:53.0632 0x1bb4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
09:59:53.0632 0x1bb4  SamSs - ok
09:59:53.0694 0x1bb4  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:59:53.0694 0x1bb4  SASDIFSV - ok
09:59:53.0725 0x1bb4  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:59:53.0725 0x1bb4  SASKUTIL - ok
09:59:53.0757 0x1bb4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:59:53.0757 0x1bb4  sbp2port - ok
09:59:53.0788 0x1bb4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:59:53.0835 0x1bb4  SCardSvr - ok
09:59:53.0850 0x1bb4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:59:53.0897 0x1bb4  scfilter - ok
09:59:53.0944 0x1bb4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:59:54.0006 0x1bb4  Schedule - ok
09:59:54.0037 0x1bb4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:59:54.0069 0x1bb4  SCPolicySvc - ok
09:59:54.0069 0x1bb4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:59:54.0131 0x1bb4  SDRSVC - ok
09:59:54.0178 0x1bb4  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:59:54.0193 0x1bb4  SeaPort - ok
09:59:54.0225 0x1bb4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:59:54.0256 0x1bb4  secdrv - ok
09:59:54.0271 0x1bb4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:59:54.0303 0x1bb4  seclogon - ok
09:59:54.0318 0x1bb4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
09:59:54.0349 0x1bb4  SENS - ok
09:59:54.0365 0x1bb4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:59:54.0412 0x1bb4  SensrSvc - ok
09:59:54.0412 0x1bb4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:59:54.0427 0x1bb4  Serenum - ok
09:59:54.0443 0x1bb4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:59:54.0459 0x1bb4  Serial - ok
09:59:54.0490 0x1bb4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:59:54.0521 0x1bb4  sermouse - ok
09:59:54.0552 0x1bb4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:59:54.0583 0x1bb4  SessionEnv - ok
09:59:54.0599 0x1bb4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:59:54.0615 0x1bb4  sffdisk - ok
09:59:54.0630 0x1bb4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:59:54.0661 0x1bb4  sffp_mmc - ok
09:59:54.0677 0x1bb4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:59:54.0693 0x1bb4  sffp_sd - ok
09:59:54.0693 0x1bb4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:59:54.0708 0x1bb4  sfloppy - ok
09:59:54.0755 0x1bb4  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
09:59:54.0771 0x1bb4  Sftfs - ok
09:59:54.0849 0x1bb4  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:59:54.0864 0x1bb4  sftlist - ok
09:59:54.0880 0x1bb4  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:59:54.0895 0x1bb4  Sftplay - ok
09:59:54.0911 0x1bb4  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:59:54.0927 0x1bb4  Sftredir - ok
09:59:54.0927 0x1bb4  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
09:59:54.0942 0x1bb4  Sftvol - ok
09:59:54.0958 0x1bb4  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:59:54.0973 0x1bb4  sftvsa - ok
09:59:55.0005 0x1bb4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:59:55.0036 0x1bb4  SharedAccess - ok
09:59:55.0067 0x1bb4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:59:55.0114 0x1bb4  ShellHWDetection - ok
09:59:55.0129 0x1bb4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:59:55.0145 0x1bb4  SiSRaid2 - ok
09:59:55.0161 0x1bb4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:59:55.0176 0x1bb4  SiSRaid4 - ok
09:59:55.0192 0x1bb4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:59:55.0223 0x1bb4  Smb - ok
09:59:55.0254 0x1bb4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:59:55.0285 0x1bb4  SNMPTRAP - ok
09:59:55.0301 0x1bb4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:59:55.0301 0x1bb4  spldr - ok
09:59:55.0348 0x1bb4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:59:55.0379 0x1bb4  Spooler - ok
09:59:55.0488 0x1bb4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:59:55.0613 0x1bb4  sppsvc - ok
09:59:55.0629 0x1bb4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:59:55.0691 0x1bb4  sppuinotify - ok
09:59:55.0722 0x1bb4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:59:55.0769 0x1bb4  srv - ok
09:59:55.0785 0x1bb4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:59:55.0800 0x1bb4  srv2 - ok
09:59:55.0816 0x1bb4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:59:55.0831 0x1bb4  srvnet - ok
09:59:55.0878 0x1bb4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:59:55.0909 0x1bb4  SSDPSRV - ok
09:59:55.0925 0x1bb4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:59:55.0956 0x1bb4  SstpSvc - ok
09:59:55.0972 0x1bb4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:59:55.0987 0x1bb4  stexstor - ok
09:59:56.0034 0x1bb4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:59:56.0065 0x1bb4  stisvc - ok
09:59:56.0097 0x1bb4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:59:56.0112 0x1bb4  swenum - ok
09:59:56.0128 0x1bb4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:59:56.0190 0x1bb4  swprv - ok
09:59:56.0253 0x1bb4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:59:56.0315 0x1bb4  SysMain - ok
09:59:56.0346 0x1bb4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:59:56.0377 0x1bb4  TabletInputService - ok
09:59:56.0393 0x1bb4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:59:56.0440 0x1bb4  TapiSrv - ok
09:59:56.0455 0x1bb4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:59:56.0487 0x1bb4  TBS - ok
09:59:56.0549 0x1bb4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:59:56.0596 0x1bb4  Tcpip - ok
09:59:56.0658 0x1bb4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:59:56.0705 0x1bb4  TCPIP6 - ok
09:59:56.0736 0x1bb4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:59:56.0752 0x1bb4  tcpipreg - ok
09:59:56.0767 0x1bb4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:59:56.0799 0x1bb4  TDPIPE - ok
09:59:56.0814 0x1bb4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:59:56.0830 0x1bb4  TDTCP - ok
09:59:56.0861 0x1bb4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:59:56.0892 0x1bb4  tdx - ok
09:59:56.0923 0x1bb4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:59:56.0923 0x1bb4  TermDD - ok
09:59:56.0955 0x1bb4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
09:59:57.0001 0x1bb4  TermService - ok
09:59:57.0017 0x1bb4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:59:57.0064 0x1bb4  Themes - ok
09:59:57.0079 0x1bb4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:59:57.0111 0x1bb4  THREADORDER - ok
09:59:57.0126 0x1bb4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:59:57.0157 0x1bb4  TrkWks - ok
09:59:57.0204 0x1bb4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:57.0235 0x1bb4  TrustedInstaller - ok
09:59:57.0267 0x1bb4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:57.0298 0x1bb4  tssecsrv - ok
09:59:57.0329 0x1bb4  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:59:57.0376 0x1bb4  TsUsbFlt - ok
09:59:57.0423 0x1bb4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:59:57.0454 0x1bb4  tunnel - ok
09:59:57.0469 0x1bb4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:59:57.0485 0x1bb4  uagp35 - ok
09:59:57.0532 0x1bb4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:59:57.0563 0x1bb4  udfs - ok
09:59:57.0579 0x1bb4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:59:57.0594 0x1bb4  UI0Detect - ok
09:59:57.0610 0x1bb4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:59:57.0625 0x1bb4  uliagpkx - ok
09:59:57.0672 0x1bb4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
09:59:57.0703 0x1bb4  umbus - ok
09:59:57.0719 0x1bb4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:59:57.0750 0x1bb4  UmPass - ok
09:59:57.0781 0x1bb4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:59:57.0813 0x1bb4  upnphost - ok
09:59:57.0844 0x1bb4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:57.0875 0x1bb4  usbccgp - ok
09:59:57.0906 0x1bb4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:59:57.0922 0x1bb4  usbcir - ok
09:59:57.0937 0x1bb4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:59:57.0953 0x1bb4  usbehci - ok
09:59:57.0969 0x1bb4  [ 2C780746DC44A28FE67004DC58173F05, 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
09:59:57.0969 0x1bb4  usbfilter - ok
09:59:58.0000 0x1bb4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:59:58.0015 0x1bb4  usbhub - ok
09:59:58.0031 0x1bb4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:59:58.0031 0x1bb4  usbohci - ok
09:59:58.0078 0x1bb4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:59:58.0093 0x1bb4  usbprint - ok
09:59:58.0125 0x1bb4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:58.0171 0x1bb4  USBSTOR - ok
09:59:58.0187 0x1bb4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:59:58.0187 0x1bb4  usbuhci - ok
09:59:58.0218 0x1bb4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:59:58.0249 0x1bb4  UxSms - ok
09:59:58.0265 0x1bb4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
09:59:58.0281 0x1bb4  VaultSvc - ok
09:59:58.0296 0x1bb4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:59:58.0312 0x1bb4  vdrvroot - ok
09:59:58.0343 0x1bb4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:59:58.0390 0x1bb4  vds - ok
09:59:58.0405 0x1bb4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:58.0421 0x1bb4  vga - ok
09:59:58.0421 0x1bb4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:59:58.0452 0x1bb4  VgaSave - ok
09:59:58.0499 0x1bb4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:59:58.0515 0x1bb4  vhdmp - ok
09:59:58.0530 0x1bb4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:59:58.0530 0x1bb4  viaide - ok
09:59:58.0546 0x1bb4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:59:58.0561 0x1bb4  volmgr - ok
09:59:58.0593 0x1bb4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:59:58.0608 0x1bb4  volmgrx - ok
09:59:58.0624 0x1bb4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:59:58.0639 0x1bb4  volsnap - ok
09:59:58.0671 0x1bb4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:59:58.0686 0x1bb4  vsmraid - ok
09:59:58.0749 0x1bb4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:59:58.0811 0x1bb4  VSS - ok
09:59:58.0827 0x1bb4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:59:58.0858 0x1bb4  vwifibus - ok
09:59:58.0889 0x1bb4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:59:58.0920 0x1bb4  W32Time - ok
09:59:58.0936 0x1bb4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:59:58.0967 0x1bb4  WacomPen - ok
09:59:58.0983 0x1bb4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:59:59.0014 0x1bb4  WANARP - ok
09:59:59.0014 0x1bb4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:59:59.0045 0x1bb4  Wanarpv6 - ok
09:59:59.0107 0x1bb4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:59:59.0139 0x1bb4  WatAdminSvc - ok
09:59:59.0201 0x1bb4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:59:59.0263 0x1bb4  wbengine - ok
09:59:59.0295 0x1bb4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:59:59.0310 0x1bb4  WbioSrvc - ok
09:59:59.0341 0x1bb4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:59:59.0388 0x1bb4  wcncsvc - ok
09:59:59.0388 0x1bb4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:59.0419 0x1bb4  WcsPlugInService - ok
09:59:59.0435 0x1bb4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:59:59.0451 0x1bb4  Wd - ok
09:59:59.0497 0x1bb4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:59:59.0529 0x1bb4  Wdf01000 - ok
09:59:59.0560 0x1bb4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:59:59.0622 0x1bb4  WdiServiceHost - ok
09:59:59.0622 0x1bb4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:59:59.0653 0x1bb4  WdiSystemHost - ok
09:59:59.0685 0x1bb4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:59:59.0700 0x1bb4  WebClient - ok
09:59:59.0716 0x1bb4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:59:59.0763 0x1bb4  Wecsvc - ok
09:59:59.0778 0x1bb4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:59:59.0809 0x1bb4  wercplsupport - ok
09:59:59.0825 0x1bb4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:59:59.0872 0x1bb4  WerSvc - ok
09:59:59.0919 0x1bb4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:59.0934 0x1bb4  WfpLwf - ok
09:59:59.0950 0x1bb4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:59:59.0965 0x1bb4  WIMMount - ok
09:59:59.0997 0x1bb4  WinDefend - ok
10:00:00.0012 0x1bb4  WinHttpAutoProxySvc - ok
10:00:00.0043 0x1bb4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:00:00.0075 0x1bb4  Winmgmt - ok
10:00:00.0168 0x1bb4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:00:00.0262 0x1bb4  WinRM - ok
10:00:00.0324 0x1bb4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:00:00.0387 0x1bb4  Wlansvc - ok
10:00:00.0480 0x1bb4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:00:00.0527 0x1bb4  wlidsvc - ok
10:00:00.0558 0x1bb4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:00:00.0589 0x1bb4  WmiAcpi - ok
10:00:00.0636 0x1bb4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:00:00.0652 0x1bb4  wmiApSrv - ok
10:00:00.0683 0x1bb4  WMPNetworkSvc - ok
10:00:00.0699 0x1bb4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:00:00.0730 0x1bb4  WPCSvc - ok
10:00:00.0761 0x1bb4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:00:00.0808 0x1bb4  WPDBusEnum - ok
10:00:00.0808 0x1bb4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:00:00.0839 0x1bb4  ws2ifsl - ok
10:00:00.0855 0x1bb4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
10:00:00.0886 0x1bb4  wscsvc - ok
10:00:00.0886 0x1bb4  WSearch - ok
10:00:00.0964 0x1bb4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:00:01.0026 0x1bb4  wuauserv - ok
10:00:01.0057 0x1bb4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:00:01.0104 0x1bb4  WudfPf - ok
10:00:01.0120 0x1bb4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:01.0135 0x1bb4  WUDFRd - ok
10:00:01.0167 0x1bb4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:00:01.0198 0x1bb4  wudfsvc - ok
10:00:01.0229 0x1bb4  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:00:01.0276 0x1bb4  WwanSvc - ok
10:00:01.0291 0x1bb4  ================ Scan global ===============================
10:00:01.0323 0x1bb4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:00:01.0369 0x1bb4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:00:01.0369 0x1bb4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:00:01.0401 0x1bb4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:00:01.0432 0x1bb4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:00:01.0447 0x1bb4  [ Global ] - ok
10:00:01.0447 0x1bb4  ================ Scan MBR ==================================
10:00:01.0463 0x1bb4  [ 0D812BFC127495D869EA359497969CD2 ] \Device\Harddisk0\DR0
10:00:02.0399 0x1bb4  \Device\Harddisk0\DR0 - ok
10:00:02.0399 0x1bb4  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk2\DR2
10:00:02.0586 0x1bb4  \Device\Harddisk2\DR2 - ok
10:00:02.0586 0x1bb4  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk3\DR3
10:00:02.0758 0x1bb4  \Device\Harddisk3\DR3 - ok
10:00:02.0758 0x1bb4  ================ Scan VBR ==================================
10:00:02.0773 0x1bb4  [ 28DDD427DEFA8E55BDCAF33D69B4B1FC ] \Device\Harddisk0\DR0\Partition1
10:00:02.0773 0x1bb4  \Device\Harddisk0\DR0\Partition1 - ok
10:00:02.0789 0x1bb4  [ B186F2EDF7C97679E334B1AE788C23CD ] \Device\Harddisk0\DR0\Partition2
10:00:02.0789 0x1bb4  \Device\Harddisk0\DR0\Partition2 - ok
10:00:02.0836 0x1bb4  [ AA3A051B9E2F79E75CA8B0EA78DEDA9C ] \Device\Harddisk0\DR0\Partition3
10:00:02.0836 0x1bb4  \Device\Harddisk0\DR0\Partition3 - ok
10:00:02.0836 0x1bb4  [ 194F8178399E9E0484652E02A5DD2539 ] \Device\Harddisk2\DR2\Partition1
10:00:02.0836 0x1bb4  \Device\Harddisk2\DR2\Partition1 - ok
10:00:02.0851 0x1bb4  [ 68E23E57465DAFD38F2539510766449A ] \Device\Harddisk3\DR3\Partition1
10:00:02.0851 0x1bb4  \Device\Harddisk3\DR3\Partition1 - ok
10:00:02.0851 0x1bb4  Waiting for KSN requests completion. In queue: 128
10:00:03.0865 0x1bb4  Waiting for KSN requests completion. In queue: 128
10:00:04.0879 0x1bb4  Waiting for KSN requests completion. In queue: 128
10:00:06.0003 0x1bb4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x42000 ( disabled : updated )
10:00:06.0018 0x1bb4  Win FW state via NFP2: enabled
10:00:08.0545 0x1bb4  ============================================================
10:00:08.0545 0x1bb4  Scan finished
10:00:08.0545 0x1bb4  ============================================================
10:00:08.0545 0x1bac  Detected object count: 2
10:00:08.0545 0x1bac  Actual detected object count: 2
10:00:26.0033 0x1bac  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:26.0033 0x1bac  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:00:26.0033 0x1bac  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:26.0033 0x1bac  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#5 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 10:50 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Ron (administrator) on RON-HP on 27-02-2014 10:18:01
Running from C:\Users\Ron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Akamai Technologies, Inc.) C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Akamai Technologies, Inc.) C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
() C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Farbar) C:\Users\Ron\Desktop\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [nmctxth] - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2009-04-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [103864 2012-10-18] ()
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-27] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...\Run: [Driver Support] - C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4680568 2014-02-25] (PC Drivers Headquarters)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Ron\AppData\Local\Temp\stpfysx\ssebbcn\wow.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {E3511525-FBD9-473E-B25D-6E566731A991} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {E3511525-FBD9-473E-B25D-6E566731A991} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.247.24.53 66.189.0.100
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Wallet) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2014-01-13]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-27] (AVAST Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-27] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 oyrxjikw; \??\C:\Windows\system32\drivers\oyrxjikw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-27 15:26 - 2014-02-27 09:58 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Ron\Desktop\TDSSKiller.exe
2014-02-27 10:18 - 2014-02-27 10:18 - 00012360 _____ () C:\Users\Ron\Desktop\FRST.txt
2014-02-27 10:17 - 2014-02-27 10:16 - 02155520 _____ (Farbar) C:\Users\Ron\Desktop\FRST64 (2).exe
2014-02-27 10:15 - 2014-02-27 10:18 - 00000000 ____D () C:\FRST
2014-02-27 09:57 - 2014-02-27 09:57 - 04110135 _____ () C:\Users\Ron\Downloads\tdsskiller (1).zip
2014-02-27 08:31 - 2014-02-27 08:31 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\AVAST Software
2014-02-27 08:30 - 2014-02-27 08:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 08:29 - 2014-02-27 08:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 08:29 - 2014-02-27 08:29 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-27 08:29 - 2014-02-27 08:29 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-27 08:29 - 2014-02-27 08:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-27 08:22 - 2014-02-27 08:22 - 88504776 _____ (AVAST Software) C:\Users\Ron\Desktop\avast_free_antivirus_setup.exe
2014-02-26 12:19 - 2014-02-26 12:19 - 04102163 _____ () C:\Users\Ron\Downloads\tdsskiller.zip
2014-02-26 11:52 - 2014-02-26 15:07 - 00004806 _____ () C:\Users\Ron\Desktop\Rkill.txt
2014-02-26 11:11 - 2014-02-26 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 11:11 - 2014-02-26 11:11 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-26 11:09 - 2014-02-26 11:44 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2014-02-26 11:09 - 2014-02-26 11:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-26 09:37 - 2014-02-27 10:04 - 00000000 ____D () C:\Users\Ron\Desktop\Chesaning Connect
2014-02-24 17:41 - 2014-02-24 17:42 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ron\Downloads\rkill.exe
2014-02-24 12:53 - 2014-02-24 15:35 - 00000000 ____D () C:\Users\Ron\Desktop\RK_Quarantine
2014-02-21 17:29 - 2014-02-21 17:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 17:28 - 2014-02-21 17:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-21 14:56 - 2014-02-27 09:30 - 00000074 _____ () C:\Windows\system32\cdbmd.eno
2014-02-21 14:41 - 2014-02-21 14:41 - 00000064 _____ () C:\Windows\system32\xlmpju.bml
2014-02-21 14:41 - 2014-02-21 14:41 - 00000000 _____ () C:\Windows\system32\rndgo.yjq
2014-02-21 13:45 - 2014-02-21 13:45 - 00228999 ____S () C:\Windows\system32\pytybc.jjw
2014-02-21 13:39 - 2014-02-21 13:39 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-21 13:12 - 2014-02-21 13:12 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 13:01 - 2014-02-21 13:07 - 00000000 ____D () C:\AdwCleaner
2014-02-21 12:16 - 2014-02-26 18:35 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-18 21:09 - 2014-02-18 21:09 - 00860176 _____ (Microsoft Corporation) C:\Users\Ron\Downloads\mssstool32.exe
2014-02-18 20:18 - 2014-02-18 20:18 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Ron\Downloads\RegCureProSetup.exe
2014-02-16 18:11 - 2014-02-24 12:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 22:33 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:33 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:33 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 22:33 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:33 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 22:33 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 22:33 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:33 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 22:33 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 22:33 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:33 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 22:33 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 22:33 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 22:33 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 22:33 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 22:33 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 22:33 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:33 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 22:33 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 22:33 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 22:33 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:33 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 22:33 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 22:33 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:33 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 22:33 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 22:33 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 22:33 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 22:33 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 22:33 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:33 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:33 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 22:33 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 22:33 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 22:33 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:33 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 22:33 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 22:33 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 22:33 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:33 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:33 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 06:53 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 06:53 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 06:53 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 06:53 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 06:53 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 06:53 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 06:52 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 06:52 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 06:52 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 06:52 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 06:52 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 06:52 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 06:52 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:52 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 06:52 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 06:52 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 06:52 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 06:52 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 06:52 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 06:52 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 06:52 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 06:52 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 06:52 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 06:52 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-28 18:26 - 2014-01-28 18:26 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
 
==================== One Month Modified Files and Folders =======
 
2014-02-27 10:18 - 2014-02-27 10:18 - 00012360 _____ () C:\Users\Ron\Desktop\FRST.txt
2014-02-27 10:18 - 2014-02-27 10:15 - 00000000 ____D () C:\FRST
2014-02-27 10:16 - 2014-02-27 10:17 - 02155520 _____ (Farbar) C:\Users\Ron\Desktop\FRST64 (2).exe
2014-02-27 10:11 - 2014-01-13 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 10:04 - 2014-02-26 09:37 - 00000000 ____D () C:\Users\Ron\Desktop\Chesaning Connect
2014-02-27 09:58 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Ron\Desktop\TDSSKiller.exe
2014-02-27 09:58 - 2009-07-14 00:13 - 00787488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-27 09:57 - 2014-02-27 09:57 - 04110135 _____ () C:\Users\Ron\Downloads\tdsskiller (1).zip
2014-02-27 09:57 - 2012-08-17 14:26 - 01205949 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 09:30 - 2014-02-21 14:56 - 00000074 _____ () C:\Windows\system32\cdbmd.eno
2014-02-27 09:28 - 2011-06-12 01:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 08:31 - 2014-02-27 08:31 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\AVAST Software
2014-02-27 08:31 - 2014-02-27 08:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 08:31 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 08:31 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 08:30 - 2014-02-27 08:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 08:29 - 2014-02-27 08:29 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-27 08:29 - 2014-02-27 08:29 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-27 08:29 - 2014-02-27 08:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-27 08:27 - 2011-04-07 15:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-27 08:22 - 2014-02-27 08:22 - 88504776 _____ (AVAST Software) C:\Users\Ron\Desktop\avast_free_antivirus_setup.exe
2014-02-27 08:19 - 2013-05-28 14:56 - 00024098 _____ () C:\Windows\setupact.log
2014-02-27 08:19 - 2011-06-12 01:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 08:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 18:35 - 2014-02-21 12:16 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-26 15:07 - 2014-02-26 11:52 - 00004806 _____ () C:\Users\Ron\Desktop\Rkill.txt
2014-02-26 12:38 - 2013-05-29 10:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-26 12:19 - 2014-02-26 12:19 - 04102163 _____ () C:\Users\Ron\Downloads\tdsskiller.zip
2014-02-26 11:44 - 2014-02-26 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 11:44 - 2014-02-26 11:09 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2014-02-26 11:11 - 2014-02-26 11:11 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-26 11:09 - 2014-02-26 11:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-26 09:59 - 2013-12-16 18:50 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRon
2014-02-26 09:59 - 2013-12-16 18:50 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForRon.job
2014-02-26 01:15 - 2011-04-07 15:14 - 00779610 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 00:43 - 2011-03-19 22:56 - 00000000 ____D () C:\Users\Ron\AppData\Local\CrashDumps
2014-02-25 19:07 - 2010-11-02 16:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-25 18:27 - 2011-04-13 22:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-25 18:09 - 2014-01-13 18:11 - 00000000 ____D () C:\ProgramData\UAB
2014-02-25 18:04 - 2013-05-29 10:23 - 00139918 _____ () C:\Windows\PFRO.log
2014-02-25 08:13 - 2011-10-31 11:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-25 08:13 - 2011-02-14 22:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-25 07:52 - 2011-02-05 16:47 - 00000000 ____D () C:\Users\Ron
2014-02-24 17:42 - 2014-02-24 17:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ron\Downloads\rkill.exe
2014-02-24 15:35 - 2014-02-24 12:53 - 00000000 ____D () C:\Users\Ron\Desktop\RK_Quarantine
2014-02-24 12:28 - 2014-02-16 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 12:27 - 2010-11-02 18:33 - 00285149 ____N () C:\Windows\Minidump\022414-22136-01.dmp
2014-02-22 06:32 - 2011-04-07 08:32 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Sammsoft
2014-02-21 19:22 - 2014-01-13 15:26 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 17:29 - 2014-02-21 17:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 17:29 - 2014-02-21 17:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 14:41 - 2014-02-21 14:41 - 00000064 _____ () C:\Windows\system32\xlmpju.bml
2014-02-21 14:41 - 2014-02-21 14:41 - 00000000 _____ () C:\Windows\system32\rndgo.yjq
2014-02-21 13:45 - 2014-02-21 13:45 - 00228999 ____S () C:\Windows\system32\pytybc.jjw
2014-02-21 13:39 - 2014-02-21 13:39 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-21 13:12 - 2014-02-21 13:12 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 13:12 - 2014-01-13 15:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 13:12 - 2014-01-13 15:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 13:12 - 2014-01-13 15:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 13:07 - 2014-02-21 13:01 - 00000000 ____D () C:\AdwCleaner
2014-02-21 12:27 - 2010-11-02 18:33 - 00285149 ____N () C:\Windows\Minidump\022114-22198-01.dmp
2014-02-19 08:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-18 21:09 - 2014-02-18 21:09 - 00860176 _____ (Microsoft Corporation) C:\Users\Ron\Downloads\mssstool32.exe
2014-02-18 20:18 - 2014-02-18 20:18 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Ron\Downloads\RegCureProSetup.exe
2014-02-16 18:11 - 2010-11-02 18:33 - 00284957 ____N () C:\Windows\Minidump\021614-30841-01.dmp
2014-02-16 07:23 - 2011-06-12 01:40 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 07:23 - 2011-06-12 01:40 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:02 - 2011-02-21 22:22 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 18:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 22:35 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-06 07:16 - 2014-02-12 22:33 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 22:33 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 22:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 22:33 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 22:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 22:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 22:33 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 22:33 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 22:33 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 22:33 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 22:33 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 22:33 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 22:33 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 22:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 22:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 22:33 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 22:33 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 22:33 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 22:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 22:33 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 22:33 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 22:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 22:33 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 22:33 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 22:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 07:49 - 2011-10-18 12:42 - 00000000 ____D () C:\Users\Ron\Documents\Outlook Files
2014-01-29 07:40 - 2012-11-11 08:34 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRON-HP$
2014-01-29 07:40 - 2012-11-11 08:34 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForRON-HP$.job
2014-01-28 18:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-01-28 18:28 - 2010-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-01-28 18:28 - 2010-11-02 16:06 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-28 18:26 - 2014-01-28 18:26 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-28 18:25 - 2010-11-02 16:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-28 18:24 - 2010-06-14 21:07 - 00000000 ____D () C:\swsetup
 
Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih (1).exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih_1.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_1.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_10.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_11.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_2.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_3.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_4.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_5.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_6.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_7.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_8.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_9.exe
C:\Users\Ron\AppData\Local\Temp\Quarantine.exe
C:\Users\Ron\AppData\Local\Temp\sp64126.exe
C:\Users\Ron\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-04-07 15:18] - [2010-11-20 08:27] - 0513024 ____A (Microsoft Corporation) 61D981CFC6337661F1D9B81A73442E16
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-19 17:20
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Ron at 2014-02-27 10:19:01
Running from C:\Users\Ron\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASPCA Reminder by We-Care.com v4.0.19.1 (HKLM-x32\...\{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}) (Version: 4.0.19.1 - We-Care.com)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6000 E609 Series (HKLM\...\{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5138.5002 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9118.2 - Cisco Systems, Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Pure Networks Platform (x32 Version: 11.2.9117.0 - Pure Networks) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com)
Shopping InContext (HKCU\...\{4E002314-9999-4402-9823-1CB9E6098849}_is1) (Version: 3.3 - InContext Solutions, LLC)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Tweaking.com - Advanced System Tweaker (HKLM-x32\...\Tweaking.com - Advanced System Tweaker) (Version: 1.1.1 - Tweaking.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
16-02-2014 22:01:54 Windows Update
20-02-2014 11:27:52 Windows Update
22-02-2014 11:51:03 Windows Update
25-02-2014 13:01:20 Windows Update
25-02-2014 23:17:43 Windows Update
26-02-2014 06:13:05 Windows Update
27-02-2014 13:28:44 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2012-08-17 12:22 - 00443308 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {07B5529A-8DE3-4753-AFE8-A5F8B0EF3980} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-27] (AVAST Software)
Task: {1BA6628F-E944-4722-A5E6-CE9506201731} - \SUPERAntiSpyware Scheduled Task cfab31cf-d3d1-491f-a981-d5758ebe15c7 No Task File
Task: {26BE4324-8016-4913-8FFE-16E89A5EC043} - System32\Tasks\{8ADE4730-B446-47D0-901D-70B16EE1EABB} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2013-11-15] (Microsoft Corporation)
Task: {359A47CF-1473-44DD-885B-E53A1D99BD0E} - System32\Tasks\{25AA3264-F2F9-4419-B162-D374B40DA5FC} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2013-11-15] (Microsoft Corporation)
Task: {37A022A4-190D-4BC7-A650-E3D607CA9572} - System32\Tasks\{EDCF2348-9735-4C4A-A7C1-105A1064B712} => C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
Task: {382426DC-145B-4C5B-9344-6590EEA428F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {44EB39C8-1610-4419-84B6-6B42184DFEE4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {450D90F5-895A-4AFE-8AE1-E669ACEBAB7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {46A2336B-02BE-4C7C-ABC1-CF1F0F01B836} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {4AFEF2ED-1BFA-47AA-88DE-4B0E5FDE60BE} - System32\Tasks\HPCeeScheduleForRON-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4FA81541-FC4A-4630-ADA6-416A6F1247AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-12] (Google Inc.)
Task: {5FB7B17A-2F8C-4C98-9227-1D4290057F83} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {6482264D-6018-4DAF-9458-888D68AC22B0} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {655FDE95-BDA4-4A35-8669-D4E487C71024} - System32\Tasks\{853B9A8D-7A55-4D83-A3E1-ED4DFB84A070} => C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
Task: {681CB843-60B1-4E69-8EB1-F4225BE649C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {90B10CA6-2AD1-4185-A1FA-046047EC418E} - System32\Tasks\Auslogics\BoostSpeed\Integrator\Start On Ron Logon => C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
Task: {930B7A30-5C81-4166-82CA-D3E3F64D2401} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {B15BB27B-2607-4625-AB59-800CDA666021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-12] (Google Inc.)
Task: {DE510950-407F-4571-A363-D82214F739FA} - System32\Tasks\{06A646CE-61AE-4C23-9A09-87BB4156341F} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2013-11-15] (Microsoft Corporation)
Task: {F007B723-ED96-49F6-8A22-701BA1B0E2CC} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-02-25] (PC Drivers Headquarters)
Task: {F0D0CA6A-3B9D-4459-88DC-6EEC4C01689C} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-02-25] (PC Drivers Headquarters)
Task: {F44C2469-E69F-43D8-B60C-38C0EF5CD545} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F562CB55-B8D5-49FE-8F26-AAD029DEBA14} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-02-25] (PC Drivers Headquarters)
Task: {FB9A1AC1-06A4-4D33-931D-008D85DF52C5} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRON-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-09-15 12:31 - 2010-09-15 12:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-12-10 09:17 - 2014-02-25 18:09 - 00428448 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2012-10-18 11:10 - 2012-10-18 11:10 - 00103864 _____ () C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
2009-04-07 15:39 - 2009-04-07 15:39 - 00394752 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-04-07 15:39 - 2009-04-07 15:39 - 00282112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2012-10-18 11:10 - 2012-10-18 11:10 - 00049080 _____ () C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll
2014-02-27 08:29 - 2014-02-21 03:33 - 02181120 _____ () C:\Program Files\AVAST Software\Avast\defs\14022100\algo.dll
2014-02-27 08:32 - 2014-02-27 02:12 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14022700\algo.dll
2014-02-27 08:29 - 2014-02-27 08:29 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38756074.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52451272.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38756074.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52451272.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2014 08:28:56 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary wulfqthg.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/26/2014 09:17:25 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/26/2014 09:00:02 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/26/2014 07:41:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (02/26/2014 00:43:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000811e3
Faulting process id: 0x3e1c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/25/2014 06:56:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000001011e3
Faulting process id: 0xac4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/25/2014 06:29:39 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (02/25/2014 06:28:01 PM) (Source: MsiInstaller) (User: Ron-HP)
Description: Product: Microsoft Office Single Image 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (02/25/2014 06:27:25 PM) (Source: MsiInstaller) (User: Ron-HP)
Description: Product: Microsoft Office Single Image 2010 -- Error 1706. Setup cannot find the required files.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see SETUP.CHM.
 
Error: (02/25/2014 06:19:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000000811e3
Faulting process id: 0x1648
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
 
System errors:
=============
Error: (02/27/2014 08:25:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/27/2014 08:19:42 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (02/27/2014 08:15:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/27/2014 08:09:40 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (02/26/2014 03:15:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147467243
 
Error: (02/26/2014 03:12:08 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (02/26/2014 03:06:08 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.0{A859A914-8F2D-4928-8D73-9F41465AE783}2014-02-26T20:03:50.096Z2147684242Virus:DOS/Rovnix.W5Severe42Virushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/Rovnix.W&threatid=214768424210451%%815UnknownRon-HP\Roncontainerfile:_C:\TDSSKiller_Quarantine\26.02.2014_12.20.34\boot0000\boot0000\tsk0000.dta;file:_C:\TDSSKiller_Quarantine\26.02.2014_12.20.34\boot0000\boot0000\tsk0000.dta->[Obfuscator]1%%8450%%8120%%82203%%8080x800704ecThis program is blocked by group policy. For more information, contact your system administrator. 00No additional actions requiredRon-HP\RonAV: 1.167.633.0, AS: 1.167.633.0, NIS: 110.6.0.0AM: 1.1.10302.0, NIS: 2.1.10302.0
 
Error: (02/26/2014 00:43:46 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JUSTIN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57D6F195-2E53-4917-ACD6-BE11ED4F9A50}.
The master browser is stopping or an election is being forced.
 
Error: (02/26/2014 00:40:51 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (02/26/2014 00:38:45 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.0{37BACE03-9537-4669-8890-A1201DDB7F44}2014-02-26T17:38:33.452Z2147684242Virus:DOS/Rovnix.W5Severe42Virushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/Rovnix.W&threatid=214768424210253%%818C:\Users\Ron\Desktop\TDSSKiller.exeRon-HP\Roncontainerfile:_C:\TDSSKiller_Quarantine\26.02.2014_12.20.34\boot0000\boot0000\tsk0000.dta;file:_C:\TDSSKiller_Quarantine\26.02.2014_12.20.34\boot0000\boot0000\tsk0000.dta->[Obfuscator]1%%8451%%8130%%82201%%8100x800704ecThis program is blocked by group policy. For more information, contact your system administrator. 00No additional actions requiredNT AUTHORITY\SYSTEMAV: 1.167.633.0, AS: 1.167.633.0, NIS: 110.6.0.0AM: 1.1.10302.0, NIS: 2.1.10302.0
 
 
Microsoft Office Sessions:
=========================
Error: (02/27/2014 08:28:56 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary wulfqthg.
 
System Error:
The system cannot find the file specified.
 
Error: (02/26/2014 09:17:25 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/26/2014 09:00:02 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/26/2014 07:41:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (02/26/2014 00:43:11 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000000811e33e1c01cf32b3fe238fe1C:\Windows\Explorer.EXEunknowne0142da4-9ea8-11e3-ae92-6431502dd5d8
 
Error: (02/25/2014 06:56:45 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000001011e3ac401cf3283aabedfedC:\Windows\Explorer.EXEunknown7b138dd9-9e78-11e3-ae92-6431502dd5d8
 
Error: (02/25/2014 06:29:39 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (02/25/2014 06:28:01 PM) (Source: MsiInstaller)(User: Ron-HP)
Description: Microsoft Office Single Image 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (02/25/2014 06:27:25 PM) (Source: MsiInstaller)(User: Ron-HP)
Description: Product: Microsoft Office Single Image 2010 -- Error 1706. Setup cannot find the required files.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see SETUP.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/25/2014 06:19:34 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000000811e3164801cf327e6dc45d97C:\Windows\Explorer.EXEunknown4946b29d-9e73-11e3-ae92-6431502dd5d8
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-29 11:29:14.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-29 11:24:45.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 22:45:44.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 22:25:11.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 21:18:29.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 21:04:03.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 20:36:58.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 19:51:24.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 19:08:40.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-28 19:01:50.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 2815.29 MB
Available physical RAM: 1012.44 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 3705.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:582.8 GB) (Free:513.93 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.27 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (WDO_Media64) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
Drive f: (ICONNECT2) (Removable) (Total:0.98 GB) (Free:0.91 GB) FAT
Drive h: () (Removable) (Total:0.98 GB) (Free:0.84 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 8205A1C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1004 MB) (Disk ID: B661FE9C)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 3 (Size: 1004 MB) (Disk ID: AF5B1792)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 27 February 2014 - 11:02 AM

Hello Joseph,

the detection of Rovnix seems to concern just some remnants in TDSSKiller-quarantine.
But I have seen two other nasty infections in your log. Because one of them involves a patched system file, let's switch gears and work in RE where the malware cannot interfere:



Move FRST from your Desktop to a flash drive.
  • Plug the flashdrive into the infected PC and enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by aharonov, 27 February 2014 - 11:03 AM.


#7 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 12:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by SYSTEM on MININT-297SIEU on 27-02-2014 12:06:12
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [nmctxth] - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2009-04-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [103864 2012-10-18] ()
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-27] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKU\Ron\...\Run: [Akamai NetSession Interface] - C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Ron\...\Run: [Driver Support] - C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4680568 2014-02-25] (PC Drivers Headquarters)
HKU\Ron\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-27] (AVAST Software)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
 
==================== Drivers (Whitelisted) ====================
 
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-27] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 oyrxjikw; \??\C:\Windows\system32\drivers\oyrxjikw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-27 12:26 - 2014-02-27 06:58 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Ron\Desktop\TDSSKiller.exe
2014-02-27 07:19 - 2014-02-27 07:19 - 00048451 _____ () C:\Users\Ron\Desktop\Addition.txt
2014-02-27 07:18 - 2014-02-27 07:19 - 00040257 _____ () C:\Users\Ron\Desktop\FRST.txt
2014-02-27 07:17 - 2014-02-27 07:16 - 02155520 _____ (Farbar) C:\Users\Ron\Desktop\FRST64 (2).exe
2014-02-27 07:15 - 2014-02-27 12:06 - 00000000 ____D () C:\FRST
2014-02-27 06:57 - 2014-02-27 06:57 - 04110135 _____ () C:\Users\Ron\Downloads\tdsskiller (1).zip
2014-02-27 05:31 - 2014-02-27 05:31 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\AVAST Software
2014-02-27 05:30 - 2014-02-27 05:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 05:29 - 2014-02-27 05:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 05:29 - 2014-02-27 05:29 - 01038072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00421704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00334136 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-02-27 05:29 - 2014-02-27 05:29 - 00207904 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00078648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-27 05:29 - 2014-02-27 05:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-27 05:27 - 2014-02-27 05:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-27 05:22 - 2014-02-27 05:22 - 88504776 _____ (AVAST Software) C:\Users\Ron\Desktop\avast_free_antivirus_setup.exe
2014-02-26 09:19 - 2014-02-26 09:19 - 04102163 _____ () C:\Users\Ron\Downloads\tdsskiller.zip
2014-02-26 08:52 - 2014-02-26 12:07 - 00004806 _____ () C:\Users\Ron\Desktop\Rkill.txt
2014-02-26 08:11 - 2014-02-26 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 08:11 - 2014-02-26 08:11 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-02-26 08:09 - 2014-02-26 08:44 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2014-02-26 08:09 - 2014-02-26 08:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-02-26 06:37 - 2014-02-27 07:04 - 00000000 ____D () C:\Users\Ron\Desktop\Chesaning Connect
2014-02-24 14:41 - 2014-02-24 14:42 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ron\Downloads\rkill.exe
2014-02-24 09:53 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\Ron\Desktop\RK_Quarantine
2014-02-21 14:29 - 2014-02-21 14:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 14:28 - 2014-02-21 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 14:28 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-21 11:56 - 2014-02-27 07:33 - 00000074 _____ () C:\Windows\System32\cdbmd.eno
2014-02-21 11:41 - 2014-02-21 11:41 - 00000064 _____ () C:\Windows\System32\xlmpju.bml
2014-02-21 11:41 - 2014-02-21 11:41 - 00000000 _____ () C:\Windows\System32\rndgo.yjq
2014-02-21 10:45 - 2014-02-21 10:45 - 00228999 ____S () C:\Windows\System32\pytybc.jjw
2014-02-21 10:39 - 2014-02-21 10:39 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-21 10:39 - 2014-02-21 10:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2014-02-21 10:39 - 2014-02-21 10:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-21 10:39 - 2014-02-21 10:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-21 10:12 - 2014-02-21 10:12 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 10:01 - 2014-02-21 10:07 - 00000000 ____D () C:\AdwCleaner
2014-02-21 09:16 - 2014-02-26 15:35 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-18 18:09 - 2014-02-18 18:09 - 00860176 _____ (Microsoft Corporation) C:\Users\Ron\Downloads\mssstool32.exe
2014-02-18 17:18 - 2014-02-18 17:18 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Ron\Downloads\RegCureProSetup.exe
2014-02-16 15:11 - 2014-02-24 09:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 19:33 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-12 19:33 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-12 19:33 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-12 19:33 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-12 19:33 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-12 19:33 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-12 19:33 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-12 19:33 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-12 19:33 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-12 19:33 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-12 19:33 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-12 19:33 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-12 19:33 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 19:33 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-12 19:33 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 19:33 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-12 19:33 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-12 19:33 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 19:33 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 19:33 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 19:33 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-12 19:33 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 19:33 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 19:33 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-12 19:33 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 19:33 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 19:33 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 19:33 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 19:33 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 19:33 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-12 19:33 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-12 19:33 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 19:33 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 19:33 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 19:33 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-12 19:33 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 19:33 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-12 19:33 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 19:33 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 19:33 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-12 19:33 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:53 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 03:53 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-12 03:53 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-12 03:53 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-12 03:53 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 03:53 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 03:52 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 03:52 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-12 03:52 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-12 03:52 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-12 03:52 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-12 03:52 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-12 03:52 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-12 03:52 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-12 03:52 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-12 03:52 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-12 03:52 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-12 03:52 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 03:52 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 03:52 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 03:52 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 03:52 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 03:52 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 03:52 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 03:52 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 03:52 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 03:52 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 03:52 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-01-28 15:26 - 2014-01-28 15:26 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
 
==================== One Month Modified Files and Folders =======
 
2014-02-27 12:06 - 2014-02-27 07:15 - 00000000 ____D () C:\FRST
2014-02-27 08:57 - 2013-05-29 07:23 - 00140252 _____ () C:\Windows\PFRO.log
2014-02-27 08:57 - 2013-05-28 11:56 - 00024154 _____ () C:\Windows\setupact.log
2014-02-27 08:57 - 2011-06-11 22:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 08:57 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 08:55 - 2012-08-17 11:26 - 01207005 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 08:28 - 2011-06-11 22:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 08:11 - 2014-01-13 12:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 07:33 - 2014-02-21 11:56 - 00000074 _____ () C:\Windows\System32\cdbmd.eno
2014-02-27 07:19 - 2014-02-27 07:19 - 00048451 _____ () C:\Users\Ron\Desktop\Addition.txt
2014-02-27 07:19 - 2014-02-27 07:18 - 00040257 _____ () C:\Users\Ron\Desktop\FRST.txt
2014-02-27 07:16 - 2014-02-27 07:17 - 02155520 _____ (Farbar) C:\Users\Ron\Desktop\FRST64 (2).exe
2014-02-27 07:04 - 2014-02-26 06:37 - 00000000 ____D () C:\Users\Ron\Desktop\Chesaning Connect
2014-02-27 06:58 - 2014-02-27 12:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Ron\Desktop\TDSSKiller.exe
2014-02-27 06:58 - 2009-07-13 21:13 - 00787488 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-27 06:57 - 2014-02-27 06:57 - 04110135 _____ () C:\Users\Ron\Downloads\tdsskiller (1).zip
2014-02-27 05:31 - 2014-02-27 05:31 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\AVAST Software
2014-02-27 05:31 - 2014-02-27 05:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 05:31 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 05:31 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 05:30 - 2014-02-27 05:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 05:29 - 2014-02-27 05:29 - 01038072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00421704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00334136 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-02-27 05:29 - 2014-02-27 05:29 - 00207904 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00078648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-02-27 05:29 - 2014-02-27 05:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-27 05:29 - 2014-02-27 05:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-27 05:27 - 2014-02-27 05:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-27 05:27 - 2011-04-07 12:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-27 05:22 - 2014-02-27 05:22 - 88504776 _____ (AVAST Software) C:\Users\Ron\Desktop\avast_free_antivirus_setup.exe
2014-02-26 15:35 - 2014-02-21 09:16 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-26 12:07 - 2014-02-26 08:52 - 00004806 _____ () C:\Users\Ron\Desktop\Rkill.txt
2014-02-26 09:38 - 2013-05-29 07:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-26 09:19 - 2014-02-26 09:19 - 04102163 _____ () C:\Users\Ron\Downloads\tdsskiller.zip
2014-02-26 08:44 - 2014-02-26 08:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 08:44 - 2014-02-26 08:09 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2014-02-26 08:11 - 2014-02-26 08:11 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-02-26 08:09 - 2014-02-26 08:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-02-26 06:59 - 2013-12-16 15:50 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRon
2014-02-26 06:59 - 2013-12-16 15:50 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForRon.job
2014-02-25 22:15 - 2011-04-07 12:14 - 00779610 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 21:43 - 2011-03-19 19:56 - 00000000 ____D () C:\Users\Ron\AppData\Local\CrashDumps
2014-02-25 16:07 - 2010-11-02 13:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-25 15:27 - 2011-04-13 19:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-25 15:09 - 2014-01-13 15:11 - 00000000 ____D () C:\ProgramData\UAB
2014-02-25 05:13 - 2011-10-31 08:18 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-25 05:13 - 2011-02-14 19:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-25 04:52 - 2011-02-05 13:47 - 00000000 ____D () C:\users\Ron
2014-02-24 14:42 - 2014-02-24 14:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ron\Downloads\rkill.exe
2014-02-24 12:35 - 2014-02-24 09:53 - 00000000 ____D () C:\Users\Ron\Desktop\RK_Quarantine
2014-02-24 09:28 - 2014-02-16 15:11 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 09:27 - 2010-11-02 15:33 - 00285149 ____N () C:\Windows\Minidump\022414-22136-01.dmp
2014-02-22 03:32 - 2011-04-07 05:32 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Sammsoft
2014-02-21 16:22 - 2014-01-13 12:26 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 14:29 - 2014-02-21 14:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 14:29 - 2014-02-21 14:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 11:41 - 2014-02-21 11:41 - 00000064 _____ () C:\Windows\System32\xlmpju.bml
2014-02-21 11:41 - 2014-02-21 11:41 - 00000000 _____ () C:\Windows\System32\rndgo.yjq
2014-02-21 10:45 - 2014-02-21 10:45 - 00228999 ____S () C:\Windows\System32\pytybc.jjw
2014-02-21 10:39 - 2014-02-21 10:39 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-21 10:39 - 2014-02-21 10:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2014-02-21 10:39 - 2014-02-21 10:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-21 10:39 - 2014-02-21 10:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-21 10:12 - 2014-02-21 10:12 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 10:12 - 2014-01-13 12:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:12 - 2014-01-13 12:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 10:12 - 2014-01-13 12:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 10:07 - 2014-02-21 10:01 - 00000000 ____D () C:\AdwCleaner
2014-02-21 09:27 - 2010-11-02 15:33 - 00285149 ____N () C:\Windows\Minidump\022114-22198-01.dmp
2014-02-19 05:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-18 18:09 - 2014-02-18 18:09 - 00860176 _____ (Microsoft Corporation) C:\Users\Ron\Downloads\mssstool32.exe
2014-02-18 17:18 - 2014-02-18 17:18 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Ron\Downloads\RegCureProSetup.exe
2014-02-16 15:11 - 2010-11-02 15:33 - 00284957 ____N () C:\Windows\Minidump\021614-30841-01.dmp
2014-02-16 04:23 - 2011-06-11 22:40 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 04:23 - 2011-06-11 22:40 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 00:06 - 2013-08-14 23:01 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-16 00:02 - 2011-02-21 19:22 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-13 15:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 19:35 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-06 04:16 - 2014-02-12 19:33 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 19:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 19:33 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 19:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 19:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 19:33 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 19:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 19:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 02:49 - 2014-02-12 19:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 19:33 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 19:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 19:33 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 19:33 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 19:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-06 02:11 - 2014-02-12 19:33 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 19:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 19:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 19:33 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 19:33 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 19:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 19:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 19:33 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 19:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 19:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 19:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 19:33 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-12 19:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-12 19:33 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-06 01:22 - 2014-02-12 19:33 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 19:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 19:33 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 19:33 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 19:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 19:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 19:33 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 19:33 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 19:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 04:49 - 2011-10-18 09:42 - 00000000 ____D () C:\Users\Ron\Documents\Outlook Files
2014-01-29 04:40 - 2012-11-11 05:34 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRON-HP$
2014-01-29 04:40 - 2012-11-11 05:34 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForRON-HP$.job
2014-01-28 15:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-01-28 15:28 - 2010-11-02 13:07 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-01-28 15:28 - 2010-11-02 13:06 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-28 15:26 - 2014-01-28 15:26 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-28 15:25 - 2010-11-02 13:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-28 15:24 - 2010-06-14 18:07 - 00000000 ____D () C:\swsetup
 
Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\Temp\6js4dbvv.dll
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih (1).exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih_1.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_1.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_10.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_11.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_2.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_3.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_4.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_5.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_6.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_7.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_8.exe
C:\Users\Ron\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih_9.exe
C:\Users\Ron\AppData\Local\Temp\Quarantine.exe
C:\Users\Ron\AppData\Local\Temp\sp64126.exe
C:\Users\Ron\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-04-07 12:18] - [2010-11-20 05:27] - 0513024 ____A (Microsoft Corporation) 61D981CFC6337661F1D9B81A73442E16
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-02-16 14:02:16
Restore point made on: 2014-02-20 03:28:17
Restore point made on: 2014-02-22 03:51:39
Restore point made on: 2014-02-25 05:02:48
Restore point made on: 2014-02-25 15:19:49
Restore point made on: 2014-02-25 22:13:37
Restore point made on: 2014-02-27 05:29:07
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 2815.29 MB
Available physical RAM: 2049.85 MB
Total Pagefile: 2813.43 MB
Available Pagefile: 2023.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:582.8 GB) (Free:514.06 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:13.27 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (ICONNECT2) (Removable) (Total:0.98 GB) (Free:0.91 GB) FAT
Drive h: () (Removable) (Total:0.98 GB) (Free:0.84 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 8205A1C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1004 MB) (Disk ID: AF5B1792)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 1004 MB) (Disk ID: B661FE9C)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-02-19 14:20
 
==================== End Of Log ============================
 
Thanks again, Aharonov


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 27 February 2014 - 12:11 PM

Well done.
Now we first have to search for a clean replacement file before we can attack the malware:


Start your computer in the System Recovery Options again and open FRST.
  • Write the following text into the Search: textbox:
    rpcss.dll;wow.dll
  • Click on the Search File(s) button.
  • When the search is finished a log file (Search.txt) is save on your flash drive.
    Copy and paste it in your next reply.


#9 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 12:31 PM

Thank you, Aharonov
 
Here are the search results
 
Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by SYSTEM at 2014-02-27 12:17:46
Running from I:\
Boot Mode: Recovery
 
================== Search: "rpcss.dll;wow.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-04-07 12:18] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
C:\Windows\System32\rpcss.dll
[2011-04-07 12:18] - [2010-11-20 05:27] - 0513024 ____A (Microsoft Corporation) 61D981CFC6337661F1D9B81A73442E16
 
C:\Windows\ERDNT\cache64\rpcss.dll
[2012-08-17 09:17] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Users\Ron\AppData\Local\Temp\stpfysx\ssebbcn\wow.dll
[2013-10-10 18:29] - [2013-10-10 18:29] - 0048640 ___SH () 6CFD3AD812B95B69EE05A39AB432D8EB
 
X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
X:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
====== End Of Search ======


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 27 February 2014 - 12:46 PM

Great! Now we can go after the malware.


Step 1

Please download this attached Attached File  fixlist.txt   658bytes   3 downloads and save it on the same flash drive as FRST.

  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Boot your computer in normal mode and move FRST back from the flash drive to the Desktop.
Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 01:01 PM

Okay here are the logs
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by SYSTEM at 2014-02-27 12:50:05 Run:1
Running from I:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
2014-02-21 11:41 - 2014-02-21 11:41 - 00000064 _____ () C:\Windows\System32\xlmpju.bml
2014-02-21 11:41 - 2014-02-21 11:41 - 00000000 _____ () C:\Windows\System32\rndgo.yjq
2014-02-21 10:45 - 2014-02-21 10:45 - 00228999 ____S () C:\Windows\System32\pytybc.jjw
2014-02-27 07:33 - 2014-02-21 11:56 - 00000074 _____ () C:\Windows\System32\cdbmd.eno
C:\Users\Ron\AppData\Local\Temp\stpfysx
C:\TDSSKiller_Quarantine
C:\Users\Ron\AppData\Local\Temp\*.dll
C:\Users\Ron\AppData\Local\Temp\*.exe
*****************
 
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
C:\Windows\System32\xlmpju.bml => Moved successfully.
C:\Windows\System32\rndgo.yjq => Moved successfully.
C:\Windows\System32\pytybc.jjw => Moved successfully.
C:\Windows\System32\cdbmd.eno => Moved successfully.
C:\Users\Ron\AppData\Local\Temp\stpfysx => Moved successfully.
C:\TDSSKiller_Quarantine => Moved successfully.
C:\Users\Ron\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Ron\AppData\Local\Temp\*.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Ron (administrator) on RON-HP on 27-02-2014 12:54:28
Running from C:\Users\Ron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Akamai Technologies, Inc.) C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Akamai Technologies, Inc.) C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [nmctxth] - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2009-04-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\Ron\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [103864 2012-10-18] ()
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-27] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Ron\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...\Run: [Driver Support] - C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4680568 2014-02-25] (PC Drivers Headquarters)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1019108432-3678605218-91476750-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Ron\AppData\Local\Temp\stpfysx\ssebbcn\wow.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {E3511525-FBD9-473E-B25D-6E566731A991} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {E3511525-FBD9-473E-B25D-6E566731A991} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.247.24.53 66.189.0.100
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Wallet) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2014-01-13]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-27] (AVAST Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-27] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 oyrxjikw; \??\C:\Windows\system32\drivers\oyrxjikw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-27 15:26 - 2014-02-27 09:58 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Ron\Desktop\TDSSKiller.exe
2014-02-27 12:53 - 2014-02-27 10:16 - 02155520 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2014-02-27 10:19 - 2014-02-27 10:19 - 00048451 _____ () C:\Users\Ron\Desktop\Addition.txt
2014-02-27 10:18 - 2014-02-27 12:54 - 00011982 _____ () C:\Users\Ron\Desktop\FRST.txt
2014-02-27 10:15 - 2014-02-27 12:54 - 00000000 ____D () C:\FRST
2014-02-27 09:57 - 2014-02-27 09:57 - 04110135 _____ () C:\Users\Ron\Downloads\tdsskiller (1).zip
2014-02-27 08:31 - 2014-02-27 08:31 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\AVAST Software
2014-02-27 08:30 - 2014-02-27 08:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 08:29 - 2014-02-27 08:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 08:29 - 2014-02-27 08:29 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-27 08:29 - 2014-02-27 08:29 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-27 08:29 - 2014-02-27 08:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-27 08:22 - 2014-02-27 08:22 - 88504776 _____ (AVAST Software) C:\Users\Ron\Desktop\avast_free_antivirus_setup.exe
2014-02-26 12:19 - 2014-02-26 12:19 - 04102163 _____ () C:\Users\Ron\Downloads\tdsskiller.zip
2014-02-26 11:52 - 2014-02-26 15:07 - 00004806 _____ () C:\Users\Ron\Desktop\Rkill.txt
2014-02-26 11:11 - 2014-02-26 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 11:11 - 2014-02-26 11:11 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-26 11:09 - 2014-02-26 11:44 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2014-02-26 11:09 - 2014-02-26 11:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-26 09:37 - 2014-02-27 10:04 - 00000000 ____D () C:\Users\Ron\Desktop\Chesaning Connect
2014-02-24 17:41 - 2014-02-24 17:42 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ron\Downloads\rkill.exe
2014-02-24 12:53 - 2014-02-24 15:35 - 00000000 ____D () C:\Users\Ron\Desktop\RK_Quarantine
2014-02-21 17:29 - 2014-02-21 17:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 17:28 - 2014-02-21 17:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-21 13:39 - 2014-02-21 13:39 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-21 13:12 - 2014-02-21 13:12 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 13:01 - 2014-02-21 13:07 - 00000000 ____D () C:\AdwCleaner
2014-02-21 12:16 - 2014-02-26 18:35 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-18 21:09 - 2014-02-18 21:09 - 00860176 _____ (Microsoft Corporation) C:\Users\Ron\Downloads\mssstool32.exe
2014-02-18 20:18 - 2014-02-18 20:18 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Ron\Downloads\RegCureProSetup.exe
2014-02-16 18:11 - 2014-02-24 12:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 22:33 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:33 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:33 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 22:33 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:33 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 22:33 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 22:33 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:33 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 22:33 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 22:33 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:33 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 22:33 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 22:33 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 22:33 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 22:33 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 22:33 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 22:33 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:33 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 22:33 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 22:33 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 22:33 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:33 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 22:33 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 22:33 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:33 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 22:33 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 22:33 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 22:33 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 22:33 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 22:33 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:33 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:33 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 22:33 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 22:33 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 22:33 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:33 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 22:33 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 22:33 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 22:33 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:33 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:33 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 06:53 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 06:53 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 06:53 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 06:53 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 06:53 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 06:53 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 06:52 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 06:52 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 06:52 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 06:52 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 06:52 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 06:52 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 06:52 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 06:52 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 06:52 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 06:52 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 06:52 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 06:52 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 06:52 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 06:52 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 06:52 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 06:52 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 06:52 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 06:52 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 06:52 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-28 18:26 - 2014-01-28 18:26 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
 
==================== One Month Modified Files and Folders =======
 
2014-02-27 12:57 - 2014-02-27 10:18 - 00011982 _____ () C:\Users\Ron\Desktop\FRST.txt
2014-02-27 12:54 - 2014-02-27 10:15 - 00000000 ____D () C:\FRST
2014-02-27 12:51 - 2013-05-28 14:56 - 00024266 _____ () C:\Windows\setupact.log
2014-02-27 12:51 - 2011-06-12 01:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 12:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 12:13 - 2012-08-17 14:26 - 01209167 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 12:13 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 12:13 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 12:11 - 2014-01-13 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 11:57 - 2013-05-29 10:23 - 00140252 _____ () C:\Windows\PFRO.log
2014-02-27 11:28 - 2011-06-12 01:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 10:19 - 2014-02-27 10:19 - 00048451 _____ () C:\Users\Ron\Desktop\Addition.txt
2014-02-27 10:16 - 2014-02-27 12:53 - 02155520 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2014-02-27 10:04 - 2014-02-26 09:37 - 00000000 ____D () C:\Users\Ron\Desktop\Chesaning Connect
2014-02-27 09:58 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Ron\Desktop\TDSSKiller.exe
2014-02-27 09:58 - 2009-07-14 00:13 - 00787488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-27 09:57 - 2014-02-27 09:57 - 04110135 _____ () C:\Users\Ron\Downloads\tdsskiller (1).zip
2014-02-27 08:31 - 2014-02-27 08:31 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\AVAST Software
2014-02-27 08:31 - 2014-02-27 08:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 08:30 - 2014-02-27 08:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 08:29 - 2014-02-27 08:29 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-27 08:29 - 2014-02-27 08:29 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-27 08:29 - 2014-02-27 08:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-27 08:29 - 2014-02-27 08:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-27 08:27 - 2011-04-07 15:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-27 08:22 - 2014-02-27 08:22 - 88504776 _____ (AVAST Software) C:\Users\Ron\Desktop\avast_free_antivirus_setup.exe
2014-02-26 18:35 - 2014-02-21 12:16 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-02-26 15:07 - 2014-02-26 11:52 - 00004806 _____ () C:\Users\Ron\Desktop\Rkill.txt
2014-02-26 12:19 - 2014-02-26 12:19 - 04102163 _____ () C:\Users\Ron\Downloads\tdsskiller.zip
2014-02-26 11:44 - 2014-02-26 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-26 11:44 - 2014-02-26 11:09 - 00000000 ____D () C:\Users\Ron\Desktop\mbar
2014-02-26 11:11 - 2014-02-26 11:11 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-26 11:09 - 2014-02-26 11:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-26 09:59 - 2013-12-16 18:50 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRon
2014-02-26 09:59 - 2013-12-16 18:50 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForRon.job
2014-02-26 01:15 - 2011-04-07 15:14 - 00779610 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 00:43 - 2011-03-19 22:56 - 00000000 ____D () C:\Users\Ron\AppData\Local\CrashDumps
2014-02-25 19:07 - 2010-11-02 16:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-25 18:27 - 2011-04-13 22:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-25 18:09 - 2014-01-13 18:11 - 00000000 ____D () C:\ProgramData\UAB
2014-02-25 08:13 - 2011-10-31 11:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-25 08:13 - 2011-02-14 22:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-25 07:52 - 2011-02-05 16:47 - 00000000 ____D () C:\Users\Ron
2014-02-24 17:42 - 2014-02-24 17:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ron\Downloads\rkill.exe
2014-02-24 15:35 - 2014-02-24 12:53 - 00000000 ____D () C:\Users\Ron\Desktop\RK_Quarantine
2014-02-24 12:28 - 2014-02-16 18:11 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 12:27 - 2010-11-02 18:33 - 00285149 ____N () C:\Windows\Minidump\022414-22136-01.dmp
2014-02-22 06:32 - 2011-04-07 08:32 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Sammsoft
2014-02-21 19:22 - 2014-01-13 15:26 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 17:29 - 2014-02-21 17:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 17:29 - 2014-02-21 17:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 13:39 - 2014-02-21 13:39 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-21 13:39 - 2014-02-21 13:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-21 13:12 - 2014-02-21 13:12 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 13:12 - 2014-01-13 15:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 13:12 - 2014-01-13 15:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 13:12 - 2014-01-13 15:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 13:07 - 2014-02-21 13:01 - 00000000 ____D () C:\AdwCleaner
2014-02-21 12:27 - 2010-11-02 18:33 - 00285149 ____N () C:\Windows\Minidump\022114-22198-01.dmp
2014-02-19 08:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-18 21:09 - 2014-02-18 21:09 - 00860176 _____ (Microsoft Corporation) C:\Users\Ron\Downloads\mssstool32.exe
2014-02-18 20:18 - 2014-02-18 20:18 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Ron\Downloads\RegCureProSetup.exe
2014-02-16 18:11 - 2010-11-02 18:33 - 00284957 ____N () C:\Windows\Minidump\021614-30841-01.dmp
2014-02-16 07:23 - 2011-06-12 01:40 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 07:23 - 2011-06-12 01:40 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:02 - 2011-02-21 22:22 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 18:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 22:35 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-06 07:16 - 2014-02-12 22:33 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 22:33 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 22:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 22:33 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 22:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 22:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 22:33 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 22:33 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 22:33 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 22:33 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 22:33 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 22:33 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 22:33 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 22:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 22:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 22:33 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 22:33 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 22:33 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 22:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 22:33 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 22:33 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 22:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 22:33 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 22:33 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 22:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 07:49 - 2011-10-18 12:42 - 00000000 ____D () C:\Users\Ron\Documents\Outlook Files
2014-01-29 07:40 - 2012-11-11 08:34 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRON-HP$
2014-01-29 07:40 - 2012-11-11 08:34 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForRON-HP$.job
2014-01-28 18:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-01-28 18:28 - 2010-11-02 16:07 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-01-28 18:28 - 2010-11-02 16:06 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-28 18:26 - 2014-01-28 18:26 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-28 18:25 - 2010-11-02 16:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-28 18:24 - 2010-06-14 21:07 - 00000000 ____D () C:\swsetup
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-19 17:20
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 27 February 2014 - 01:24 PM

This worked well!
How is your computer running now? Do you still get warnings on Rovnix or other malware?


Step 1

Please download this attached Attached File  fixlist.txt   949bytes   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#13 JosephSchiavone

JosephSchiavone
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 February 2014 - 03:19 PM

Here are the log files.  ESET Online Scanner says if found 10 infected files.  Not sure if any are false/positive.

thank you for your time and help.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by SYSTEM at 2014-02-27 12:50:05 Run:1
Running from I:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
2014-02-21 11:41 - 2014-02-21 11:41 - 00000064 _____ () C:\Windows\System32\xlmpju.bml
2014-02-21 11:41 - 2014-02-21 11:41 - 00000000 _____ () C:\Windows\System32\rndgo.yjq
2014-02-21 10:45 - 2014-02-21 10:45 - 00228999 ____S () C:\Windows\System32\pytybc.jjw
2014-02-27 07:33 - 2014-02-21 11:56 - 00000074 _____ () C:\Windows\System32\cdbmd.eno
C:\Users\Ron\AppData\Local\Temp\stpfysx
C:\TDSSKiller_Quarantine
C:\Users\Ron\AppData\Local\Temp\*.dll
C:\Users\Ron\AppData\Local\Temp\*.exe
*****************
 
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
C:\Windows\System32\xlmpju.bml => Moved successfully.
C:\Windows\System32\rndgo.yjq => Moved successfully.
C:\Windows\System32\pytybc.jjw => Moved successfully.
C:\Windows\System32\cdbmd.eno => Moved successfully.
C:\Users\Ron\AppData\Local\Temp\stpfysx => Moved successfully.
C:\TDSSKiller_Quarantine => Moved successfully.
C:\Users\Ron\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Ron\AppData\Local\Temp\*.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a0b63917241a5a41a3d9120795ee83b1
# engine=17253
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-27 08:12:55
# local_time=2014-02-27 03:12:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 145075425 0 0
# scanned=405525
# found=10
# cleaned=0
# scan_time=5296
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=A4F319312C51671C3A95C478B1006769263996A9 ft=1 fh=886ae4ceae92d42e vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ron\AppData\Roaming\OpenCandy\78D98B7A2D074F5384B98C3E4B0FA516\OCBrowserHelper_1.0.3.85.dll.vir"
sh=D6402DAF3D2FE8F96E92A14146C3CBAB7DF3A24C ft=1 fh=6a96c92b3025fd68 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ron\AppData\Roaming\OpenCandy\78D98B7A2D074F5384B98C3E4B0FA516\WeCare_ASPCA_ALL_p27v2.exe.vir"
sh=5FE2DB8B53C90034817AAF83DDA24D6785AC01D0 ft=1 fh=7228598688a1899c vn="Win64/Wowlik.D trojan" ac=I fn="C:\FRST\Quarantine\stpfysx27-02-2014_12-50-05\ssebbcn\wow.dll"
sh=870D8FC7E352D0F6F2C1182F37F9BA53341D43CC ft=1 fh=4263d90ecb301524 vn="a variant of Win32/DomaIQ.BA potentially unwanted application" ac=I fn="C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH224K56\Setup[1].exe"
sh=69884596001012661B00559578FB5623AD91A066 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.GC trojan" ac=I fn="C:\Users\Ron\AppData\Local\Temp\jar_cache5907218888783643424.tmp"
sh=C6E608DBE5D321F19E2C65217D62180F19668CAD ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.GA trojan" ac=I fn="C:\Users\Ron\AppData\Local\Temp\jar_cache8784894056073043610.tmp"
sh=AB66C7EEC1FF281991B236ED86CA828F99850FBC ft=1 fh=a248b5f23978a4be vn="multiple threats" ac=I fn="C:\Users\Ron\Downloads\PCSpeedMaximizer.exe"
sh=373AD1485924193C6AAEC83293DC4D41FBBB5B03 ft=1 fh=efca26f8c77d3d10 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI471F.tmp"
 


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 27 February 2014 - 04:04 PM

The ESET log is looking good!
These are not false positives but none of them are active malware. The first 5 are already in quarantine. Then there are 3 files that are just remnants in temporary files and java cache and 2 installers that are bundled with adware. You can delete PCSpeedMaximizer.exe but there is no further action necessary.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Java™ 6 Update 29




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 12 March 2014 - 12:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users