Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post JS removal access denied and no IE


  • This topic is locked This topic is locked
15 replies to this topic

#1 punkieys17

punkieys17

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 23 March 2014 - 05:14 PM

Got infected with JS you bar.com and followed the excellent bleeping computer instructions on how to remove (symptoms were pop-ups in internet explorer and very slow start up). Even at the Hitman pro stage it found 4 viruses. Unfortunately a side effect has been I can no longer access internet explorer (clicking on it gets no reaction and I have lost permission to access functions such as control panel/my computer or any other of the sidebar options on the start menu. PC is a Dell Inspiron laptop running win 7. Any help greatly appreciated as its my son PC that he keeps managing to infect ..... Originally posted in Win7 forum and advised to transfer to this forum.

DDS file below

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Others at 22:05:32 on 2014-03-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3037.1544 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files (x86)\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyServer = 13.37.13.37:1337
uSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ͬ²½Ò»¼ü°²×°Ö§³Ö: {F72C8153-7140-4FEE-8F69-CA4579D71195} - C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: {950DD287-7C12-4D2B-8A9A-729AB0553E65} - <orphaned>
EB: <No Name>: {cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} - LocalServer32 - <no file>
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5}\054616E456470284F6473507F647 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5}\140545023556276796365637 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5}\244584572643D293836335 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5}\342514E4C454947484F575C414E413 : DHCPNameServer = 172.16.1.5 172.16.1.4
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5}\342514E4C454947484F575C414E423 : DHCPNameServer = 172.16.1.5 172.16.1.4
TCP: Interfaces\{07428A0B-9022-476A-B03F-0B57BFB89BB5}\B69616C61613 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E784336B-5763-4674-B270-EEC5BC4D4847} : DHCPNameServer = 172.20.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: MCPClient - C:\PROGRA~2\COMMON~1\Stardock\mcpstub.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~2\COMMON~1\Stardock\MCPCore.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SearchNewTab: {90367F75-05EF-BDF1-2D4A-318DEE0D1BBE} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-9-1 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-15 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-26 45856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-3 270912]
R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-24 589872]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 TsVp;TsVp;C:\Windows\System32\drivers\tsvp.sys [2010-6-10 32872]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/05/08 19:11:02];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-5-8 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [2009-10-15 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-8 203264]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2013-1-29 23384]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 iTeleportService;iTeleportService;C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-12-8 25600]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-2-6 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-21 418376]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-5-18 2938880]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-19 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-19 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-19 171416]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-17 3463080]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-6-15 172704]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-21 25928]
R3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2011-2-6 12096]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\System32\drivers\OA008Ufd.sys [2009-3-6 159840]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\System32\drivers\OA008Vid.sys [2009-5-6 313696]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-5-12 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-5-12 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-5-12 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-5-12 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-5-12 29288]
S2 14be225b;FastSys;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-21 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 CV2K1;CommView Network Monitor;C:\Windows\System32\drivers\cv2k1.sys [2010-4-1 21608]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-14 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-3-19 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-31 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-31 57856]
S3 TsVlb;TsVlb;C:\Windows\System32\drivers\tsvlb.sys [2009-10-17 22120]
S3 tsxusbdbus;Thinstuff TSX-USB Virtual Host Controller;C:\Windows\System32\drivers\tsxusbdbus.sys [2010-11-9 56912]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2011-11-4 117040]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-17 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2014-03-22 20:23:43 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAEA7C56-AB2D-4585-9E5E-EBCE03F3C27A}\gapaengine.dll
2014-03-22 20:23:14 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{874CB792-E7D9-47C8-8E7C-8FE5B9571DE6}\mpengine.dll
2014-03-21 23:48:03 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-03-21 22:49:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-21 22:49:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 22:49:31 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Programs
2014-03-21 22:15:25 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Packages
2014-03-21 19:05:32 877480 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2014-03-21 19:05:32 800168 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-03-21 18:39:14 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-03-21 18:38:34 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Ares
2014-03-21 18:38:11 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\VirtualStore
2014-03-21 18:35:37 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Google
2014-03-16 18:39:34 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 18:11:03 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 18:11:01 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 18:11:01 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-13 18:09:35 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 18:09:35 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 18:08:27 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 18:08:27 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-03 17:28:58 -------- d-----w- C:\Windows\Migration
2014-02-23 19:46:37 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-02-23 18:09:49 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-02-23 18:09:49 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-02-23 18:09:44 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2014-02-23 15:47:18 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M  ====================
.
2014-03-13 19:18:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 19:18:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-16 21:05:10 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-01-16 21:05:02 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-01-16 21:05:02 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-01-16 21:05:02 235008 ----a-w- C:\Windows\System32\elshyph.dll
2014-01-16 21:05:02 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-01-16 21:05:01 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-01-16 21:05:01 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-16 21:05:01 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-01-16 21:05:01 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2014-01-16 21:05:00 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe
2014-01-16 21:05:00 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2014-01-16 21:05:00 1051136 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2006-11-02 09:08:52 466944 ----a-w- C:\Program Files\imagex.exe
.
============= FINISH: 22:07:01.10 ===============
 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 25 March 2014 - 09:55 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please post up the attach.txt and run the following tool:

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 25 March 2014 - 03:20 PM

Hi Marius, thanks for helping. TDSKiller found nothing - log attached below.
 
 
20:01:04.0597 0x1010  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
20:01:11.0953 0x1010  ============================================================
20:01:11.0953 0x1010  Current date / time: 2014/03/25 20:01:11.0953
20:01:11.0953 0x1010  SystemInfo:
20:01:11.0953 0x1010  
20:01:11.0953 0x1010  OS Version: 6.1.7601 ServicePack: 1.0
20:01:11.0953 0x1010  Product type: Workstation
20:01:11.0953 0x1010  ComputerName: ALEX-PC
20:01:11.0953 0x1010  UserName: Others
20:01:11.0953 0x1010  Windows directory: C:\Windows
20:01:11.0953 0x1010  System windows directory: C:\Windows
20:01:11.0953 0x1010  Running under WOW64
20:01:11.0953 0x1010  Processor architecture: Intel x64
20:01:11.0953 0x1010  Number of processors: 2
20:01:11.0953 0x1010  Page size: 0x1000
20:01:11.0953 0x1010  Boot type: Normal boot
20:01:11.0953 0x1010  ============================================================
20:01:20.0430 0x1010  KLMD registered as C:\Windows\system32\drivers\71065522.sys
20:01:20.0757 0x1010  System UUID: {5052B4B8-1047-9A21-1FF7-A8F42328E568}
20:01:21.0678 0x1010  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:01:21.0698 0x1010  ============================================================
20:01:21.0698 0x1010  \Device\Harddisk0\DR0:
20:01:21.0699 0x1010  MBR partitions:
20:01:21.0699 0x1010  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB07ED, BlocksNum 0x59FE872
20:01:21.0699 0x1010  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5AAF05F, BlocksNum 0x51A962A2
20:01:21.0699 0x1010  ============================================================
20:01:21.0731 0x1010  C: <-> \Device\Harddisk0\DR0\Partition2
20:01:21.0756 0x1010  D: <-> \Device\Harddisk0\DR0\Partition1
20:01:21.0757 0x1010  ============================================================
20:01:21.0757 0x1010  Initialize success
20:01:21.0757 0x1010  ============================================================
20:01:36.0943 0x04b0  ============================================================
20:01:36.0943 0x04b0  Scan started
20:01:36.0943 0x04b0  Mode: Manual; 
20:01:36.0943 0x04b0  ============================================================
20:01:36.0943 0x04b0  KSN ping started
20:01:39.0696 0x04b0  KSN ping finished: true
20:01:41.0322 0x04b0  ================ Scan system memory ========================
20:01:41.0323 0x04b0  System memory - ok
20:01:41.0323 0x04b0  ================ Scan services =============================
20:01:41.0446 0x04b0  [ ABDCD326E1DD1C62509ED94C278A7453, 51E2722C7D2588BE1C29A1680C988B9BE45433E147CCE285C3A918216418E44B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:01:41.0450 0x04b0  !SASCORE - ok
20:01:41.0646 0x04b0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:01:41.0657 0x04b0  1394ohci - ok
20:01:41.0705 0x04b0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 14be225b        C:\Windows\system32\rundll32.exe
20:01:41.0709 0x04b0  14be225b - ok
20:01:41.0734 0x04b0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:01:41.0745 0x04b0  ACPI - ok
20:01:41.0775 0x04b0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:01:41.0777 0x04b0  AcpiPmi - ok
20:01:41.0922 0x04b0  [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
20:01:41.0932 0x04b0  Adobe Version Cue CS3 - ok
20:01:41.0977 0x04b0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:41.0986 0x04b0  AdobeARMservice - ok
20:01:42.0126 0x04b0  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:01:42.0132 0x04b0  AdobeFlashPlayerUpdateSvc - ok
20:01:42.0194 0x04b0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:01:42.0213 0x04b0  adp94xx - ok
20:01:42.0254 0x04b0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:01:42.0266 0x04b0  adpahci - ok
20:01:42.0285 0x04b0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:01:42.0293 0x04b0  adpu320 - ok
20:01:42.0320 0x04b0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:01:42.0328 0x04b0  AeLookupSvc - ok
20:01:42.0418 0x04b0  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe
20:01:42.0426 0x04b0  AESTFilters - ok
20:01:42.0484 0x04b0  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
20:01:42.0500 0x04b0  AFD - ok
20:01:42.0533 0x04b0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:01:42.0542 0x04b0  agp440 - ok
20:01:42.0577 0x04b0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:01:42.0586 0x04b0  ALG - ok
20:01:42.0610 0x04b0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:01:42.0618 0x04b0  aliide - ok
20:01:42.0662 0x04b0  [ F238BE4FA4E55EB67F17281FADF69851, 99BABE626502E431A0BBD7C57606E9FF2A0559355BE14B25870AF2889E773DDE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:01:42.0669 0x04b0  AMD External Events Utility - ok
20:01:42.0676 0x04b0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:01:42.0678 0x04b0  amdide - ok
20:01:42.0727 0x04b0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:01:42.0736 0x04b0  AmdK8 - ok
20:01:42.0747 0x04b0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:01:42.0755 0x04b0  AmdPPM - ok
20:01:42.0781 0x04b0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:01:42.0789 0x04b0  amdsata - ok
20:01:42.0811 0x04b0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:01:42.0819 0x04b0  amdsbs - ok
20:01:42.0837 0x04b0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:01:42.0839 0x04b0  amdxata - ok
20:01:42.0880 0x04b0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:01:42.0896 0x04b0  AppID - ok
20:01:42.0929 0x04b0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:01:42.0938 0x04b0  AppIDSvc - ok
20:01:42.0974 0x04b0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:01:42.0977 0x04b0  Appinfo - ok
20:01:43.0097 0x04b0  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:01:43.0105 0x04b0  Apple Mobile Device - ok
20:01:43.0173 0x04b0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:01:43.0182 0x04b0  arc - ok
20:01:43.0195 0x04b0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:01:43.0203 0x04b0  arcsas - ok
20:01:43.0244 0x04b0  ASPI - ok
20:01:43.0338 0x04b0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:01:43.0346 0x04b0  aspnet_state - ok
20:01:43.0386 0x04b0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:43.0395 0x04b0  AsyncMac - ok
20:01:43.0418 0x04b0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:01:43.0419 0x04b0  atapi - ok
20:01:43.0458 0x04b0  [ 3B9014FB7CE9E20FD726321C7DB7D8B0, 9B910D900478A81D52446C6D71C3DDC4B5FE1345674295E1101922B0F32FBCE1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:01:43.0462 0x04b0  AtiHdmiService - ok
20:01:43.0693 0x04b0  [ 2DB9047AAC9D981F59CE06D04D70C4D8, 693BF867B01B3C0864B5228A2FB50DA779578E8359E98B139F703CF3538CF976 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:01:43.0895 0x04b0  atikmdag - ok
20:01:43.0976 0x04b0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:01:44.0006 0x04b0  AudioEndpointBuilder - ok
20:01:44.0042 0x04b0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:01:44.0058 0x04b0  AudioSrv - ok
20:01:44.0096 0x04b0  [ 5E20DDCD957E55270C804BC00CD188E5, 417319DD7408205E8BA8CF46648C45AC99A17E12D56985D52850D5918DAD21F1 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
20:01:44.0098 0x04b0  avgtp - ok
20:01:44.0145 0x04b0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:01:44.0153 0x04b0  AxInstSV - ok
20:01:44.0194 0x04b0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:01:44.0210 0x04b0  b06bdrv - ok
20:01:44.0242 0x04b0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:01:44.0251 0x04b0  b57nd60a - ok
20:01:44.0379 0x04b0  [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
20:01:44.0440 0x04b0  BCM43XX - ok
20:01:44.0479 0x04b0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:01:44.0484 0x04b0  BDESVC - ok
20:01:44.0501 0x04b0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:01:44.0511 0x04b0  Beep - ok
20:01:44.0565 0x04b0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:01:44.0595 0x04b0  BFE - ok
20:01:44.0637 0x04b0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
20:01:44.0673 0x04b0  BITS - ok
20:01:44.0694 0x04b0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:01:44.0703 0x04b0  blbdrive - ok
20:01:44.0800 0x04b0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:01:44.0814 0x04b0  Bonjour Service - ok
20:01:44.0855 0x04b0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:01:44.0860 0x04b0  bowser - ok
20:01:44.0897 0x04b0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:01:44.0906 0x04b0  BrFiltLo - ok
20:01:44.0917 0x04b0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:01:44.0920 0x04b0  BrFiltUp - ok
20:01:44.0960 0x04b0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:01:44.0969 0x04b0  BridgeMP - ok
20:01:45.0008 0x04b0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:01:45.0014 0x04b0  Browser - ok
20:01:45.0038 0x04b0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:01:45.0049 0x04b0  Brserid - ok
20:01:45.0061 0x04b0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:01:45.0070 0x04b0  BrSerWdm - ok
20:01:45.0097 0x04b0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:01:45.0105 0x04b0  BrUsbMdm - ok
20:01:45.0118 0x04b0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:01:45.0126 0x04b0  BrUsbSer - ok
20:01:45.0158 0x04b0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:01:45.0167 0x04b0  BTHMODEM - ok
20:01:45.0214 0x04b0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:01:45.0222 0x04b0  bthserv - ok
20:01:45.0238 0x04b0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:01:45.0246 0x04b0  cdfs - ok
20:01:45.0278 0x04b0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:01:45.0285 0x04b0  cdrom - ok
20:01:45.0312 0x04b0  CDRPDACC - ok
20:01:45.0357 0x04b0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:01:45.0366 0x04b0  CertPropSvc - ok
20:01:45.0406 0x04b0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:01:45.0409 0x04b0  circlass - ok
20:01:45.0444 0x04b0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:01:45.0456 0x04b0  CLFS - ok
20:01:45.0510 0x04b0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:45.0518 0x04b0  clr_optimization_v2.0.50727_32 - ok
20:01:45.0558 0x04b0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:01:45.0566 0x04b0  clr_optimization_v2.0.50727_64 - ok
20:01:45.0640 0x04b0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:45.0648 0x04b0  clr_optimization_v4.0.30319_32 - ok
20:01:45.0675 0x04b0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:01:45.0683 0x04b0  clr_optimization_v4.0.30319_64 - ok
20:01:45.0708 0x04b0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:45.0717 0x04b0  CmBatt - ok
20:01:45.0733 0x04b0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:01:45.0742 0x04b0  cmdide - ok
20:01:45.0784 0x04b0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:01:45.0798 0x04b0  CNG - ok
20:01:45.0839 0x04b0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:01:45.0840 0x04b0  Compbatt - ok
20:01:45.0866 0x04b0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:01:45.0875 0x04b0  CompositeBus - ok
20:01:45.0883 0x04b0  COMSysApp - ok
20:01:45.0898 0x04b0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:01:45.0907 0x04b0  crcdisk - ok
20:01:45.0952 0x04b0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:01:45.0961 0x04b0  CryptSvc - ok
20:01:46.0000 0x04b0  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:01:46.0007 0x04b0  CtClsFlt - ok
20:01:46.0042 0x04b0  [ 2F0E9E92C30BDAEADCCA577FF09743A8, DDCD01DB068869654E5FC7FCFE5D8BE76AF38B444C6DB560AA7C75BC3AC1623F ] CV2K1           C:\Windows\system32\DRIVERS\cv2k1.sys
20:01:46.0085 0x04b0  CV2K1 - ok
20:01:46.0159 0x04b0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:01:46.0181 0x04b0  DcomLaunch - ok
20:01:46.0218 0x04b0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:01:46.0228 0x04b0  defragsvc - ok
20:01:46.0256 0x04b0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:01:46.0265 0x04b0  DfsC - ok
20:01:46.0317 0x04b0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:01:46.0329 0x04b0  Dhcp - ok
20:01:46.0398 0x04b0  [ FDD7ABCC822D0CC4E59D0B75B0239A36, 1DEA4B48914D8012E2690118E79577F408EF91E3833A2BEF26DCFF3A9B752C7E ] DigiNet         C:\Windows\system32\DRIVERS\diginet.sys
20:01:46.0412 0x04b0  DigiNet - ok
20:01:46.0439 0x04b0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:01:46.0440 0x04b0  discache - ok
20:01:46.0470 0x04b0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:01:46.0473 0x04b0  Disk - ok
20:01:46.0504 0x04b0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:01:46.0512 0x04b0  Dnscache - ok
20:01:46.0580 0x04b0  [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:01:46.0588 0x04b0  DockLoginService - ok
20:01:46.0621 0x04b0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:01:46.0630 0x04b0  dot3svc - ok
20:01:46.0675 0x04b0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:01:46.0683 0x04b0  DPS - ok
20:01:46.0721 0x04b0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:01:46.0723 0x04b0  drmkaud - ok
20:01:46.0757 0x04b0  [ D3D64CF7B2BCEAA34A270F45A3FFFB36, 4374D4FB081A004C610707669F7817C55F247D1EB3DDA012CCDF080FF39BFAD2 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:01:46.0764 0x04b0  dtsoftbus01 - ok
20:01:46.0820 0x04b0  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:01:46.0842 0x04b0  DXGKrnl - ok
20:01:46.0907 0x04b0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:01:46.0912 0x04b0  EapHost - ok
20:01:47.0854 0x04b0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:01:47.0964 0x04b0  ebdrv - ok
20:01:48.0013 0x04b0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
20:01:48.0021 0x04b0  EFS - ok
20:01:48.0127 0x04b0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:01:48.0155 0x04b0  ehRecvr - ok
20:01:48.0182 0x04b0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:01:48.0187 0x04b0  ehSched - ok
20:01:48.0246 0x04b0  [ 9387A484D31209D7FC3F795A787294DB, 3CAFA3403B8A3547811B7233FB399FA8BB9FF54C82AC317955EDACE2E13519E5 ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
20:01:48.0258 0x04b0  ElbyCDFL - ok
20:01:48.0314 0x04b0  [ BE2902E13CA69383F449B6BF927844FB, F092785E305D8E1FE795AF98A7A7B7B4548A0D6687060568C9E078FFA8D65C1C ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
20:01:48.0316 0x04b0  ElbyCDIO - ok
20:01:48.0368 0x04b0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:01:48.0392 0x04b0  elxstor - ok
20:01:48.0416 0x04b0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:01:48.0425 0x04b0  ErrDev - ok
20:01:48.0484 0x04b0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:01:48.0498 0x04b0  EventSystem - ok
20:01:48.0514 0x04b0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:01:48.0522 0x04b0  exfat - ok
20:01:48.0573 0x04b0  [ F7A7DA530618C3700A449FE7971DB924, 20A40AC38B08983EB1D93B3159E6AB22A36C6A0EA9D5FABC07C944F2010F342C ] ezplay          C:\Windows\system32\Drivers\ezplay.sys
20:01:48.0589 0x04b0  ezplay - ok
20:01:48.0612 0x04b0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:01:48.0621 0x04b0  fastfat - ok
20:01:48.0672 0x04b0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:01:48.0701 0x04b0  Fax - ok
20:01:48.0734 0x04b0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:01:48.0742 0x04b0  fdc - ok
20:01:48.0781 0x04b0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:01:48.0789 0x04b0  fdPHost - ok
20:01:48.0806 0x04b0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:01:48.0814 0x04b0  FDResPub - ok
20:01:48.0832 0x04b0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:01:48.0836 0x04b0  FileInfo - ok
20:01:48.0852 0x04b0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:01:48.0862 0x04b0  Filetrace - ok
20:01:48.0929 0x04b0  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:01:48.0959 0x04b0  FLEXnet Licensing Service - ok
20:01:48.0984 0x04b0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:01:48.0993 0x04b0  flpydisk - ok
20:01:49.0031 0x04b0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:01:49.0041 0x04b0  FltMgr - ok
20:01:49.0108 0x04b0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:01:49.0158 0x04b0  FontCache - ok
20:01:49.0224 0x04b0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:01:49.0233 0x04b0  FontCache3.0.0.0 - ok
20:01:49.0261 0x04b0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:01:49.0269 0x04b0  FsDepends - ok
20:01:49.0319 0x04b0  [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:01:49.0323 0x04b0  fssfltr - ok
20:01:49.0420 0x04b0  [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:01:49.0479 0x04b0  fsssvc - ok
20:01:49.0510 0x04b0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:01:49.0511 0x04b0  Fs_Rec - ok
20:01:49.0582 0x04b0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:01:49.0592 0x04b0  fvevol - ok
20:01:49.0606 0x04b0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:01:49.0615 0x04b0  gagp30kx - ok
20:01:49.0650 0x04b0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:01:49.0652 0x04b0  GEARAspiWDM - ok
20:01:49.0693 0x04b0  [ 0879DC7444A201DF84E69C5DD5083D61, 04DA6A5BED342A7C6CBF52DF784C17AF8A53D73F179BF70A80B556F884BEC98B ] getPlusHelper   C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
20:01:49.0701 0x04b0  getPlusHelper - ok
20:01:49.0763 0x04b0  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
20:01:49.0764 0x04b0  gfibto - ok
20:01:49.0813 0x04b0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:01:49.0849 0x04b0  gpsvc - ok
20:01:49.0919 0x04b0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:01:49.0925 0x04b0  gupdate - ok
20:01:49.0963 0x04b0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:01:49.0967 0x04b0  gupdatem - ok
20:01:50.0031 0x04b0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:01:50.0039 0x04b0  gusvc - ok
20:01:50.0102 0x04b0  [ 8CDAD7B707DDD77D45588F74D59C9AFF, DC4BB191BB6E645E8DBB660F5A70DEAF24299A26DA4D656CF1D5596E5509630D ] hcmon           C:\Windows\system32\drivers\hcmon.sys
20:01:50.0104 0x04b0  hcmon - ok
20:01:50.0130 0x04b0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:01:50.0139 0x04b0  hcw85cir - ok
20:01:50.0176 0x04b0  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:01:50.0188 0x04b0  HdAudAddService - ok
20:01:50.0214 0x04b0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:01:50.0218 0x04b0  HDAudBus - ok
20:01:50.0240 0x04b0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:01:50.0249 0x04b0  HidBatt - ok
20:01:50.0263 0x04b0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:01:50.0272 0x04b0  HidBth - ok
20:01:50.0291 0x04b0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:01:50.0299 0x04b0  HidIr - ok
20:01:50.0331 0x04b0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
20:01:50.0340 0x04b0  hidserv - ok
20:01:50.0385 0x04b0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:01:50.0417 0x04b0  HidUsb - ok
20:01:50.0448 0x04b0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:01:50.0454 0x04b0  hkmsvc - ok
20:01:50.0490 0x04b0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:01:50.0500 0x04b0  HomeGroupListener - ok
20:01:50.0522 0x04b0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:01:50.0531 0x04b0  HomeGroupProvider - ok
20:01:50.0565 0x04b0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:01:50.0574 0x04b0  HpSAMD - ok
20:01:50.0632 0x04b0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:01:50.0666 0x04b0  HTTP - ok
20:01:50.0695 0x04b0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:01:50.0697 0x04b0  hwpolicy - ok
20:01:50.0728 0x04b0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:01:50.0736 0x04b0  i8042prt - ok
20:01:50.0784 0x04b0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:01:50.0798 0x04b0  iaStorV - ok
20:01:50.0842 0x04b0  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:01:50.0850 0x04b0  IDriverT - ok
20:01:50.0897 0x04b0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:01:50.0931 0x04b0  idsvc - ok
20:01:50.0987 0x04b0  IEEtwCollectorService - ok
20:01:51.0022 0x04b0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:01:51.0030 0x04b0  iirsp - ok
20:01:51.0134 0x04b0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:01:51.0182 0x04b0  IKEEXT - ok
20:01:51.0208 0x04b0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:01:51.0216 0x04b0  intelide - ok
20:01:51.0238 0x04b0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:01:51.0242 0x04b0  intelppm - ok
20:01:51.0288 0x04b0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:01:51.0296 0x04b0  IPBusEnum - ok
20:01:51.0323 0x04b0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:51.0331 0x04b0  IpFilterDriver - ok
20:01:51.0376 0x04b0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:01:51.0402 0x04b0  iphlpsvc - ok
20:01:51.0425 0x04b0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:01:51.0434 0x04b0  IPMIDRV - ok
20:01:51.0455 0x04b0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:01:51.0463 0x04b0  IPNAT - ok
20:01:51.0529 0x04b0  [ F7ED08D4BC89D7AC6135C1556A89157F, 8F15F1E528F6513FCEF5D966880CBA8A2C7A4816393393F4B201CDD6227F36A3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:01:51.0562 0x04b0  iPod Service - ok
20:01:51.0584 0x04b0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:01:51.0592 0x04b0  IRENUM - ok
20:01:51.0619 0x04b0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:01:51.0622 0x04b0  isapnp - ok
20:01:51.0656 0x04b0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:01:51.0663 0x04b0  iScsiPrt - ok
20:01:51.0723 0x04b0  [ 42CA31FCFB1F023E91243B688F022C1F, 883294D60BA64360BC16736058F14CC0FDAB2B638EE657953294EA536C5D9CED ] iTeleportService C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe
20:01:51.0724 0x04b0  iTeleportService - ok
20:01:51.0784 0x04b0  [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:01:51.0794 0x04b0  k57nd60a - ok
20:01:51.0818 0x04b0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:01:51.0820 0x04b0  kbdclass - ok
20:01:51.0845 0x04b0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:01:51.0847 0x04b0  kbdhid - ok
20:01:51.0866 0x04b0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
20:01:51.0869 0x04b0  KeyIso - ok
20:01:51.0898 0x04b0  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:01:51.0902 0x04b0  KSecDD - ok
20:01:51.0927 0x04b0  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:01:51.0933 0x04b0  KSecPkg - ok
20:01:51.0962 0x04b0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:01:51.0965 0x04b0  ksthunk - ok
20:01:52.0006 0x04b0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:01:52.0019 0x04b0  KtmRm - ok
20:01:52.0059 0x04b0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:01:52.0069 0x04b0  LanmanServer - ok
20:01:52.0110 0x04b0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:01:52.0119 0x04b0  LanmanWorkstation - ok
20:01:52.0150 0x04b0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:01:52.0159 0x04b0  lltdio - ok
20:01:52.0184 0x04b0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:01:52.0196 0x04b0  lltdsvc - ok
20:01:52.0214 0x04b0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:01:52.0222 0x04b0  lmhosts - ok
20:01:52.0259 0x04b0  LMIInfo - ok
20:01:52.0281 0x04b0  [ 413ECDCFAD9A82804D3674C8D7EEC24E, C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
20:01:52.0290 0x04b0  lmimirr - ok
20:01:52.0327 0x04b0  LMIRfsClientNP - ok
20:01:52.0353 0x04b0  [ C57D3FAA50E6F395759FFB7C709BD944, 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
20:01:52.0355 0x04b0  LMIRfsDriver - ok
20:01:52.0391 0x04b0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:01:52.0396 0x04b0  LSI_FC - ok
20:01:52.0435 0x04b0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:01:52.0440 0x04b0  LSI_SAS - ok
20:01:52.0467 0x04b0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:01:52.0471 0x04b0  LSI_SAS2 - ok
20:01:52.0511 0x04b0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:01:52.0520 0x04b0  LSI_SCSI - ok
20:01:52.0541 0x04b0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:01:52.0549 0x04b0  luafv - ok
20:01:52.0622 0x04b0  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:01:52.0623 0x04b0  MBAMProtector - ok
20:01:52.0699 0x04b0  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:01:52.0713 0x04b0  MBAMScheduler - ok
20:01:52.0980 0x04b0  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:01:53.0017 0x04b0  MBAMService - ok
20:01:53.0093 0x04b0  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
20:01:53.0128 0x04b0  mcdbus - ok
20:01:53.0171 0x04b0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:01:53.0179 0x04b0  Mcx2Svc - ok
20:01:53.0203 0x04b0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:01:53.0211 0x04b0  megasas - ok
20:01:53.0236 0x04b0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:01:53.0247 0x04b0  MegaSR - ok
20:01:53.0314 0x04b0  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:01:53.0319 0x04b0  Microsoft Office Groove Audit Service - ok
20:01:53.0349 0x04b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:01:53.0358 0x04b0  MMCSS - ok
20:01:53.0371 0x04b0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:01:53.0379 0x04b0  Modem - ok
20:01:53.0397 0x04b0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:01:53.0398 0x04b0  monitor - ok
20:01:53.0428 0x04b0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
20:01:53.0430 0x04b0  mouclass - ok
20:01:53.0461 0x04b0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:01:53.0463 0x04b0  mouhid - ok
20:01:53.0492 0x04b0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:01:53.0496 0x04b0  mountmgr - ok
20:01:53.0564 0x04b0  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:01:53.0572 0x04b0  MpFilter - ok
20:01:53.0608 0x04b0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:01:53.0614 0x04b0  mpio - ok
20:01:53.0658 0x04b0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:01:53.0667 0x04b0  mpsdrv - ok
20:01:53.0727 0x04b0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:01:53.0762 0x04b0  MpsSvc - ok
20:01:53.0799 0x04b0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:01:53.0806 0x04b0  MRxDAV - ok
20:01:53.0833 0x04b0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:53.0847 0x04b0  mrxsmb - ok
20:01:53.0883 0x04b0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:53.0893 0x04b0  mrxsmb10 - ok
20:01:53.0910 0x04b0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:53.0919 0x04b0  mrxsmb20 - ok
20:01:53.0940 0x04b0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:01:53.0941 0x04b0  msahci - ok
20:01:53.0971 0x04b0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:01:53.0978 0x04b0  msdsm - ok
20:01:53.0995 0x04b0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:01:54.0003 0x04b0  MSDTC - ok
20:01:54.0050 0x04b0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:01:54.0058 0x04b0  Msfs - ok
20:01:54.0075 0x04b0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:01:54.0083 0x04b0  mshidkmdf - ok
20:01:54.0101 0x04b0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:01:54.0102 0x04b0  msisadrv - ok
20:01:54.0144 0x04b0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:01:54.0151 0x04b0  MSiSCSI - ok
20:01:54.0157 0x04b0  msiserver - ok
20:01:54.0183 0x04b0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:01:54.0192 0x04b0  MSKSSRV - ok
20:01:54.0320 0x04b0  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:01:54.0322 0x04b0  MsMpSvc - ok
20:01:54.0350 0x04b0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:54.0359 0x04b0  MSPCLOCK - ok
20:01:54.0365 0x04b0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:01:54.0368 0x04b0  MSPQM - ok
20:01:54.0407 0x04b0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:01:54.0419 0x04b0  MsRPC - ok
20:01:54.0448 0x04b0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:01:54.0449 0x04b0  mssmbios - ok
20:01:54.0495 0x04b0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:01:54.0503 0x04b0  MSTEE - ok
20:01:54.0515 0x04b0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:01:54.0524 0x04b0  MTConfig - ok
20:01:54.0549 0x04b0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:01:54.0551 0x04b0  Mup - ok
20:01:54.0615 0x04b0  [ 621C40398B1A0242ACBCC2BA65C23A66, AB8FAA89046931891FC3A60D9A753DC2C4F4AC52E35ACCE1ABAAC144380F8009 ] mv2             C:\Windows\system32\DRIVERS\mv2.sys
20:01:54.0627 0x04b0  mv2 - ok
20:01:54.0669 0x04b0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:01:54.0686 0x04b0  napagent - ok
20:01:54.0724 0x04b0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:01:54.0735 0x04b0  NativeWifiP - ok
20:01:54.0796 0x04b0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:01:54.0838 0x04b0  NDIS - ok
20:01:54.0868 0x04b0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:01:54.0876 0x04b0  NdisCap - ok
20:01:54.0902 0x04b0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:54.0910 0x04b0  NdisTapi - ok
20:01:54.0951 0x04b0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:54.0959 0x04b0  Ndisuio - ok
20:01:54.0996 0x04b0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:55.0003 0x04b0  NdisWan - ok
20:01:55.0027 0x04b0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:01:55.0031 0x04b0  NDProxy - ok
20:01:55.0059 0x04b0  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
20:01:55.0067 0x04b0  Netaapl - ok
20:01:55.0089 0x04b0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:01:55.0097 0x04b0  NetBIOS - ok
20:01:55.0134 0x04b0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:01:55.0142 0x04b0  NetBT - ok
20:01:55.0161 0x04b0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
20:01:55.0163 0x04b0  Netlogon - ok
20:01:55.0201 0x04b0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:01:55.0215 0x04b0  Netman - ok
20:01:55.0247 0x04b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:55.0253 0x04b0  NetMsmqActivator - ok
20:01:55.0274 0x04b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:55.0278 0x04b0  NetPipeActivator - ok
20:01:55.0317 0x04b0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:01:55.0333 0x04b0  netprofm - ok
20:01:55.0347 0x04b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:55.0351 0x04b0  NetTcpActivator - ok
20:01:55.0361 0x04b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:55.0365 0x04b0  NetTcpPortSharing - ok
20:01:55.0383 0x04b0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:01:55.0391 0x04b0  nfrd960 - ok
20:01:55.0469 0x04b0  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:01:55.0473 0x04b0  NisDrv - ok
20:01:55.0512 0x04b0  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:01:55.0524 0x04b0  NisSrv - ok
20:01:55.0556 0x04b0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:01:55.0568 0x04b0  NlaSvc - ok
20:01:55.0628 0x04b0  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\Windows\system32\drivers\npf.sys
20:01:55.0637 0x04b0  NPF - ok
20:01:55.0653 0x04b0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:01:55.0661 0x04b0  Npfs - ok
20:01:55.0690 0x04b0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:01:55.0698 0x04b0  nsi - ok
20:01:55.0725 0x04b0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:01:55.0727 0x04b0  nsiproxy - ok
20:01:55.0809 0x04b0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:01:55.0904 0x04b0  Ntfs - ok
20:01:55.0943 0x04b0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:01:55.0951 0x04b0  Null - ok
20:01:55.0978 0x04b0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:01:55.0984 0x04b0  nvraid - ok
20:01:56.0017 0x04b0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:01:56.0024 0x04b0  nvstor - ok
20:01:56.0057 0x04b0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:01:56.0063 0x04b0  nv_agp - ok
20:01:56.0109 0x04b0  [ 404B0121AE1A75D9A63B6934EB07C258, 86C423955252DDD519407F22C9A28B3AA952C088494470D622ECDC1C6569FC7E ] OA008Ufd        C:\Windows\system32\DRIVERS\OA008Ufd.sys
20:01:56.0117 0x04b0  OA008Ufd - ok
20:01:56.0142 0x04b0  [ 126885007E8F601861165FC77C93F1BE, AD93B726AEA981C89C1E250CFCB89FB35EC8FACF7D80A3DCEA62F983DD3DAEF2 ] OA008Vid        C:\Windows\system32\DRIVERS\OA008Vid.sys
20:01:56.0153 0x04b0  OA008Vid - ok
20:01:56.0233 0x04b0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:01:56.0251 0x04b0  odserv - ok
20:01:56.0278 0x04b0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:01:56.0287 0x04b0  ohci1394 - ok
20:01:56.0321 0x04b0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:56.0327 0x04b0  ose - ok
20:01:56.0574 0x04b0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:01:56.0770 0x04b0  osppsvc - ok
20:01:56.0849 0x04b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:01:56.0862 0x04b0  p2pimsvc - ok
20:01:56.0887 0x04b0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:01:56.0902 0x04b0  p2psvc - ok
20:01:57.0036 0x04b0  [ 673E36852E2F9FA778D5D3DDCEFA591B, A15EF7E93F7101A7AC34FCF4912755A3DA35013FFB225A53A370C183110B26DC ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
20:01:57.0138 0x04b0  PaceLicenseDServices - ok
20:01:57.0176 0x04b0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:01:57.0184 0x04b0  Parport - ok
20:01:57.0213 0x04b0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:01:57.0217 0x04b0  partmgr - ok
20:01:57.0236 0x04b0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:01:57.0247 0x04b0  PcaSvc - ok
20:01:57.0278 0x04b0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:01:57.0287 0x04b0  pci - ok
20:01:57.0311 0x04b0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:01:57.0313 0x04b0  pciide - ok
20:01:57.0335 0x04b0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:01:57.0344 0x04b0  pcmcia - ok
20:01:57.0357 0x04b0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:01:57.0359 0x04b0  pcw - ok
20:01:57.0388 0x04b0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:01:57.0421 0x04b0  PEAUTH - ok
20:01:57.0487 0x04b0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:01:57.0490 0x04b0  PerfHost - ok
20:01:57.0571 0x04b0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:01:57.0622 0x04b0  pla - ok
20:01:57.0668 0x04b0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:01:57.0684 0x04b0  PlugPlay - ok
20:01:57.0708 0x04b0  [ 06841F5CD8410B6BDC0B5A631B8F8787, 95CA940AAE0C713C7161899D7DD7109FC985B60A1B3817C4243ED9870DA5FDE0 ] pnetmdm         C:\Windows\system32\DRIVERS\pnetmdm64.sys
20:01:57.0716 0x04b0  pnetmdm - ok
20:01:57.0758 0x04b0  PnkBstrA - ok
20:01:57.0772 0x04b0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:01:57.0777 0x04b0  PNRPAutoReg - ok
20:01:57.0803 0x04b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:01:57.0812 0x04b0  PNRPsvc - ok
20:01:57.0843 0x04b0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:01:57.0860 0x04b0  PolicyAgent - ok
20:01:57.0896 0x04b0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:01:57.0905 0x04b0  Power - ok
20:01:57.0942 0x04b0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:01:57.0947 0x04b0  PptpMiniport - ok
20:01:57.0975 0x04b0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:01:57.0983 0x04b0  Processor - ok
20:01:58.0016 0x04b0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:01:58.0025 0x04b0  ProfSvc - ok
20:01:58.0043 0x04b0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:58.0045 0x04b0  ProtectedStorage - ok
20:01:58.0100 0x04b0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:01:58.0106 0x04b0  Psched - ok
20:01:58.0139 0x04b0  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:01:58.0142 0x04b0  PxHlpa64 - ok
20:01:58.0207 0x04b0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:01:58.0267 0x04b0  ql2300 - ok
20:01:58.0295 0x04b0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:01:58.0304 0x04b0  ql40xx - ok
20:01:58.0337 0x04b0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:01:58.0348 0x04b0  QWAVE - ok
20:01:58.0364 0x04b0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:01:58.0366 0x04b0  QWAVEdrv - ok
20:01:58.0499 0x04b0  [ 81BE76652B1D5B9493B9DD339F2D0FC0, 6BFCF132209E4ADE556866E16E7EFF11975CAE2986CC9A59A718291DE71ED9CD ] RapportCerberus_56758 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys
20:01:58.0513 0x04b0  RapportCerberus_56758 - ok
20:01:58.0519 0x04b0  RapportEI64 - ok
20:01:58.0559 0x04b0  RapportPG64 - ok
20:01:58.0579 0x04b0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:01:58.0588 0x04b0  RasAcd - ok
20:01:58.0633 0x04b0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:01:58.0642 0x04b0  RasAgileVpn - ok
20:01:58.0676 0x04b0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:01:58.0692 0x04b0  RasAuto - ok
20:01:58.0737 0x04b0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:58.0745 0x04b0  Rasl2tp - ok
20:01:58.0771 0x04b0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:01:58.0785 0x04b0  RasMan - ok
20:01:58.0809 0x04b0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:58.0818 0x04b0  RasPppoe - ok
20:01:58.0837 0x04b0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:01:58.0846 0x04b0  RasSstp - ok
20:01:58.0873 0x04b0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:01:58.0884 0x04b0  rdbss - ok
20:01:58.0894 0x04b0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:01:58.0903 0x04b0  rdpbus - ok
20:01:58.0918 0x04b0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:58.0919 0x04b0  RDPCDD - ok
20:01:58.0985 0x04b0  [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:01:58.0992 0x04b0  RDPDR - ok
20:01:59.0012 0x04b0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:01:59.0013 0x04b0  RDPENCDD - ok
20:01:59.0033 0x04b0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:01:59.0034 0x04b0  RDPREFMP - ok
20:01:59.0112 0x04b0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:01:59.0120 0x04b0  RdpVideoMiniport - ok
20:01:59.0158 0x04b0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:01:59.0166 0x04b0  RDPWD - ok
20:01:59.0207 0x04b0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:01:59.0215 0x04b0  rdyboost - ok
20:01:59.0242 0x04b0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:01:59.0250 0x04b0  RemoteAccess - ok
20:01:59.0286 0x04b0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:01:59.0296 0x04b0  RemoteRegistry - ok
20:01:59.0322 0x04b0  [ 6FAF5B04BEDC66D300D9D233B2D222F0, 26068A89DC00B8CC5A9CD840C16CA073D4290F25F8CE2CD418EFF0EDF2C6495E ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
20:01:59.0331 0x04b0  rimmptsk - ok
20:01:59.0360 0x04b0  [ 67F50C31713106FD1B0F286F86AA2B2E, 8E1CAAA442C749396DBCE63F2A9D1C44AE84C48B8DD7EE400E24AA4AE041495E ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
20:01:59.0368 0x04b0  rimsptsk - ok
20:01:59.0411 0x04b0  [ C903D49655B4AAE46673F0AAA6BE0F58, 0F861775323CC1792A4A4B43D6375532D982FBC9FCC03184B55101A2A579A832 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
20:01:59.0420 0x04b0  RimVSerPort - ok
20:01:59.0447 0x04b0  [ 4D7EF3D46346EC4C58784DB964B365DE, 17AEE03C051998C5B50476AF43A95DC0A90AC08D07CED1172BEB2DD910762E19 ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
20:01:59.0450 0x04b0  rismxdp - ok
20:01:59.0494 0x04b0  [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
20:01:59.0502 0x04b0  ROOTMODEM - ok
20:01:59.0532 0x04b0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:01:59.0537 0x04b0  RpcEptMapper - ok
20:01:59.0569 0x04b0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:01:59.0577 0x04b0  RpcLocator - ok
20:01:59.0621 0x04b0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
20:01:59.0635 0x04b0  RpcSs - ok
20:01:59.0659 0x04b0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:01:59.0667 0x04b0  rspndr - ok
20:01:59.0700 0x04b0  [ 33E3B5497741E11609F5C19A4BABECE5, 215EED9EFDE57FDC0896A59B30BE7CB92926C45BDA6A842AB4B1075CC74CA58A ] s116bus         C:\Windows\system32\DRIVERS\s116bus.sys
20:01:59.0709 0x04b0  s116bus - ok
20:01:59.0731 0x04b0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
20:01:59.0734 0x04b0  SamSs - ok
20:01:59.0794 0x04b0  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:01:59.0796 0x04b0  SASDIFSV - ok
20:01:59.0820 0x04b0  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:01:59.0822 0x04b0  SASKUTIL - ok
20:01:59.0849 0x04b0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:01:59.0857 0x04b0  sbp2port - ok
20:01:59.0875 0x04b0  SBRE - ok
20:01:59.0911 0x04b0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:01:59.0920 0x04b0  SCardSvr - ok
20:01:59.0969 0x04b0  [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D, 64A07303E538A1EE439D4AAD0DEBBD6037219D37B884026701A06E59A729E9C9 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
20:02:00.0047 0x04b0  SCDEmu - ok
20:02:00.0081 0x04b0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:02:00.0090 0x04b0  scfilter - ok
20:02:00.0150 0x04b0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:02:00.0193 0x04b0  Schedule - ok
20:02:00.0222 0x04b0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:02:00.0224 0x04b0  SCPolicySvc - ok
20:02:00.0255 0x04b0  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:02:00.0263 0x04b0  sdbus - ok
20:02:00.0296 0x04b0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:02:00.0305 0x04b0  SDRSVC - ok
20:02:00.0558 0x04b0  [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:02:00.0644 0x04b0  SDScannerService - ok
20:02:00.0748 0x04b0  [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:02:00.0772 0x04b0  SDUpdateService - ok
20:02:00.0805 0x04b0  [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:02:00.0811 0x04b0  SDWSCService - ok
20:02:00.0849 0x04b0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:02:00.0858 0x04b0  secdrv - ok
20:02:00.0890 0x04b0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:02:00.0899 0x04b0  seclogon - ok
20:02:00.0927 0x04b0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
20:02:00.0932 0x04b0  SENS - ok
20:02:00.0972 0x04b0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:02:00.0977 0x04b0  SensrSvc - ok
20:02:00.0994 0x04b0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:02:01.0002 0x04b0  Serenum - ok
20:02:01.0013 0x04b0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:02:01.0022 0x04b0  Serial - ok
20:02:01.0041 0x04b0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:02:01.0050 0x04b0  sermouse - ok
20:02:01.0090 0x04b0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:02:01.0098 0x04b0  SessionEnv - ok
20:02:01.0120 0x04b0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:02:01.0128 0x04b0  sffdisk - ok
20:02:01.0145 0x04b0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:02:01.0153 0x04b0  sffp_mmc - ok
20:02:01.0178 0x04b0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:02:01.0187 0x04b0  sffp_sd - ok
20:02:01.0208 0x04b0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:02:01.0211 0x04b0  sfloppy - ok
20:02:01.0290 0x04b0  [ 43ADBE70270DFD40EBDA4DD0E492B5FB, AE5B8B8E7926E32EBED56A1296241E0CB50EEA14B1F766C6DF504BCCADB3CE42 ] SgtSch2Svc      C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
20:02:01.0326 0x04b0  SgtSch2Svc - ok
20:02:01.0395 0x04b0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:02:01.0408 0x04b0  SharedAccess - ok
20:02:01.0447 0x04b0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:02:01.0461 0x04b0  ShellHWDetection - ok
20:02:01.0486 0x04b0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:02:01.0495 0x04b0  SiSRaid2 - ok
20:02:01.0698 0x04b0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:02:01.0797 0x04b0  SiSRaid4 - ok
20:02:01.0972 0x04b0  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:02:01.0981 0x04b0  SkypeUpdate - ok
20:02:02.0011 0x04b0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:02:02.0019 0x04b0  Smb - ok
20:02:02.0093 0x04b0  [ 8AC15211EB4BF019AAB0022781CC8AD0, 56EBD1F50E22615D3C4FB98C2FD7D241E114AE83C0B225906FC81A7F1AF87AE5 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
20:02:02.0103 0x04b0  snapman - ok
20:02:02.0137 0x04b0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:02:02.0145 0x04b0  SNMPTRAP - ok
20:02:02.0163 0x04b0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:02:02.0164 0x04b0  spldr - ok
20:02:02.0204 0x04b0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:02:02.0230 0x04b0  Spooler - ok
20:02:02.0362 0x04b0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:02:02.0481 0x04b0  sppsvc - ok
20:02:02.0543 0x04b0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:02:02.0551 0x04b0  sppuinotify - ok
20:02:02.0560 0x04b0  sptd - ok
20:02:02.0594 0x04b0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:02:02.0609 0x04b0  srv - ok
20:02:02.0636 0x04b0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:02:02.0650 0x04b0  srv2 - ok
20:02:02.0667 0x04b0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:02:02.0674 0x04b0  srvnet - ok
20:02:02.0704 0x04b0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:02:02.0713 0x04b0  SSDPSRV - ok
20:02:02.0743 0x04b0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:02:02.0752 0x04b0  SstpSvc - ok
20:02:02.0848 0x04b0  [ C5DF63AE2693C9B6B01B4A2E6C1C64AC, 43101C32A8138F9D746226582032308DACF59D9E64977D719ED8BE08101C9C2F ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\STacSV64.exe
20:02:02.0858 0x04b0  STacSV - ok
20:02:02.0884 0x04b0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:02:02.0886 0x04b0  stexstor - ok
20:02:02.0936 0x04b0  [ BA16447226ABFD342E130D2F24F73D32, B0746CF374077B4434E9A1BF486A03D156CDB70E13012787C7CE5E662D50A12D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
20:02:02.0950 0x04b0  STHDA - ok
20:02:03.0013 0x04b0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:02:03.0052 0x04b0  stisvc - ok
20:02:03.0103 0x04b0  [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:02:03.0144 0x04b0  stllssvr - ok
20:02:03.0189 0x04b0  StyleXPHelper - ok
20:02:03.0252 0x04b0  [ 564286A42AF81FB2B61EED32FCDE020C, 5A3998138F2BD6DB1F3ACA18463E6380F3E8F115D8D03A5F295CE5AF9159B0D3 ] StyleXPService  C:\Program Files (x86)\TGTSoft\StyleXP\StyleXPService.exe
20:02:03.0278 0x04b0  StyleXPService - ok
20:02:03.0299 0x04b0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:02:03.0300 0x04b0  swenum - ok
20:02:03.0428 0x04b0  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:02:03.0448 0x04b0  SwitchBoard - ok
20:02:03.0487 0x04b0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:02:03.0511 0x04b0  swprv - ok
20:02:03.0552 0x04b0  [ 1657B7442D5CE30533F5C4317716B468, 31C1C6D529F555FE6936F8765B262269364BDA2C6726AF70CA8BB148F4E5A56A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:02:03.0559 0x04b0  SynTP - ok
20:02:03.0643 0x04b0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:02:03.0709 0x04b0  SysMain - ok
20:02:03.0746 0x04b0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:02:03.0762 0x04b0  TabletInputService - ok
20:02:03.0797 0x04b0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:02:03.0810 0x04b0  TapiSrv - ok
20:02:03.0837 0x04b0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:02:03.0842 0x04b0  TBS - ok
20:02:03.0926 0x04b0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:02:03.0995 0x04b0  Tcpip - ok
20:02:04.0093 0x04b0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:02:04.0135 0x04b0  TCPIP6 - ok
20:02:04.0169 0x04b0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:02:04.0171 0x04b0  tcpipreg - ok
20:02:04.0209 0x04b0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:02:04.0218 0x04b0  TDPIPE - ok
20:02:04.0284 0x04b0  [ AC1FC18D04B92BAC16CBD85DE2A08A0B, 07758732DEC2EE22F6AA9BEE928E49B577C59BDBD3FD886D31E9F459010F74BE ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
20:02:04.0309 0x04b0  tdrpman - ok
20:02:04.0342 0x04b0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:02:04.0350 0x04b0  TDTCP - ok
20:02:04.0378 0x04b0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:02:04.0384 0x04b0  tdx - ok
20:02:04.0595 0x04b0  [ 851C5080261DFC1FCDC21DF0E5EA3BCB, 32EE376426F7AF39D69DCFF226D256803BCDAD95CA69C54C391A8DEC405DF423 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
20:02:04.0672 0x04b0  TeamViewer8 - ok
20:02:04.0720 0x04b0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:02:04.0723 0x04b0  TermDD - ok
20:02:04.0758 0x04b0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
20:02:04.0781 0x04b0  TermService - ok
20:02:04.0806 0x04b0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:02:04.0815 0x04b0  Themes - ok
20:02:04.0845 0x04b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:02:04.0848 0x04b0  THREADORDER - ok
20:02:04.0891 0x04b0  [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F, 0AC9C626F0ED7F27CCE0236897D44836789331953AA0A73B2A88E4A91CF996B6 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
20:02:04.0895 0x04b0  tifsfilter - ok
20:02:04.0935 0x04b0  [ EC4FD4D147985A97E881729E808E6F34, 6C1B15AE8E1F4E3B50856EF2CBFEE28D5FAC9C7276D0922E286A7BD6514DA74A ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
20:02:04.0964 0x04b0  timounter - ok
20:02:05.0039 0x04b0  [ BA73D503348F3323BD8E995860323442, A01A16283D19F28D4BA41E4FF7A699F07B278317D436E7503F255AF4F89999A2 ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
20:02:05.0043 0x04b0  Tpkd - ok
20:02:05.0077 0x04b0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:02:05.0092 0x04b0  TrkWks - ok
20:02:05.0151 0x04b0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:02:05.0159 0x04b0  TrustedInstaller - ok
20:02:05.0197 0x04b0  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:05.0199 0x04b0  tssecsrv - ok
20:02:05.0240 0x04b0  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:02:05.0244 0x04b0  TsUsbFlt - ok
20:02:05.0284 0x04b0  [ 3244D95F72DB33B238915461AA0F91D0, 61D289F1A16F56B7E1CDD07B928D64E7B8B3B5194D8ABC61FDE79B0FE9172225 ] TsVlb           C:\Windows\system32\DRIVERS\tsvlb.sys
20:02:05.0303 0x04b0  TsVlb - ok
20:02:05.0338 0x04b0  [ ADF60E064CE420A54DD725462BDFA165, 25D471C18442A6404E61D4B24F81A2D5F30977AB8D89E485C5B3DFE889DCC996 ] TsVp            C:\Windows\system32\DRIVERS\tsvp.sys
20:02:05.0352 0x04b0  TsVp - ok
20:02:05.0383 0x04b0  [ DBCCAC92B280C716068345F17561169E, 7255321B94FCD1AF8F84E84179B31F6AB22DEBA9CB80BCB913485757DEBFF0BB ] tsxusbdbus      C:\Windows\system32\DRIVERS\tsxusbdbus.sys
20:02:05.0399 0x04b0  tsxusbdbus - ok
20:02:05.0447 0x04b0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:02:05.0456 0x04b0  tunnel - ok
20:02:05.0484 0x04b0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:02:05.0492 0x04b0  uagp35 - ok
20:02:05.0523 0x04b0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:02:05.0535 0x04b0  udfs - ok
20:02:05.0608 0x04b0  [ 3F2D08B07CF67CB37E669A93E59A508C, B2FE85334C4CD7645BE1B3C1C905668700769EF105DC79BF25F7C8EDC9F52DB8 ] ufad-ws60       C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
20:02:05.0616 0x04b0  ufad-ws60 - ok
20:02:05.0650 0x04b0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:02:05.0658 0x04b0  UI0Detect - ok
20:02:05.0681 0x04b0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:02:05.0689 0x04b0  uliagpkx - ok
20:02:05.0719 0x04b0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
20:02:05.0727 0x04b0  umbus - ok
20:02:05.0753 0x04b0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:02:05.0762 0x04b0  UmPass - ok
20:02:05.0797 0x04b0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:02:05.0811 0x04b0  upnphost - ok
20:02:05.0859 0x04b0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:02:05.0868 0x04b0  USBAAPL64 - ok
20:02:05.0891 0x04b0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:05.0900 0x04b0  usbccgp - ok
20:02:05.0931 0x04b0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:02:05.0940 0x04b0  usbcir - ok
20:02:05.0972 0x04b0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:02:05.0980 0x04b0  usbehci - ok
20:02:06.0014 0x04b0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:02:06.0027 0x04b0  usbhub - ok
20:02:06.0056 0x04b0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:02:06.0065 0x04b0  usbohci - ok
20:02:06.0094 0x04b0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:02:06.0098 0x04b0  usbprint - ok
20:02:06.0128 0x04b0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:06.0136 0x04b0  USBSTOR - ok
20:02:06.0157 0x04b0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:02:06.0165 0x04b0  usbuhci - ok
20:02:06.0194 0x04b0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:02:06.0203 0x04b0  UxSms - ok
20:02:06.0220 0x04b0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
20:02:06.0222 0x04b0  VaultSvc - ok
20:02:06.0293 0x04b0  [ B6437A7C60C817A0D7BEA1D994B01612, E65077611C77F9361A0BDF22398B4BDA9DFD46FA784069C6B917AA37E9B32539 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
20:02:06.0318 0x04b0  VBoxDrv - ok
20:02:06.0346 0x04b0  [ 9E607F6240EADC4C0B3570F3E5E0358C, 389F19AE1540932378FF0BB5203577E758F3DBC529AEE94AA8D548BEDEE1FD4E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:02:06.0351 0x04b0  VBoxNetAdp - ok
20:02:06.0385 0x04b0  [ 9F7BC6D33A3AA4AFF35C9DBD69C2BCA0, 7F92AD2DA849E4D25B6A610F10F26C2CA90D0C2C9F2808C9F9C8A8274A736BF4 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
20:02:06.0389 0x04b0  VBoxNetFlt - ok
20:02:06.0435 0x04b0  [ 3CC7909465536D89551C2B5374A2F48A, 88FF126CD9D2CA75B5349E9BB1C0DC3FFA6707EF83757E2FB7CFBBBAF8F1DE23 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
20:02:06.0443 0x04b0  VBoxUSB - ok
20:02:06.0498 0x04b0  [ 84B57B85A550476456EC5AB32FA99513, FF142CF311FA68E5D706C216770FD2CFF098D526386AABC9F9435EA41782723A ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
20:02:06.0502 0x04b0  VBoxUSBMon - ok
20:02:06.0534 0x04b0  [ 3EEBF3C348C3DEB4CF6F10F2E6E222CD, 5D85364945ABF28965C7AD75A0EAD54EDBC8C72D64BB3E82D7FDAAD63BDB564E ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
20:02:06.0543 0x04b0  VClone - ok
20:02:06.0575 0x04b0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:02:06.0577 0x04b0  vdrvroot - ok
20:02:06.0623 0x04b0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:02:06.0648 0x04b0  vds - ok
20:02:06.0689 0x04b0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:06.0692 0x04b0  vga - ok
20:02:06.0708 0x04b0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:02:06.0710 0x04b0  VgaSave - ok
20:02:06.0739 0x04b0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:02:06.0748 0x04b0  vhdmp - ok
20:02:06.0800 0x04b0  [ 68A506655E15146A5D686F53FAF1B7D7, 84993AF63350B1390E637597825C7B259ADCFBD5064DEA08EF47B5F3863B1140 ] vhidmini        C:\Windows\system32\DRIVERS\crazyremote64.sys
20:02:06.0819 0x04b0  vhidmini - ok
20:02:06.0840 0x04b0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:02:06.0849 0x04b0  viaide - ok
20:02:06.0897 0x04b0  [ 85A0E62AC295B2958070EBF60CED22BC, ADF003642AF06D4CB092C713D96E48D2CEA47C4DC98EDD2E3AE9FFD1E09056E6 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
20:02:06.0905 0x04b0  VMAuthdService - ok
20:02:06.0937 0x04b0  [ CDAA992C18F3F3612444C818A478CF57, DFB8147511FFA5E7EF65D39E1C2EA96A4677D25D3C27A82F2EAB0B5D69851FBA ] vmci            C:\Windows\system32\drivers\vmci.sys
20:02:06.0940 0x04b0  vmci - ok
20:02:06.0973 0x04b0  [ EA9C266CD4B4BB7C7D818C1C27461959, 7BB10A905DF6F90A6A584700DAF2DC9A36CFE9CF5A67CAA408AEC81793C0320A ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
20:02:06.0975 0x04b0  vmkbd - ok
20:02:06.0989 0x04b0  [ 9D54F1339E78C95BF3D9939EBCB66378, 99E29225443049B35E633BB7E709AC89B555F6A1EC5FAE075825A74F088FDC9A ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
20:02:06.0991 0x04b0  VMnetAdapter - ok
20:02:07.0017 0x04b0  [ FB54EF3AA613D2832FD3812E7CB2FC75, 2D638EFE2E457C4F9B50AF49C7A0B0DA82A98FF10049C2E5DABE32B7E0BA2B23 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
20:02:07.0019 0x04b0  VMnetBridge - ok
20:02:07.0036 0x04b0  VMnetDHCP - ok
20:02:07.0056 0x04b0  [ 479948EB42E189C076B45EBAF2D12BBC, 7DE4F6A8AFD2A40ECD9FCAA8900CA0D2988795366BC9A15BAF2BD7CB0825271C ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
20:02:07.0057 0x04b0  VMnetuserif - ok
20:02:07.0115 0x04b0  [ 346AF8B2BE7E2E349B0FCA70C55CAC03, 480ADDB1BEC47D0D490B85B9E23F13126FDCC92792F1783E56C5FE9C8F17B20C ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
20:02:07.0140 0x04b0  VMUSBArbService - ok
20:02:07.0162 0x04b0  VMware NAT Service - ok
20:02:07.0182 0x04b0  [ 05645D6651CA7A02298AAE475BBCAD6E, 9A66C24EDCD16B28286E449716EED1CFB47B117ECBB34BD8C32B6662764E7965 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
20:02:07.0184 0x04b0  vmx86 - ok
20:02:07.0208 0x04b0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:02:07.0211 0x04b0  volmgr - ok
20:02:07.0247 0x04b0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:02:07.0259 0x04b0  volmgrx - ok
20:02:07.0293 0x04b0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:02:07.0303 0x04b0  volsnap - ok
20:02:07.0346 0x04b0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:02:07.0353 0x04b0  vsmraid - ok
20:02:07.0434 0x04b0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:02:07.0512 0x04b0  VSS - ok
20:02:07.0575 0x04b0  [ 69F57E89E6EBC5012D210527AF005A70, 54E3452D778222A2EA4DE53394CFFF225156447FCCB9F2FDBD898CDE109C91C2 ] vstor2-ws60     C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
20:02:07.0577 0x04b0  vstor2-ws60 - ok
20:02:07.0593 0x04b0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:02:07.0601 0x04b0  vwifibus - ok
20:02:07.0630 0x04b0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:02:07.0639 0x04b0  vwififlt - ok
20:02:07.0682 0x04b0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:02:07.0696 0x04b0  W32Time - ok
20:02:07.0717 0x04b0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:02:07.0725 0x04b0  WacomPen - ok
20:02:07.0772 0x04b0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:02:07.0780 0x04b0  WANARP - ok
20:02:07.0789 0x04b0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:02:07.0792 0x04b0  Wanarpv6 - ok
20:02:07.0890 0x04b0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:02:07.0938 0x04b0  WatAdminSvc - ok
20:02:08.0011 0x04b0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:02:08.0070 0x04b0  wbengine - ok
20:02:08.0114 0x04b0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:02:08.0124 0x04b0  WbioSrvc - ok
20:02:08.0153 0x04b0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:02:08.0168 0x04b0  wcncsvc - ok
20:02:08.0198 0x04b0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:02:08.0206 0x04b0  WcsPlugInService - ok
20:02:08.0241 0x04b0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:02:08.0250 0x04b0  Wd - ok
20:02:08.0296 0x04b0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:02:08.0329 0x04b0  Wdf01000 - ok
20:02:08.0355 0x04b0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:02:08.0362 0x04b0  WdiServiceHost - ok
20:02:08.0369 0x04b0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:02:08.0374 0x04b0  WdiSystemHost - ok
20:02:08.0415 0x04b0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:02:08.0426 0x04b0  WebClient - ok
20:02:08.0466 0x04b0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:02:08.0477 0x04b0  Wecsvc - ok
20:02:08.0511 0x04b0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:02:08.0519 0x04b0  wercplsupport - ok
20:02:08.0568 0x04b0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:02:08.0577 0x04b0  WerSvc - ok
20:02:08.0595 0x04b0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:02:08.0597 0x04b0  WfpLwf - ok
20:02:08.0634 0x04b0  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:02:08.0642 0x04b0  WimFltr - ok
20:02:08.0674 0x04b0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:02:08.0682 0x04b0  WIMMount - ok
20:02:08.0716 0x04b0  WinDefend - ok
20:02:08.0727 0x04b0  WinHttpAutoProxySvc - ok
20:02:08.0791 0x04b0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:02:08.0800 0x04b0  Winmgmt - ok
20:02:08.0880 0x04b0  [ 0C0195C48B6B8582FA6F6373032118DA, 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5 ] WinRing0_1_2_0  C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
20:02:08.0898 0x04b0  WinRing0_1_2_0 - ok
20:02:08.0986 0x04b0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:02:09.0083 0x04b0  WinRM - ok
20:02:09.0164 0x04b0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:02:09.0173 0x04b0  WinUsb - ok
20:02:09.0258 0x04b0  [ F3EDC9909A02E6BCA863EB702D37B505, 7C102302884825366DFA9B58FBC8A686185C7A9BD47F83B6698B886E57DF6218 ] WinVNC4         C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
20:02:09.0270 0x04b0  WinVNC4 - ok
20:02:09.0319 0x04b0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:02:09.0353 0x04b0  Wlansvc - ok
20:02:09.0520 0x04b0  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:02:09.0617 0x04b0  wlidsvc - ok
20:02:09.0663 0x04b0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:02:09.0664 0x04b0  WmiAcpi - ok
20:02:09.0705 0x04b0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:02:09.0713 0x04b0  wmiApSrv - ok
20:02:09.0758 0x04b0  WMPNetworkSvc - ok
20:02:09.0788 0x04b0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:02:09.0791 0x04b0  WPCSvc - ok
20:02:09.0829 0x04b0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:02:09.0845 0x04b0  WPDBusEnum - ok
20:02:09.0875 0x04b0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:02:09.0884 0x04b0  ws2ifsl - ok
20:02:09.0936 0x04b0  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
20:02:09.0950 0x04b0  WsAudio_DeviceS(1) - ok
20:02:09.0982 0x04b0  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
20:02:09.0996 0x04b0  WsAudio_DeviceS(2) - ok
20:02:10.0021 0x04b0  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
20:02:10.0038 0x04b0  WsAudio_DeviceS(3) - ok
20:02:10.0064 0x04b0  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
20:02:10.0078 0x04b0  WsAudio_DeviceS(4) - ok
20:02:10.0120 0x04b0  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
20:02:10.0135 0x04b0  WsAudio_DeviceS(5) - ok
20:02:10.0166 0x04b0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
20:02:10.0174 0x04b0  wscsvc - ok
20:02:10.0181 0x04b0  WSearch - ok
20:02:10.0288 0x04b0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:02:10.0390 0x04b0  wuauserv - ok
20:02:10.0449 0x04b0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:02:10.0458 0x04b0  WudfPf - ok
20:02:10.0483 0x04b0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:10.0491 0x04b0  WUDFRd - ok
20:02:10.0528 0x04b0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:02:10.0544 0x04b0  wudfsvc - ok
20:02:10.0580 0x04b0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:02:10.0591 0x04b0  WwanSvc - ok
20:02:10.0639 0x04b0  [ 38F55D07B1D3391065C40EC065F984E2, 056F5E3034C4C11403D74F44A364964A3A5945608DAE2A03EF025A22F5C31B26 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
20:02:10.0647 0x04b0  xusb21 - ok
20:02:10.0718 0x04b0  [ 1CACFEF9E5DD866C5B79A135EE729E18, D46DBD2FA4B21F1EE9452EBBCBA143AB5BF83E2C9C8ACF25CEDBEFE02B4EA97D ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
20:02:10.0724 0x04b0  {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
20:02:10.0792 0x04b0  ================ Scan global ===============================
20:02:10.0822 0x04b0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:02:10.0877 0x04b0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:02:10.0896 0x04b0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:02:10.0933 0x04b0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:02:10.0963 0x04b0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:02:10.0972 0x04b0  [ Global ] - ok
20:02:10.0973 0x04b0  ================ Scan MBR ==================================
20:02:10.0990 0x04b0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:02:12.0075 0x04b0  \Device\Harddisk0\DR0 - ok
20:02:12.0076 0x04b0  ================ Scan VBR ==================================
20:02:12.0080 0x04b0  [ 6D3802932FB34686EADD1D7837D18D1F ] \Device\Harddisk0\DR0\Partition1
20:02:12.0081 0x04b0  \Device\Harddisk0\DR0\Partition1 - ok
20:02:12.0086 0x04b0  [ DD906C3B5EFFFF3F5DD2DBDE2F4D10B1 ] \Device\Harddisk0\DR0\Partition2
20:02:12.0088 0x04b0  \Device\Harddisk0\DR0\Partition2 - ok
20:02:12.0092 0x04b0  Waiting for KSN requests completion. In queue: 123
20:02:13.0092 0x04b0  Waiting for KSN requests completion. In queue: 123
20:02:14.0092 0x04b0  Waiting for KSN requests completion. In queue: 123
20:02:15.0120 0x04b0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
20:02:15.0125 0x04b0  Win FW state via NFP2: enabled
20:02:17.0878 0x04b0  ============================================================
20:02:17.0878 0x04b0  Scan finished
20:02:17.0878 0x04b0  ============================================================
20:02:17.0889 0x03dc  Detected object count: 0
20:02:17.0890 0x03dc  Actual detected object count: 0
 


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 26 March 2014 - 04:37 AM

Then please upload the attach.txt as requested.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 26 March 2014 - 04:34 PM

Have attached the TDSKiller log and the original attach.txt

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 27 March 2014 - 04:10 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 27 March 2014 - 06:32 PM

Ran Combofix - log below. I forgot to say that the problems identifies were occurring under Alex-Other user and I had not checked the prime Alex user. Both users were given admin rights originally. Post Combofix IE is now running properly, but trying to open Computer from the Start menu sidebar still gets access denied due to not having permission.  
 
ComboFix 14-03-24.01 - Alex 27/03/2014  22:47:51.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3037.1279 [GMT 0:00]
Running from: c:\users\Alex.Alex-PC\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
C:\install.exe
c:\users\Alex.Alex-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JMHL Loader
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\f.6wgyc@aeue-wfc.com
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\f.6wgyc@aeue-wfc.com\bootstrap.js
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\f.6wgyc@aeue-wfc.com\chrome.manifest
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\f.6wgyc@aeue-wfc.com\content\bg.js
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\f.6wgyc@aeue-wfc.com\install.rdf
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\lmab8_u@raoeevmoosff.org
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\lmab8_u@raoeevmoosff.org\bootstrap.js
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\lmab8_u@raoeevmoosff.org\chrome.manifest
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\lmab8_u@raoeevmoosff.org\content\bg.js
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\lmab8_u@raoeevmoosff.org\install.rdf
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\xocwyy0go@i-axoyoo.net
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\xocwyy0go@i-axoyoo.net\bootstrap.js
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\xocwyy0go@i-axoyoo.net\chrome.manifest
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\xocwyy0go@i-axoyoo.net\content\bg.js
c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\extensions\staged\xocwyy0go@i-axoyoo.net\install.rdf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mv2
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-27 to 2014-03-27  )))))))))))))))))))))))))))))))
.
.
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\TEMP.Alex-PC\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\TEMP.Alex-PC.002\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\TEMP.Alex-PC.001\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\TEMP.Alex-PC.000\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\AppData\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\Alex other 2\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\others\AppData\Local\temp
2014-03-27 23:09 . 2014-03-27 23:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-27 19:38 . 2014-03-27 19:38 -------- d-----w- c:\users\Alex.Alex-PC\AppData\Local\Skype
2014-03-27 19:37 . 2014-03-27 19:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-22 20:23 . 2014-03-22 20:23 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAEA7C56-AB2D-4585-9E5E-EBCE03F3C27A}\gapaengine.dll
2014-03-22 20:23 . 2014-03-06 21:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874CB792-E7D9-47C8-8E7C-8FE5B9571DE6}\mpengine.dll
2014-03-21 23:48 . 2014-03-21 23:48 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-03-21 22:49 . 2014-03-21 23:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-21 22:49 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-21 22:49 . 2014-03-21 22:49 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Programs
2014-03-21 22:15 . 2014-03-21 22:15 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Packages
2014-03-21 19:05 . 2013-12-18 21:10 877480 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2014-03-21 19:05 . 2013-12-18 21:10 800168 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-03-21 19:04 . 2014-03-21 19:04 -------- d-----w- c:\users\Others.Alex-PC\AppData\Roaming\Oracle
2014-03-21 18:39 . 2014-03-21 18:39 -------- d-----w- c:\users\Others.Alex-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-03-21 18:38 . 2014-03-21 18:38 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Ares
2014-03-21 18:38 . 2014-03-21 18:38 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\VirtualStore
2014-03-21 18:35 . 2014-03-21 22:12 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Google
2014-03-16 18:39 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 18:11 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 18:11 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-13 18:11 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-13 18:09 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 18:09 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 18:08 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 18:08 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-03 19:07 . 2014-03-03 19:07 -------- d-----w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft Help
2014-03-03 17:28 . 2014-03-03 17:28 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 22:32 . 2010-05-15 18:26 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 19:18 . 2012-08-08 04:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 19:18 . 2012-08-08 04:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-29 13:52 . 2012-10-03 16:59 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:33 . 2010-08-26 10:51 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-16 21:05 . 2014-01-16 21:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-16 21:05 . 2014-01-16 21:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-16 21:05 . 2014-01-16 21:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-16 21:05 . 2014-01-16 21:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-16 21:05 . 2014-01-16 21:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-16 21:05 . 2014-01-16 21:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-16 21:05 . 2014-01-16 21:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-16 21:05 . 2014-01-16 21:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-16 21:05 . 2014-01-16 21:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-16 21:05 . 2014-01-16 21:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-16 21:05 . 2014-01-16 21:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-16 21:05 . 2014-01-16 21:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-16 21:04 . 2014-01-16 21:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-16 21:04 . 2014-01-16 21:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-16 21:04 . 2014-01-16 21:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-16 21:04 . 2014-01-16 21:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-16 21:04 . 2014-01-16 21:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-16 21:04 . 2014-01-16 21:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-16 21:04 . 2014-01-16 21:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-16 21:04 . 2014-01-16 21:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-16 21:04 . 2014-01-16 21:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-16 21:04 . 2014-01-16 21:04 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-16 21:04 . 2014-01-16 21:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-16 21:04 . 2014-01-16 21:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-16 21:04 . 2014-01-16 21:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-16 21:04 . 2014-01-16 21:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-16 21:04 . 2014-01-16 21:04 413696 ----a-w- c:\windows\system32\html.iec
2014-01-16 21:04 . 2014-01-16 21:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-16 21:04 . 2014-01-16 21:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-16 21:04 . 2014-01-16 21:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-16 21:04 . 2014-01-16 21:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-16 21:04 . 2014-01-16 21:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-16 21:04 . 2014-01-16 21:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-16 21:04 . 2014-01-16 21:04 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-16 21:04 . 2014-01-16 21:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-16 21:04 . 2014-01-16 21:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-16 21:04 . 2014-01-16 21:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-16 21:04 . 2014-01-16 21:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-16 21:04 . 2014-01-16 21:04 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-16 21:04 . 2014-01-16 21:04 235520 ----a-w- c:\windows\system32\url.dll
2014-01-16 21:04 . 2014-01-16 21:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-16 21:04 . 2014-01-16 21:04 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-16 21:04 . 2014-01-16 21:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-16 21:04 . 2014-01-16 21:04 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-16 21:04 . 2014-01-16 21:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-16 21:04 . 2014-01-16 21:04 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-16 21:04 . 2014-01-16 21:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-16 21:04 . 2014-01-16 21:04 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-16 21:04 . 2014-01-16 21:04 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-16 21:04 . 2014-01-16 21:04 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-16 21:04 . 2014-01-16 21:04 135680 ----a-w- c:\windows\system32\iepeers.dll
2006-11-02 09:08 . 2010-01-10 20:14 466944 ----a-w- c:\program files\imagex.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]
2013-04-01 02:22 73728 ----a-w- c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 17:10 220632 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 17:10 220632 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 17:10 220632 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-02-19 6563608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 ----a-w- c:\progra~2\COMMON~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 14be225b;FastSys;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys;c:\windows\SYSNATIVE\DRIVERS\cv2k1.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys;c:\windows\SYSNATIVE\DRIVERS\tsvlb.sys [x]
R3 tsxusbdbus;Thinstuff TSX-USB Virtual Host Controller;c:\windows\system32\DRIVERS\tsxusbdbus.sys;c:\windows\SYSNATIVE\DRIVERS\tsxusbdbus.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys;c:\windows\SYSNATIVE\DRIVERS\tsvp.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/05/08 19:11];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 iTeleportService;iTeleportService;c:\program files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe;c:\program files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA008Vid.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ   getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 18:22 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 19:18]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:54]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 17:11 244696 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 17:11 244696 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 17:11 244696 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.searchguru.info/?pid=625&r=2013/12/08&hid=8443476045401369092&lg=EN&cc=GB&unqvl=43
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 13.37.13.37:1337
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchguru.info/?pid=625&r=2013/12/08&hid=8443476045401369092&lg=EN&cc=GB&unqvl=43
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchguru.info/?pid=625&r=2013/12/08&hid=8443476045401369092&lg=EN&cc=GB&unqvl=43&l=1&q=
FF - prefs.js: keyword.URL - hxxp://websearch.searchguru.info/?pid=625&r=2013/12/08&hid=8443476045401369092&lg=EN&cc=GB&unqvl=43&l=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKCU-Run-AppleIEDAV - c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{90367F75-05EF-BDF1-2D4A-318DEE0D1BBE} - c:\program files (x86)\SearchNewTab\eowssNoWF.x64.dll
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-abgx360 - c:\program files (x86)\abgx360\uninstall.exe
AddRemove-Cain & Abel v4.9.42 - c:\progra~2\Cain\UNINSTAL.EXE
AddRemove-FIFA 12 © EA_is1 - c:\program files (x86)\FIFA 12\unins000.exe
AddRemove-S-5902107913 - c:\programdata\quickset\sk-enhancer\sk-enhancer.exe
AddRemove-Test Drive Unlimited 2_is1 - c:\program files (x86)\Atari\TDU2\Uninstall\unins000.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{14be225b} - c:\progra~3\FastSys\FastSys.dll
AddRemove-{CE3611DD-0A15-C9B3-A886-A885CEC267D6} - c:\progra~3\INSTAL~2\{8FB52~1\Setup.exe
AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe
AddRemove-com.poweredbypulse.profile-0-rb-10081-1336425484037 - c:\users\Alex.Alex-PC\AppData\Local\MobiOne Studio\MobiOne 2.0.0M1a\Uninstaller\one-uninstall.exe
AddRemove-EasyDownloads - c:\program files (x86)\Easy Downloads\uninstall.exe
AddRemove-GK 1.0 - c:\users\Alex.Alex-PC\Desktop\Uninstal.exe
AddRemove-GK 2.0 - c:\program files (x86)\EA Sports\EA SPORTS FIFA 12 Demo\Uninstal.exe
AddRemove-SkyDriveSetup.exe - c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveSetup.exe
AddRemove-UnityWebPlayer - c:\users\Alex.Alex-PC\AppData\Local\Unity\WebPlayer\Uninstall.exe
AddRemove-Xbox 360 Tools - c:\users\Alex.Alex-PC\Documents\Xbox 360 Tools\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
   be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
   5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,
   45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
   c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,
   8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
   34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b,
   2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4
"{32B29DF0-2237-4370-9A29-37CEBB730E9B}"=hex:51,66,7a,6c,4c,1d,38,12,9e,9e,a1,
   36,05,6c,1e,06,e5,3f,74,8e,be,2d,4a,8f
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{40A1F11D-6E96-D6E3-1158-905CD17FDE70}"=hex:51,66,7a,6c,4c,1d,38,12,73,f2,b2,
   44,a4,20,8d,93,6e,4e,d3,1c,d4,21,9a,64
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
   98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
   a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
   1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,3a,7e,47,78,50,cc,01
.
[HKEY_USERS\S-1-5-21-4196182951-1744125346-1301472217-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3BB7E23-C3A6-978F-27F7-A23B759E0527}*]
"oafhabmpdndbpllipddnjjhlkellon"=hex:6a,61,6a,6e,6a,65,6d,70,6d,62,6a,6d,69,6f,
   70,61,6f,61,63,63,00,f3
"padokddolliicfclnmehlnhengloplfm"=hex:6a,61,6a,6e,6a,65,6d,70,6d,62,6a,6d,69,
   6f,70,61,6f,61,63,63,00,f3
.
[HKEY_USERS\S-1-5-21-4196182951-1744125346-1301472217-1006\Software\SecuROM\License information*]
"datasecu"=hex:a8,83,68,cf,c0,94,e5,80,02,4d,02,86,7d,14,2a,aa,bc,5d,ce,73,c4,
   d7,10,ae,1a,b5,c0,38,cf,c3,d2,7a,ea,62,46,99,33,37,0d,46,e5,b1,52,b9,e6,cf,\
"rkeysecu"=hex:f5,80,2b,77,1f,32,c7,ca,f0,a3,08,8b,5d,84,2a,18
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2014-03-27  23:24:43 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-27 23:24
.
Pre-Run: 283,471,360,000 bytes free
Post-Run: 283,149,770,752 bytes free
.
- - End Of File - - CC8D565D580605E44A051C4F3517A829
A36C5E4F47E84449FF07ED3517B43A31


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 28 March 2014 - 04:46 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 28 March 2014 - 04:38 PM

ComboFix 14-03-24.01 - Alex 28/03/2014  20:03:02.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3037.1436 [GMT 0:00]
Running from: c:\users\Alex.Alex-PC\Downloads\ComboFix.exe
Command switches used :: c:\users\Alex.Alex-PC\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Tongbu
c:\program files (x86)\Tongbu\7z.dll
c:\program files (x86)\Tongbu\Addin\npTongbuAddin.dll
c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll
c:\program files (x86)\Tongbu\AppSite.ico
c:\program files (x86)\Tongbu\cache.app.dll
c:\program files (x86)\Tongbu\cache.info.dll
c:\program files (x86)\Tongbu\cache.log.dll
c:\program files (x86)\Tongbu\cache.web.dll
c:\program files (x86)\Tongbu\Codes\ffmpeg.exe
c:\program files (x86)\Tongbu\CoreUpdate.dll
c:\program files (x86)\Tongbu\Exception\Exception20140202.txt
c:\program files (x86)\Tongbu\Feedback.exe
c:\program files (x86)\Tongbu\Hash72.dll
c:\program files (x86)\Tongbu\Helper.exe
c:\program files (x86)\Tongbu\History.rtf
c:\program files (x86)\Tongbu\IconDir\AppUpgrade_4fdda8d58a.ico
c:\program files (x86)\Tongbu\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\Tongbu\Lang\en-US.lang
c:\program files (x86)\Tongbu\Lang\ja-JP.lang
c:\program files (x86)\Tongbu\Lang\zh-CN.lang
c:\program files (x86)\Tongbu\Lang\zh-TW.lang
c:\program files (x86)\Tongbu\Launcher.exe
c:\program files (x86)\Tongbu\libchara.dll
c:\program files (x86)\Tongbu\PkgInstaller.exe
c:\program files (x86)\Tongbu\protobuf-net.dll
c:\program files (x86)\Tongbu\System.Data.SQLite.dll
c:\program files (x86)\Tongbu\System.Data.SQLite3.dll
c:\program files (x86)\Tongbu\Tongbu.exe
c:\program files (x86)\Tongbu\Tongbu.exe.config
c:\program files (x86)\Tongbu\Tongbu.exe.manifest
c:\program files (x86)\Tongbu\uninst.exe
c:\program files (x86)\Tongbu\zlib.net.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_14be225b
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-28 to 2014-03-28  )))))))))))))))))))))))))))))))
.
.
2014-03-27 19:38 . 2014-03-27 19:38 -------- d-----w- c:\users\Alex.Alex-PC\AppData\Local\Skype
2014-03-27 19:37 . 2014-03-27 19:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-22 20:23 . 2014-03-22 20:23 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAEA7C56-AB2D-4585-9E5E-EBCE03F3C27A}\gapaengine.dll
2014-03-22 20:23 . 2014-03-06 21:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874CB792-E7D9-47C8-8E7C-8FE5B9571DE6}\mpengine.dll
2014-03-21 23:48 . 2014-03-21 23:48 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-03-21 22:49 . 2014-03-21 23:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-21 22:49 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-21 22:49 . 2014-03-21 22:49 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Programs
2014-03-21 22:15 . 2014-03-21 22:15 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Packages
2014-03-21 19:05 . 2013-12-18 21:10 877480 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2014-03-21 19:05 . 2013-12-18 21:10 800168 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-03-21 19:04 . 2014-03-21 19:04 -------- d-----w- c:\users\Others.Alex-PC\AppData\Roaming\Oracle
2014-03-21 18:39 . 2014-03-21 18:39 -------- d-----w- c:\users\Others.Alex-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-03-21 18:38 . 2014-03-21 18:38 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Ares
2014-03-21 18:38 . 2014-03-21 18:38 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\VirtualStore
2014-03-21 18:35 . 2014-03-21 22:12 -------- d-----w- c:\users\Others.Alex-PC\AppData\Local\Google
2014-03-16 18:39 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 18:11 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 18:11 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-13 18:11 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-13 18:09 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 18:09 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 18:08 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 18:08 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-03 19:07 . 2014-03-03 19:07 -------- d-----w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft Help
2014-03-03 17:28 . 2014-03-03 17:28 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 22:32 . 2010-05-15 18:26 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 19:18 . 2012-08-08 04:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 19:18 . 2012-08-08 04:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-29 13:52 . 2012-10-03 16:59 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:33 . 2010-08-26 10:51 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-16 21:05 . 2014-01-16 21:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-16 21:05 . 2014-01-16 21:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-16 21:05 . 2014-01-16 21:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-16 21:05 . 2014-01-16 21:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-16 21:05 . 2014-01-16 21:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-16 21:05 . 2014-01-16 21:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-16 21:05 . 2014-01-16 21:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-16 21:05 . 2014-01-16 21:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-16 21:05 . 2014-01-16 21:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-16 21:05 . 2014-01-16 21:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-16 21:05 . 2014-01-16 21:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-16 21:05 . 2014-01-16 21:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-16 21:04 . 2014-01-16 21:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-16 21:04 . 2014-01-16 21:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-16 21:04 . 2014-01-16 21:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-16 21:04 . 2014-01-16 21:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-16 21:04 . 2014-01-16 21:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-16 21:04 . 2014-01-16 21:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-16 21:04 . 2014-01-16 21:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-16 21:04 . 2014-01-16 21:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-16 21:04 . 2014-01-16 21:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-16 21:04 . 2014-01-16 21:04 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-16 21:04 . 2014-01-16 21:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-16 21:04 . 2014-01-16 21:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-16 21:04 . 2014-01-16 21:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-16 21:04 . 2014-01-16 21:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-16 21:04 . 2014-01-16 21:04 413696 ----a-w- c:\windows\system32\html.iec
2014-01-16 21:04 . 2014-01-16 21:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-16 21:04 . 2014-01-16 21:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-16 21:04 . 2014-01-16 21:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-16 21:04 . 2014-01-16 21:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-16 21:04 . 2014-01-16 21:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-16 21:04 . 2014-01-16 21:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-16 21:04 . 2014-01-16 21:04 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-16 21:04 . 2014-01-16 21:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-16 21:04 . 2014-01-16 21:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-16 21:04 . 2014-01-16 21:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-16 21:04 . 2014-01-16 21:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-16 21:04 . 2014-01-16 21:04 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-16 21:04 . 2014-01-16 21:04 235520 ----a-w- c:\windows\system32\url.dll
2014-01-16 21:04 . 2014-01-16 21:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-16 21:04 . 2014-01-16 21:04 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-16 21:04 . 2014-01-16 21:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-16 21:04 . 2014-01-16 21:04 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-16 21:04 . 2014-01-16 21:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-16 21:04 . 2014-01-16 21:04 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-16 21:04 . 2014-01-16 21:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-16 21:04 . 2014-01-16 21:04 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-16 21:04 . 2014-01-16 21:04 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-16 21:04 . 2014-01-16 21:04 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-16 21:04 . 2014-01-16 21:04 135680 ----a-w- c:\windows\system32\iepeers.dll
2006-11-02 09:08 . 2010-01-10 20:14 466944 ----a-w- c:\program files\imagex.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 17:10 220632 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 17:10 220632 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 17:10 220632 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-02-19 6563608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 ----a-w- c:\progra~2\COMMON~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys;c:\windows\SYSNATIVE\DRIVERS\cv2k1.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys;c:\windows\SYSNATIVE\DRIVERS\tsvlb.sys [x]
R3 tsxusbdbus;Thinstuff TSX-USB Virtual Host Controller;c:\windows\system32\DRIVERS\tsxusbdbus.sys;c:\windows\SYSNATIVE\DRIVERS\tsxusbdbus.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys;c:\windows\SYSNATIVE\DRIVERS\tsvp.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/05/08 19:11];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 iTeleportService;iTeleportService;c:\program files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe;c:\program files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA008Vid.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ   getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 18:22 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 19:18]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:54]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90367F75-05EF-BDF1-2D4A-318DEE0D1BBE}]
c:\program files (x86)\SearchNewTab\eowssNoWF.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 17:11 244696 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 17:11 244696 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 17:11 244696 ------w- c:\users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F72C8153-7140-4FEE-8F69-CA4579D71195} - c:\program files (x86)\Tongbu\Addin\tbIEAddin.dll
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
AddRemove-abgx360 - c:\program files (x86)\abgx360\uninstall.exe
AddRemove-Cain & Abel v4.9.42 - c:\progra~2\Cain\UNINSTAL.EXE
AddRemove-FIFA 12 © EA_is1 - c:\program files (x86)\FIFA 12\unins000.exe
AddRemove-S-5902107913 - c:\programdata\quickset\sk-enhancer\sk-enhancer.exe
AddRemove-Test Drive Unlimited 2_is1 - c:\program files (x86)\Atari\TDU2\Uninstall\unins000.exe
AddRemove-Tongbu2 - c:\program files (x86)\Tongbu\uninst.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{14be225b} - c:\progra~3\FastSys\FastSys.dll
AddRemove-{CE3611DD-0A15-C9B3-A886-A885CEC267D6} - c:\progra~3\INSTAL~2\{8FB52~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,3a,7e,47,78,50,cc,01
.
[HKEY_USERS\S-1-5-21-4196182951-1744125346-1301472217-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3BB7E23-C3A6-978F-27F7-A23B759E0527}*]
"oafhabmpdndbpllipddnjjhlkellon"=hex:6a,61,6a,6e,6a,65,6d,70,6d,62,6a,6d,69,6f,
   70,61,6f,61,63,63,00,f3
"padokddolliicfclnmehlnhengloplfm"=hex:6a,61,6a,6e,6a,65,6d,70,6d,62,6a,6d,69,
   6f,70,61,6f,61,63,63,00,f3
.
[HKEY_USERS\S-1-5-21-4196182951-1744125346-1301472217-1006\Software\SecuROM\License information*]
"datasecu"=hex:a8,83,68,cf,c0,94,e5,80,02,4d,02,86,7d,14,2a,aa,bc,5d,ce,73,c4,
   d7,10,ae,1a,b5,c0,38,cf,c3,d2,7a,ea,62,46,99,33,37,0d,46,e5,b1,52,b9,e6,cf,\
"rkeysecu"=hex:f5,80,2b,77,1f,32,c7,ca,f0,a3,08,8b,5d,84,2a,18
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-03-28  20:38:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-28 20:38
ComboFix2.txt  2014-03-27 23:24
.
Pre-Run: 283,292,823,552 bytes free
Post-Run: 282,944,479,232 bytes free
.
- - End Of File - - 1E3D707A26BA77817C55BA19E0336475
A36C5E4F47E84449FF07ED3517B43A31
 
 
Downloaded Malware. Ran and it found a range of files. It asked for an option to be selected and I moved it from ignore once to quarantine. The Malware did not ask for a restart. The list of items comes up in the history - asking to restore or delete. The scan log is empty - I try to export that empty file and Malware stops working - so I am unable to paste the log.


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 31 March 2014 - 02:45 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

You may find the Malwarebytes log within the program at the "logs" tab. Please export it there and upload it as well.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 09 April 2014 - 03:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 14 April 2014 - 05:31 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 14 April 2014 - 05:31 AM

Please follow my last instructions and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 17 April 2014 - 02:45 PM

ComboFix 14-04-12.01 - Alex 12/04/2014  21:35:00.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3037.1341 [GMT 1:00]
Running from: C:\Users\Alex.Alex-PC\Downloads\ComboFix.exe
Command switches used :: C:\Users\Alex.Alex-PC\Downloads\CFScript (1).txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2014-03-12 to 2014-04-12  )))))))))))))))))))))))))))))))
 
 
2014-04-09 22:30:08 . 2014-03-06 06:00:52 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-09 22:30:08 . 2014-03-06 05:50:23 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-09 22:30:06 . 2014-03-06 08:32:38 574976 ----a-w- C:\Windows\system32\ieui.dll
2014-04-09 15:01:45 . 2014-02-04 02:35:56 190912 ----a-w- C:\Windows\system32\drivers\storport.sys
2014-04-08 00:02:53 . 2014-04-08 00:02:53 136568 ----a-r- C:\Users\Alex.Alex-PC\AppData\Roaming\Microsoft\Installer\{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}\URLShortcut_French_B2DF3553895D431AB898FB0282944C9C.exe
2014-04-02 15:34:44 . 2014-04-02 21:38:16 -------- d-----w- C:\Users\Alex.Alex-PC\AppData\Roaming\MultiBit
2014-04-02 15:32:42 . 2014-04-02 16:04:49 -------- d-----w- C:\Program Files (x86)\MultiBit-0.5.17
2014-03-28 20:43:52 . 2014-03-28 21:32:29 119512 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-03-28 20:43:09 . 2014-03-05 09:26:18 63192 ----a-w- C:\Windows\system32\drivers\mwac.sys
2014-03-28 20:43:09 . 2014-03-05 09:26:08 88280 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-03-28 20:43:08 . 2014-03-28 20:43:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 19:38:25 . 2014-03-27 19:38:25 -------- d-----w- C:\Users\Alex.Alex-PC\AppData\Local\Skype
2014-03-27 19:37:48 . 2014-03-27 19:37:48 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2014-03-22 20:23:43 . 2014-03-22 20:23:10 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAEA7C56-AB2D-4585-9E5E-EBCE03F3C27A}\gapaengine.dll
2014-03-22 20:23:14 . 2014-03-06 21:43:48 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{874CB792-E7D9-47C8-8E7C-8FE5B9571DE6}\mpengine.dll
2014-03-21 23:48:03 . 2014-03-21 23:48:03 12872 ----a-w- C:\Windows\system32\bootdelete.exe
2014-03-21 22:49:52 . 2014-03-05 09:26:04 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-03-21 22:49:31 . 2014-03-21 22:49:31 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Programs
2014-03-21 22:15:25 . 2014-03-21 22:15:25 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Packages
2014-03-21 19:05:32 . 2013-12-18 21:10:57 877480 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2014-03-21 19:05:32 . 2013-12-18 21:10:36 800168 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-03-21 19:04:10 . 2014-03-21 19:04:10 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Roaming\Oracle
2014-03-21 18:39:14 . 2014-03-21 18:39:14 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-03-21 18:38:34 . 2014-03-21 18:38:51 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Ares
2014-03-21 18:38:11 . 2014-03-21 18:38:11 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\VirtualStore
2014-03-21 18:35:37 . 2014-03-21 22:12:24 -------- d-----w- C:\Users\Others.Alex-PC\AppData\Local\Google
2014-03-16 18:39:34 . 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\system32\win32k.sys
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-04-09 17:32:10 . 2010-05-15 18:26:27 90655440 ----a-w- C:\Windows\system32\MRT.exe
2014-03-13 19:18:27 . 2012-08-08 04:13:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-13 19:18:27 . 2012-08-08 04:13:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 08:52:30 . 2012-03-20 19:44:12 133928 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17:05 . 2014-04-09 15:01:35 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-04 02:32:22 . 2014-03-13 18:08:27 1424384 ----a-w- C:\Windows\system32\WindowsCodecs.dll
2014-02-04 02:32:12 . 2014-03-13 18:09:35 624128 ----a-w- C:\Windows\system32\qedit.dll
2014-02-04 02:04:22 . 2014-03-13 18:08:27 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 . 2014-03-13 18:09:35 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 13:52:09 . 2012-10-03 16:59:10 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-29 02:32:18 . 2014-03-13 18:11:01 484864 ----a-w- C:\Windows\system32\wer.dll
2014-01-29 02:06:47 . 2014-03-13 18:11:01 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 . 2014-03-13 18:11:03 228864 ----a-w- C:\Windows\system32\wwansvc.dll
2014-01-25 00:19:42 . 2014-01-25 00:19:42 268512 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2014-01-19 07:33:29 . 2010-08-26 10:51:02 270496 ------w- C:\Windows\system32\MpSigStub.exe
2014-01-16 21:05:10 . 2014-01-16 21:05:10 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-01-16 21:05:02 . 2014-01-16 21:05:02 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-01-16 21:05:02 . 2014-01-16 21:05:02 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-01-16 21:05:02 . 2014-01-16 21:05:02 235008 ----a-w- C:\Windows\system32\elshyph.dll
2014-01-16 21:05:02 . 2014-01-16 21:05:02 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-01-16 21:05:01 . 2014-01-16 21:05:01 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-01-16 21:05:01 . 2014-01-16 21:05:01 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-01-16 21:05:01 . 2014-01-16 21:05:01 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2014-01-16 21:05:00 . 2014-01-16 21:05:00 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe
2014-01-16 21:05:00 . 2014-01-16 21:05:00 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2014-01-16 21:05:00 . 2014-01-16 21:05:00 1051136 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-01-16 21:04:59 . 2014-01-16 21:04:59 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-01-16 21:04:59 . 2014-01-16 21:04:59 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2014-01-16 21:04:59 . 2014-01-16 21:04:59 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-01-16 21:04:59 . 2014-01-16 21:04:59 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2014-01-16 21:04:59 . 2014-01-16 21:04:59 36352 ----a-w- C:\Windows\SysWow64\imgutil.dll
2014-01-16 21:04:59 . 2014-01-16 21:04:59 13312 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-01-16 21:04:59 . 2014-01-16 21:04:59 111616 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2014-01-16 21:04:58 . 2014-01-16 21:04:58 942592 ----a-w- C:\Windows\system32\jsIntl.dll
2014-01-16 21:04:58 . 2014-01-16 21:04:58 86016 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-16 21:04:58 . 2014-01-16 21:04:58 247808 ----a-w- C:\Windows\system32\msls31.dll
2014-01-16 21:04:57 . 2014-01-16 21:04:57 90112 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2014-01-16 21:04:57 . 2014-01-16 21:04:57 77312 ----a-w- C:\Windows\system32\tdc.ocx
2014-01-16 21:04:57 . 2014-01-16 21:04:57 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2014-01-16 21:04:57 . 2014-01-16 21:04:57 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2014-01-16 21:04:57 . 2014-01-16 21:04:57 413696 ----a-w- C:\Windows\system32\html.iec
2014-01-16 21:04:57 . 2014-01-16 21:04:57 13312 ----a-w- C:\Windows\system32\msfeedssync.exe
2014-01-16 21:04:57 . 2014-01-16 21:04:57 131072 ----a-w- C:\Windows\system32\IEAdvpack.dll
2014-01-16 21:04:57 . 2014-01-16 21:04:57 105984 ----a-w- C:\Windows\system32\iesysprep.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 84992 ----a-w- C:\Windows\system32\mshtmled.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 81408 ----a-w- C:\Windows\system32\icardie.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 616104 ----a-w- C:\Windows\system32\ieapfltr.dat
2014-01-16 21:04:56 . 2014-01-16 21:04:56 30208 ----a-w- C:\Windows\system32\licmgr10.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 263376 ----a-w- C:\Windows\system32\iedkcs32.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 243200 ----a-w- C:\Windows\system32\webcheck.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 235520 ----a-w- C:\Windows\system32\url.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 167424 ----a-w- C:\Windows\system32\iexpress.exe
2014-01-16 21:04:56 . 2014-01-16 21:04:56 143872 ----a-w- C:\Windows\system32\wextract.exe
2014-01-16 21:04:56 . 2014-01-16 21:04:56 1228800 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2014-01-16 21:04:56 . 2014-01-16 21:04:56 101376 ----a-w- C:\Windows\system32\inseng.dll
2014-01-16 21:04:55 . 2014-01-16 21:04:55 83968 ----a-w- C:\Windows\system32\MshtmlDac.dll
2014-01-16 21:04:55 . 2014-01-16 21:04:55 774144 ----a-w- C:\Windows\system32\jscript.dll
2014-01-16 21:04:55 . 2014-01-16 21:04:55 62464 ----a-w- C:\Windows\system32\pngfilt.dll
2014-01-16 21:04:55 . 2014-01-16 21:04:55 147968 ----a-w- C:\Windows\system32\occache.dll
2014-01-16 21:04:55 . 2014-01-16 21:04:55 13824 ----a-w- C:\Windows\system32\mshta.exe
2014-01-16 21:04:55 . 2014-01-16 21:04:54 48128 ----a-w- C:\Windows\system32\imgutil.dll
2014-01-16 21:04:54 . 2014-01-16 21:04:54 135680 ----a-w- C:\Windows\system32\iepeers.dll
2006-11-02 09:08:52 . 2010-01-10 20:14:14 466944 ----a-w- C:\Program Files\imagex.exe
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]
C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll [BU]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 17:10:51 220632 ------w- C:\Users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 17:10:51 220632 ------w- C:\Users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 17:10:51 220632 ------w- C:\Users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 13:58:52 495616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-02-19 16:45:26 6563608]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 16:32:24 152392]
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 11:19:26 5624784]
"Razer Naga Driver"="C:\Program Files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 14:33:52 810880]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13:38 49152 ----a-w- C:\PROGRA~2\COMMON~1\Stardock\MCPStub.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
 
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys;C:\Windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys;C:\Windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 CV2K1;CommView Network Monitor;C:\Windows\system32\DRIVERS\cv2k1.sys;C:\Windows\SYSNATIVE\DRIVERS\cv2k1.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys;C:\Windows\SYSNATIVE\drivers\npf.sys [x]
R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys;C:\Windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RzSynapse;Razer Naga Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys;C:\Windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsVlb;TsVlb;C:\Windows\system32\DRIVERS\tsvlb.sys;C:\Windows\SYSNATIVE\DRIVERS\tsvlb.sys [x]
R3 tsxusbdbus;Thinstuff TSX-USB Virtual Host Controller;C:\Windows\system32\DRIVERS\tsxusbdbus.sys;C:\Windows\SYSNATIVE\DRIVERS\tsxusbdbus.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys;C:\Windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 gfibto;gfibto;C:\Windows\system32\drivers\gfibto.sys;C:\Windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 TsVp;TsVp;C:\Windows\system32\DRIVERS\tsvp.sys;C:\Windows\SYSNATIVE\DRIVERS\tsvp.sys [x]
S1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/05/08 19:11:02];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl;C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe;C:\Windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys;C:\Windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe;C:\Program Files\Dell\DellDock\DockLogin.exe [x]
S2 iTeleportService;iTeleportService;C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe;C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [x]
S2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vmci;VMware vmci;C:\Windows\system32\drivers\vmci.sys;C:\Windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys;C:\Windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys;C:\Windows\SYSNATIVE\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys;C:\Windows\SYSNATIVE\DRIVERS\OA008Vid.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ   getPlusHelper
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 14:36:29 1077576 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2014-04-12 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 04:13:22 . 2014-03-13 19:18:27]
 
2014-04-12 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:54:56 . 2010-01-31 12:54:41]
 
2014-04-12 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 12:54:56 . 2010-01-31 12:54:41]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 17:11:05 244696 ------w- C:\Users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 17:11:05 244696 ------w- C:\Users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 17:11:05 244696 ------w- C:\Users\Alex.Alex-PC\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05:26 777032 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="C:\Program Files (x86)\IDT\WDM\sttray64.exe" [BU]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2014-03-11 11:34:12 1271072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre7\bin\jusched.exe" [BU]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II,
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer =
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II,
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q=
 
- - - - ORPHANS REMOVED - - - -
 
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
AddRemove-abgx360 - C:\Program Files (x86)\abgx360\uninstall.exe
AddRemove-Cain & Abel v4.9.42 - C:\PROGRA~2\Cain\UNINSTAL.EXE
AddRemove-FIFA 12 © EA_is1 - C:\Program Files (x86)\FIFA 12\unins000.exe
AddRemove-S-5902107913 - c:\programdata\quickset\sk-enhancer\sk-enhancer.exe
AddRemove-Test Drive Unlimited 2_is1 - C:\Program Files (x86)\Atari\TDU2\Uninstall\unins000.exe
AddRemove-Tongbu2 - C:\Program Files (x86)\Tongbu\uninst.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{14be225b} - C:\PROGRA~3\FastSys\FastSys.dll
AddRemove-{CE3611DD-0A15-C9B3-A886-A885CEC267D6} - C:\PROGRA~3\INSTAL~2\{8FB52~1\Setup.exe
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/04/2014
Scan Time: 22:30:25
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.12.05
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 522392
Time Elapsed: 23 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 8
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfUcS9SYN2hNmoMqHHU,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfUcS9SYN2hNmoMqHHU,&q={searchTerms}),Replaced,[81f481a8aecdcd69e2e12ce9c04409f7]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II,),Replaced,[e98c6ebbc0bbff37fdca11043dc79c64]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II,),Replaced,[99dc3cede09b0a2cc1f29689e71de21e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}),Replaced,[bbbaf633cab1e84ef1d74fc6eb199a66]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}),Replaced,[80f5989187f40f277440938cc93b2bd5]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}),Replaced,[c3b269c06d0e61d519b0b065bb49ad53]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}),Replaced,[c7aef63382f9d264f2c31a0527dd9070]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4196182951-1744125346-1301472217-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q={searchTerms}),Replaced,[adc8fc2d7efdfa3c556f75a064a0669a]
 
Folders: 1
PUP.Optional.SimilarSites.A, C:\Users\Alex.Alex-PC\AppData\Roaming\SimilarSites, Quarantined, [9ed7b1788dee191d54ec79e9d13143bd], 
 
Files: 10
PUP.Optional.BundleInstaller.A, C:\Users\Alex.Alex-PC\Downloads\xbox-backup-creator-windows-downloader.exe, Quarantined, [82f388a1b4c7b87ea1c17aedcc356b95], 
PUP.Optional.Iminent.A, C:\Users\Alex other 2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [c2b346e3d0ab1c1a0a88aeb85da58779], 
PUP.Optional.Iminent.A, C:\Users\Alex.Alex-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [2055ee3b6912a98d9ef41f475ca61be5], 
PUP.Optional.Iminent.A, C:\Users\others\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [c3b23ced7efd4de90989de8821e1c937], 
PUP.Optional.WebSearch.A, C:\Users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\searchplugins\Web Search.xml, Quarantined, [afc680a90d6ea49294369ece14ee936d], 
PUP.Optional.SimilarSites.A, C:\Users\Alex.Alex-PC\AppData\Roaming\SimilarSites\chromeReset.exe, Quarantined, [9ed7b1788dee191d54ec79e9d13143bd], 
PUP.Optional.SimilarSites.A, C:\Users\Alex.Alex-PC\AppData\Roaming\SimilarSites\similarsites.crx, Quarantined, [9ed7b1788dee191d54ec79e9d13143bd], 
PUP.Optional.SimilarSites.A, C:\Users\Alex.Alex-PC\AppData\Roaming\SimilarSites\SimilarSites.exe, Quarantined, [9ed7b1788dee191d54ec79e9d13143bd], 
PUP.Optional.HelperBar.A, C:\Users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsF1UH_g-PJrWACu9OIWULV1Z-zYKvDm6ZLcHc-Jwi9e7fRi2uw_yrueGQdyR4JElO6NLDQtVb9BzaeDIXfKk_cjR_CUbqjX5pHE,&q=");), Replaced,[1b5ad554b5c6de58948365e53aca43bd]
PUP.Optional.HelperBar.A, C:\Users\Alex.Alex-PC\AppData\Roaming\Mozilla\Firefox\Profiles\lexct597.default-1377581773020\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36LI7P80qkWEwcGNI8o8WE3GnRhOxfsunOBk-iuPwNi-6M2dczZ7qfS8Aw6Hw6c0N9rPPEHNtrs68lsFG6XoB_xXRt1J8Qzi1sOavWXxWJ12avVYaS5H4y45QVMxJNSeij3EfJsdD4CNt_y3rbUQdayFoe-GQpV6aPmGwPhIjrUWqy-II,");), Replaced,[284d0d1ccdae2610b3d9311909fbf709]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 18 April 2014 - 03:26 AM

Are there issues left now?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users