Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The "is my computer infected folks sent me...


  • This topic is locked This topic is locked
32 replies to this topic

#1 chakra angel

chakra angel

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 12 May 2014 - 06:25 PM

Hi ...

Got some help from the forum noted above. They suggested I post here because I might have some "rootkits"

Thanks for helping.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Owner at 19:15:59 on 2014-05-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3885.2187 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxbucoms.exe
C:\Windows\system32\lxcjcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8E8ED998-43BE-4D46-B212-3056890D23C5} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{CD5E4765-7C12-437B-8E52-4393B2185B14} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD5E4765-7C12-437B-8E52-4393B2185B14}\A41636B684F6D656 : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [LXCJCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCJtime.dll,RunDLLEntry
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LXBUCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBUtime.dll,RunDLLEntry
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6sjsik.default\
FF - prefs.js: keyword.URL -
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-8-18 15928]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-7 45856]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-8-18 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-9 219480]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-7 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-18 2314240]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-18 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-7 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-7 701512]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-8-18 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-6 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-6 1255736]
.
=============== Created Last 30 ================
.
2014-05-12 01:36:13 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7D8AA1C-9D5B-48EA-BEAD-7886C0F6994A}\mpengine.dll
2014-05-09 23:36:11 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 21:58:29 -------- d-----w- C:\Program Files (x86)\ESET
2014-05-08 20:36:24 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44385351-73C1-44EE-A1C0-0D91E0D0A348}\gapaengine.dll
2014-05-08 02:09:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-08 02:09:18 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-07 21:52:09 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-05-07 21:52:09 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-05-07 00:49:44 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-07 00:17:02 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-07 00:15:28 -------- d-----w- C:\AdwCleaner
2014-05-07 00:01:40 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-07 00:01:39 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-04-28 23:34:40 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-28 23:34:39 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 19:16:36.58 ===============

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 8:32:51 PM
System Uptime: 5/12/2014 6:41:30 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | K52F
Processor: Intel® Core™ i3 CPU       M 370  @ 2.40GHz | Socket 989 | 2399/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 374.158 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP208: 3/29/2014 2:36:08 PM - Windows Update
RP209: 4/3/2014 10:14:38 AM - Windows Update
RP210: 4/3/2014 12:20:08 PM - Installed QuickTime 7
RP211: 4/6/2014 3:28:47 PM - Windows Update
RP212: 4/8/2014 10:36:02 PM - Windows Update
RP213: 4/13/2014 6:10:18 PM - Windows Update
RP214: 4/17/2014 7:52:50 PM - Windows Update
RP215: 4/21/2014 8:05:24 PM - Windows Update
RP216: 4/26/2014 5:01:23 AM - Windows Update
RP217: 4/29/2014 7:18:56 PM - Windows Update
RP218: 5/2/2014 9:12:54 PM - Windows Update
RP219: 5/6/2014 8:01:13 PM - Windows Update
RP220: 5/6/2014 8:49:17 PM - Windows Update
RP221: 5/7/2014 10:09:02 PM - Windows Update
RP222: 5/11/2014 9:34:34 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATK Package
Best Buy Software Installer
CCleaner
Choice Guard
Conexant HD Audio
ControlDeck
CyberLink LabelPrint
CyberLink Power2Go
Elevated Installer
ESET Online Scanner v3
Fast Boot
File Shredder 2.5
Free File Viewer 2012
Garmin Express
Garmin Express Tray
Garmin Update Service
Get Lyrics
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software
Java 7 Update 21
Java Auto Updater
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
Lexmark 6200 Series
Lexmark 8300 Series
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
QuickBooks
QuickBooks Connection Diagnostic Tool
QuickBooks Pro 2010
QuickTime 7
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB 2.0 VGA UVC WebCam
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
WinPatrol
Wireless Console 3
Yahoo! SiteBuilder
.
==== End Of File ===========================

 



BC AdBot (Login to Remove)

 


m

#2 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 12 May 2014 - 06:39 PM

Almost forgot, they asked me to post this log as well...

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 05/12/2014 19:35:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x769F46E9)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733876AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377525)
[Address] EAT @iexplore.exe (CloseThemeData) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73361FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337786D)
[Address] EAT @iexplore.exe (EnableTheming) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733763AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73370190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73364B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73366651)
[Address] EAT @iexplore.exe (GetThemeColor) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733627C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733627C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B997)
[Address] EAT @iexplore.exe (GetThemeFont) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733776A2)
[Address] EAT @iexplore.exe (GetThemeInt) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733627C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73362F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733755B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336289F)
[Address] EAT @iexplore.exe (GetThemePosition) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73370923)
[Address] EAT @iexplore.exe (GetThemeRect) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B936)
[Address] EAT @iexplore.exe (GetThemeStream) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73375530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733689FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73372DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377009)
[Address] EAT @iexplore.exe (IsCompositionActive) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733665DF)
[Address] EAT @iexplore.exe (IsThemeActive) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73376F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733630CF)
[Address] EAT @iexplore.exe (OpenThemeData) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73365F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733706FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73369E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73364571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733875ED)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x769F46E9)
[Address] EAT @iexplore.exe (DllCanUnloadNow) : cryptnet.dll -> HOOKED (C:\Windows\SysWOW64\ieapfltr.dll @ 0x65B01845)
[Address] EAT @iexplore.exe (DllGetClassObject) : cryptnet.dll -> HOOKED (C:\Windows\SysWOW64\ieapfltr.dll @ 0x65AF7390)
[Address] EAT @iexplore.exe (DllRegisterServer) : cryptnet.dll -> HOOKED (C:\Windows\SysWOW64\ieapfltr.dll @ 0x65B30FE0)
[Address] EAT @iexplore.exe (DllUnregisterServer) : cryptnet.dll -> HOOKED (C:\Windows\SysWOW64\ieapfltr.dll @ 0x65B31042)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x769F46E9)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733876AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377525)
[Address] EAT @iexplore.exe (CloseThemeData) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73361FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337786D)
[Address] EAT @iexplore.exe (EnableTheming) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733763AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73370190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73364B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73366651)
[Address] EAT @iexplore.exe (GetThemeColor) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733627C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733627C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B997)
[Address] EAT @iexplore.exe (GetThemeFont) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733776A2)
[Address] EAT @iexplore.exe (GetThemeInt) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733627C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73362F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733755B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336289F)
[Address] EAT @iexplore.exe (GetThemePosition) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73370923)
[Address] EAT @iexplore.exe (GetThemeRect) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B936)
[Address] EAT @iexplore.exe (GetThemeStream) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73375530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733689FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7337535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73372DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377009)
[Address] EAT @iexplore.exe (IsCompositionActive) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733665DF)
[Address] EAT @iexplore.exe (IsThemeActive) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73376F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7336281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733630CF)
[Address] EAT @iexplore.exe (OpenThemeData) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73365F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733706FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7338CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73377AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73369E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73364571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : dhcpcsvc6.DLL -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x733875ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] fef5b81c2705be0d103b59c1c397e75d
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 20002 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 456936 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05122014_193505.txt >>

 

 



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 13 May 2014 - 02:26 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 May 2014 - 07:09 PM

Hi Marius,

after running the gmer scan I attempted to run the TDSS scan and got the blue screen of death...

A synopsis of what it said: "windows shut down to prevent damage to your computer." If this is the first time your seen this "stop error screen" restart your computer (I did). Also said something about a "crash dump."

After restarting there was a message about the shutdown and these are the details of the problem:

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: 109

BCP1: A3A039D89F6F1679

BCP2: B3B7465EF1ED5333

BCP3: FFFFF880031DE5C0

BCP4: 0000000000000002

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\051414-25147-01.dmp

C:\Users\Owner\AppData\Local\Temp\WER-89638-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

 

 

The following is the "ark.txt report

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-14 19:51:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465.76GB
Running: gzn8mb2p.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4948:5048]    000007fefbd32a7c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch  14095

---- EOF - GMER 2.1 ----

 

 

 

 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 15 May 2014 - 04:22 AM

Please reboot into safe mode and run TDSS-Killer again


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 16 May 2014 - 03:09 PM

I don't know how to start my computer in safe mode. When this happened, in order to let you know about it, I rebooted but chose normal mode when offered the choice. Can I now start in safe mode? If so, how do I do that?

 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 20 May 2014 - 02:10 AM

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Edited by TB-Psychotic, 20 May 2014 - 02:10 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 22 May 2014 - 06:17 PM

Thanks for the help with rebooting in Safe Mode...
Here's the TDSSKiller Report

19:01:37.0785 0x071c TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
19:01:44.0915 0x071c ============================================================
19:01:44.0915 0x071c Current date / time: 2014/05/22 19:01:44.0915
19:01:44.0915 0x071c SystemInfo:
19:01:44.0915 0x071c
19:01:44.0915 0x071c OS Version: 6.1.7601 ServicePack: 1.0
19:01:44.0915 0x071c Product type: Workstation
19:01:44.0915 0x071c ComputerName: OWNER-PC
19:01:44.0915 0x071c UserName: Owner
19:01:44.0915 0x071c Windows directory: C:\Windows
19:01:44.0915 0x071c System windows directory: C:\Windows
19:01:44.0915 0x071c Running under WOW64
19:01:44.0915 0x071c Processor architecture: Intel x64
19:01:44.0915 0x071c Number of processors: 4
19:01:44.0915 0x071c Page size: 0x1000
19:01:44.0915 0x071c Boot type: Safe boot
19:01:44.0915 0x071c ============================================================
19:01:45.0913 0x071c KLMD registered as C:\Windows\system32\drivers\13363041.sys
19:01:46.0131 0x071c System UUID: {59B46F6B-006B-D377-00F7-0873A20206E7}
19:01:46.0787 0x071c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:01:46.0787 0x071c ============================================================
19:01:46.0787 0x071c \Device\Harddisk0\DR0:
19:01:46.0787 0x071c MBR partitions:
19:01:46.0787 0x071c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x37C741BA
19:01:46.0787 0x071c ============================================================
19:01:46.0818 0x071c C: <-> \Device\Harddisk0\DR0\Partition1
19:01:46.0818 0x071c ============================================================
19:01:46.0818 0x071c Initialize success
19:01:46.0818 0x071c ============================================================
19:01:51.0732 0x0738 ============================================================
19:01:51.0732 0x0738 Scan started
19:01:51.0732 0x0738 Mode: Manual;
19:01:51.0732 0x0738 ============================================================
19:01:51.0732 0x0738 KSN ping started
19:01:51.0841 0x0738 KSN ping finished: false
19:01:51.0981 0x0738 ================ Scan system memory ========================
19:01:51.0981 0x0738 System memory - ok
19:01:51.0981 0x0738 ================ Scan services =============================
19:01:52.0215 0x0738 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:01:52.0231 0x0738 1394ohci - ok
19:01:52.0278 0x0738 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:01:52.0293 0x0738 ACPI - ok
19:01:52.0309 0x0738 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:01:52.0309 0x0738 AcpiPmi - ok
19:01:52.0496 0x0738 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:01:52.0496 0x0738 AdobeARMservice - ok
19:01:52.0621 0x0738 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:01:52.0637 0x0738 AdobeFlashPlayerUpdateSvc - ok
19:01:52.0715 0x0738 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:01:52.0730 0x0738 adp94xx - ok
19:01:52.0761 0x0738 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:01:52.0761 0x0738 adpahci - ok
19:01:52.0793 0x0738 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:01:52.0793 0x0738 adpu320 - ok
19:01:52.0886 0x0738 [ C0BF554D2277F7A4C735D475ADE2E3B2, 58ED620CD73239A6AB8F993492494AB0F09705B25E671A842D5163B13F452B15 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:01:52.0886 0x0738 ADSMService - ok
19:01:52.0902 0x0738 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:01:52.0902 0x0738 AeLookupSvc - ok
19:01:52.0964 0x0738 [ 2D00D3DADC1D3326BA788EB071F2726E, 559048C0A15BBA83367D0F2969F48042FB1D11C9862A0BA4DF69FB15DECB8761 ] AFBAgent C:\Windows\system32\FBAgent.exe
19:01:52.0995 0x0738 AFBAgent - ok
19:01:53.0058 0x0738 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
19:01:53.0073 0x0738 AFD - ok
19:01:53.0120 0x0738 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:01:53.0120 0x0738 agp440 - ok
19:01:53.0183 0x0738 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:01:53.0183 0x0738 ALG - ok
19:01:53.0229 0x0738 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:01:53.0229 0x0738 aliide - ok
19:01:53.0292 0x0738 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:01:53.0307 0x0738 amdide - ok
19:01:53.0339 0x0738 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:01:53.0339 0x0738 AmdK8 - ok
19:01:53.0354 0x0738 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:01:53.0354 0x0738 AmdPPM - ok
19:01:53.0401 0x0738 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:01:53.0401 0x0738 amdsata - ok
19:01:53.0448 0x0738 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:01:53.0448 0x0738 amdsbs - ok
19:01:53.0463 0x0738 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:01:53.0463 0x0738 amdxata - ok
19:01:53.0526 0x0738 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:01:53.0526 0x0738 AppID - ok
19:01:53.0557 0x0738 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:01:53.0557 0x0738 AppIDSvc - ok
19:01:53.0604 0x0738 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:01:53.0619 0x0738 Appinfo - ok
19:01:53.0682 0x0738 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:01:53.0697 0x0738 arc - ok
19:01:53.0697 0x0738 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:01:53.0697 0x0738 arcsas - ok
19:01:53.0713 0x0738 [ 88FBC8BEBFD38566235EAA5E4DBC4E05, E714D913BA9786BD536F9D99E3510C489CA32F646044718394CEE65247941288 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
19:01:53.0713 0x0738 AsDsm - ok
19:01:53.0791 0x0738 [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:01:53.0791 0x0738 ASLDRService - ok
19:01:53.0822 0x0738 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:01:53.0822 0x0738 ASMMAP64 - ok
19:01:53.0963 0x0738 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:01:54.0041 0x0738 aspnet_state - ok
19:01:54.0072 0x0738 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:01:54.0072 0x0738 AsyncMac - ok
19:01:54.0103 0x0738 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:01:54.0103 0x0738 atapi - ok
19:01:54.0165 0x0738 [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:01:54.0243 0x0738 athr - ok
19:01:54.0275 0x0738 [ 7910158929571214A959D5A6D16DD9C0, 9B4F8A3AF9E09B2F772EEF1CB8F7EAB8A226068784837F375AE97B89B0B3A383 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:01:54.0290 0x0738 ATKGFNEXSrv - ok
19:01:54.0353 0x0738 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:01:54.0384 0x0738 AudioEndpointBuilder - ok
19:01:54.0415 0x0738 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:01:54.0431 0x0738 AudioSrv - ok
19:01:54.0493 0x0738 [ CA0D66B63DBD2A22D0AC9B758D67B8E8, D67565A38AF8962444A4C184E1CB7E59946882D9AB85C1178068389153FEED19 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
19:01:54.0493 0x0738 avgtp - ok
19:01:54.0571 0x0738 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:01:54.0571 0x0738 AxInstSV - ok
19:01:54.0602 0x0738 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:01:54.0633 0x0738 b06bdrv - ok
19:01:54.0680 0x0738 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:01:54.0680 0x0738 b57nd60a - ok
19:01:54.0727 0x0738 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:01:54.0727 0x0738 BDESVC - ok
19:01:54.0743 0x0738 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:01:54.0743 0x0738 Beep - ok
19:01:54.0821 0x0738 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:01:54.0852 0x0738 BFE - ok
19:01:54.0883 0x0738 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:01:54.0930 0x0738 BITS - ok
19:01:54.0977 0x0738 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:01:54.0977 0x0738 blbdrive - ok
19:01:55.0023 0x0738 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:01:55.0023 0x0738 bowser - ok
19:01:55.0055 0x0738 [ F46DD257FAD7D2D097EF32E72220A06C, 073232E10CE9654D39360B3031BDEACA15FFAD879DAE41B866762AA207050B59 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
19:01:55.0070 0x0738 bpenum - ok
19:01:55.0086 0x0738 [ E82060AED0F28ED8909F2B07FA276185, E2F76FFDEC62ABFD8708E0936CD6AB301F5AE1C2058CA14C592A65055F5289F5 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
19:01:55.0086 0x0738 bpmp - ok
19:01:55.0117 0x0738 [ FC6313A5A45C1AE53D0491F0057D5A4D, C1663B37F9D17BD54B89B345BDDA411FC45C255A6BA5BFCE7463A551FD1FBE41 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
19:01:55.0133 0x0738 bpusb - ok
19:01:55.0164 0x0738 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:01:55.0179 0x0738 BrFiltLo - ok
19:01:55.0195 0x0738 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:01:55.0195 0x0738 BrFiltUp - ok
19:01:55.0226 0x0738 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:01:55.0226 0x0738 BridgeMP - ok
19:01:55.0273 0x0738 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:01:55.0273 0x0738 Browser - ok
19:01:55.0304 0x0738 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:01:55.0320 0x0738 Brserid - ok
19:01:55.0320 0x0738 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:01:55.0320 0x0738 BrSerWdm - ok
19:01:55.0335 0x0738 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:01:55.0335 0x0738 BrUsbMdm - ok
19:01:55.0335 0x0738 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:01:55.0335 0x0738 BrUsbSer - ok
19:01:55.0351 0x0738 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:01:55.0351 0x0738 BTHMODEM - ok
19:01:55.0398 0x0738 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:01:55.0398 0x0738 bthserv - ok
19:01:55.0429 0x0738 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:01:55.0429 0x0738 cdfs - ok
19:01:55.0491 0x0738 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:01:55.0491 0x0738 cdrom - ok
19:01:55.0538 0x0738 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:01:55.0538 0x0738 CertPropSvc - ok
19:01:55.0585 0x0738 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:01:55.0585 0x0738 circlass - ok
19:01:55.0647 0x0738 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:01:55.0647 0x0738 CLFS - ok
19:01:55.0694 0x0738 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:01:55.0725 0x0738 clr_optimization_v2.0.50727_32 - ok
19:01:55.0757 0x0738 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:01:55.0757 0x0738 clr_optimization_v2.0.50727_64 - ok
19:01:55.0866 0x0738 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:01:56.0256 0x0738 clr_optimization_v4.0.30319_32 - ok
19:01:56.0318 0x0738 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:01:56.0802 0x0738 clr_optimization_v4.0.30319_64 - ok
19:01:56.0880 0x0738 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:01:56.0880 0x0738 CmBatt - ok
19:01:56.0989 0x0738 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:01:56.0989 0x0738 cmdide - ok
19:01:57.0083 0x0738 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
19:01:57.0114 0x0738 CNG - ok
19:01:57.0285 0x0738 [ 7247A4D0875F5F28919E0787E11B7B57, 9F79077619E626A8DAE74D9EF819BF1D061455CBCAD23C491EC595A2F6C21DED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:01:57.0301 0x0738 CnxtHdAudService - ok
19:01:57.0363 0x0738 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:01:57.0363 0x0738 Compbatt - ok
19:01:57.0426 0x0738 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:01:57.0426 0x0738 CompositeBus - ok
19:01:57.0441 0x0738 COMSysApp - ok
19:01:57.0473 0x0738 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:01:57.0473 0x0738 crcdisk - ok
19:01:57.0613 0x0738 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:01:57.0629 0x0738 CryptSvc - ok
19:01:57.0691 0x0738 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:01:57.0707 0x0738 DcomLaunch - ok
19:01:57.0769 0x0738 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:01:57.0785 0x0738 defragsvc - ok
19:01:57.0831 0x0738 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:01:57.0847 0x0738 DfsC - ok
19:01:57.0909 0x0738 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:01:57.0941 0x0738 Dhcp - ok
19:01:57.0972 0x0738 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:01:57.0972 0x0738 discache - ok
19:01:57.0987 0x0738 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:01:57.0987 0x0738 Disk - ok
19:01:58.0050 0x0738 [ 61458C120CDDFE7514E2DB125568CA59, EFC2F2364520C0AF8E74D28702231FB5824B42494550B4A3BD408AE32DE2898D ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
19:01:58.0097 0x0738 DMAgent - ok
19:01:58.0159 0x0738 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:01:58.0159 0x0738 Dnscache - ok
19:01:58.0221 0x0738 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:01:58.0237 0x0738 dot3svc - ok
19:01:58.0284 0x0738 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:01:58.0284 0x0738 DPS - ok
19:01:58.0331 0x0738 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:01:58.0331 0x0738 drmkaud - ok
19:01:58.0424 0x0738 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:01:58.0471 0x0738 DXGKrnl - ok
19:01:58.0502 0x0738 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:01:58.0502 0x0738 EapHost - ok
19:01:58.0627 0x0738 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:01:58.0752 0x0738 ebdrv - ok
19:01:58.0814 0x0738 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
19:01:58.0814 0x0738 EFS - ok
19:01:58.0892 0x0738 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:01:58.0923 0x0738 ehRecvr - ok
19:01:58.0955 0x0738 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:01:58.0955 0x0738 ehSched - ok
19:01:59.0017 0x0738 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:01:59.0048 0x0738 elxstor - ok
19:01:59.0079 0x0738 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:01:59.0079 0x0738 ErrDev - ok
19:01:59.0157 0x0738 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:01:59.0173 0x0738 EventSystem - ok
19:01:59.0298 0x0738 [ B56D9602DB5FE1C116B1CA5EFD8E2E50, 34F52939089A98860E659BEF6AB8275BC50C33CC282DD3D34E13909BB7E3E575 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:01:59.0376 0x0738 EvtEng - ok
19:01:59.0407 0x0738 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:01:59.0407 0x0738 exfat - ok
19:01:59.0438 0x0738 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:01:59.0438 0x0738 fastfat - ok
19:01:59.0501 0x0738 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:01:59.0547 0x0738 Fax - ok
19:01:59.0563 0x0738 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:01:59.0563 0x0738 fdc - ok
19:01:59.0579 0x0738 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:01:59.0579 0x0738 fdPHost - ok
19:01:59.0625 0x0738 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:01:59.0625 0x0738 FDResPub - ok
19:01:59.0641 0x0738 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:01:59.0657 0x0738 FileInfo - ok
19:01:59.0672 0x0738 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:01:59.0672 0x0738 Filetrace - ok
19:01:59.0703 0x0738 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:01:59.0703 0x0738 flpydisk - ok
19:01:59.0766 0x0738 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:01:59.0766 0x0738 FltMgr - ok
19:01:59.0859 0x0738 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
19:01:59.0937 0x0738 FontCache - ok
19:02:00.0000 0x0738 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:02:00.0000 0x0738 FontCache3.0.0.0 - ok
19:02:00.0015 0x0738 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:02:00.0015 0x0738 FsDepends - ok
19:02:00.0078 0x0738 [ 5814011B2F6E088E29D689B5FCD49B8F, 15C09FB9A80FDDB65FB831944BEC1B81743E0B7E4469F35E9FD4142FBB673C0E ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:02:00.0078 0x0738 fssfltr - ok
19:02:00.0156 0x0738 [ F6717211C1EC2CDDAA81B97B0727C2E9, C1FD5A389167A826C002E28339BFCF7DC8851652647016D0DCF8585EB0B8FB28 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:02:00.0187 0x0738 fsssvc - ok
19:02:00.0218 0x0738 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:02:00.0218 0x0738 Fs_Rec - ok
19:02:00.0281 0x0738 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:02:00.0281 0x0738 fvevol - ok
19:02:00.0327 0x0738 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:02:00.0343 0x0738 gagp30kx - ok
19:02:00.0452 0x0738 [ 7300D171A5A32456F990AC79608404E5, 4B7034B92057CE0CCE343C0D3C8285BAE4903B7D2EB972D0B0960B1487F79A21 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
19:02:00.0452 0x0738 Garmin Core Update Service - ok
19:02:00.0499 0x0738 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:02:00.0530 0x0738 gpsvc - ok
19:02:00.0608 0x0738 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:00.0639 0x0738 gupdate - ok
19:02:00.0686 0x0738 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:00.0686 0x0738 gupdatem - ok
19:02:00.0749 0x0738 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:02:00.0749 0x0738 gusvc - ok
19:02:00.0780 0x0738 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:02:00.0780 0x0738 hcw85cir - ok
19:02:00.0842 0x0738 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:02:00.0858 0x0738 HdAudAddService - ok
19:02:00.0920 0x0738 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:02:00.0920 0x0738 HDAudBus - ok
19:02:00.0951 0x0738 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:02:00.0951 0x0738 HECIx64 - ok
19:02:00.0967 0x0738 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:02:00.0967 0x0738 HidBatt - ok
19:02:00.0983 0x0738 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:02:00.0983 0x0738 HidBth - ok
19:02:00.0998 0x0738 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:02:00.0998 0x0738 HidIr - ok
19:02:01.0029 0x0738 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
19:02:01.0029 0x0738 hidserv - ok
19:02:01.0076 0x0738 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:02:01.0076 0x0738 HidUsb - ok
19:02:01.0139 0x0738 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:02:01.0139 0x0738 hkmsvc - ok
19:02:01.0185 0x0738 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:02:01.0201 0x0738 HomeGroupListener - ok
19:02:01.0217 0x0738 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:02:01.0217 0x0738 HomeGroupProvider - ok
19:02:01.0248 0x0738 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:02:01.0248 0x0738 HpSAMD - ok
19:02:01.0326 0x0738 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:02:01.0341 0x0738 HTTP - ok
19:02:01.0373 0x0738 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:02:01.0373 0x0738 hwpolicy - ok
19:02:01.0419 0x0738 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:02:01.0419 0x0738 i8042prt - ok
19:02:01.0466 0x0738 [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:02:01.0482 0x0738 iaStor - ok
19:02:01.0513 0x0738 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:02:01.0529 0x0738 iaStorV - ok
19:02:01.0638 0x0738 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:02:01.0669 0x0738 idsvc - ok
19:02:01.0700 0x0738 IEEtwCollectorService - ok
19:02:02.0075 0x0738 [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:02:02.0418 0x0738 igfx - ok
19:02:02.0465 0x0738 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:02:02.0465 0x0738 iirsp - ok
19:02:02.0511 0x0738 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:02:02.0543 0x0738 IKEEXT - ok
19:02:02.0589 0x0738 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:02:02.0589 0x0738 Impcd - ok
19:02:02.0636 0x0738 [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:02:02.0636 0x0738 IntcDAud - ok
19:02:02.0683 0x0738 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:02:02.0683 0x0738 intelide - ok
19:02:02.0714 0x0738 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:02:02.0714 0x0738 intelppm - ok
19:02:02.0745 0x0738 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:02:02.0745 0x0738 IPBusEnum - ok
19:02:02.0792 0x0738 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:02.0792 0x0738 IpFilterDriver - ok
19:02:02.0839 0x0738 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:02:02.0886 0x0738 iphlpsvc - ok
19:02:02.0917 0x0738 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:02:02.0917 0x0738 IPMIDRV - ok
19:02:02.0933 0x0738 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:02:02.0948 0x0738 IPNAT - ok
19:02:02.0964 0x0738 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:02:02.0964 0x0738 IRENUM - ok
19:02:02.0979 0x0738 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:02:02.0995 0x0738 isapnp - ok
19:02:03.0042 0x0738 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:02:03.0057 0x0738 iScsiPrt - ok
19:02:03.0104 0x0738 [ DB917B998CBC15A153C00DD6EFC34C13, 5FF4DA2C2D567AAD435730EA910016F2E9DE8BDF0A414A477B72248D16A47115 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:02:03.0104 0x0738 JMCR - ok
19:02:03.0135 0x0738 [ DE4B2249D95C7815D06A39EA5FF4EE53, 66D5404721A733BB4DA1D517819BCE66550FB3884F2C061E11B5C58DC6CE43CC ] JME C:\Windows\system32\DRIVERS\JME.sys
19:02:03.0151 0x0738 JME - ok
19:02:03.0182 0x0738 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:02:03.0182 0x0738 kbdclass - ok
19:02:03.0229 0x0738 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:02:03.0229 0x0738 kbdhid - ok
19:02:03.0245 0x0738 [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:02:03.0245 0x0738 kbfiltr - ok
19:02:03.0260 0x0738 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
19:02:03.0260 0x0738 KeyIso - ok
19:02:03.0307 0x0738 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:02:03.0307 0x0738 KSecDD - ok
19:02:03.0323 0x0738 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:02:03.0338 0x0738 KSecPkg - ok
19:02:03.0354 0x0738 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:02:03.0354 0x0738 ksthunk - ok
19:02:03.0385 0x0738 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:02:03.0416 0x0738 KtmRm - ok
19:02:03.0479 0x0738 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:02:03.0494 0x0738 LanmanServer - ok
19:02:03.0541 0x0738 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:03.0541 0x0738 LanmanWorkstation - ok
19:02:03.0588 0x0738 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:02:03.0588 0x0738 lltdio - ok
19:02:03.0635 0x0738 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:02:03.0650 0x0738 lltdsvc - ok
19:02:03.0650 0x0738 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:02:03.0650 0x0738 lmhosts - ok
19:02:03.0713 0x0738 [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:02:03.0713 0x0738 LMS - ok
19:02:03.0759 0x0738 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:02:03.0775 0x0738 LSI_FC - ok
19:02:03.0791 0x0738 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:02:03.0791 0x0738 LSI_SAS - ok
19:02:03.0806 0x0738 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:02:03.0822 0x0738 LSI_SAS2 - ok
19:02:03.0822 0x0738 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:02:03.0837 0x0738 LSI_SCSI - ok
19:02:03.0869 0x0738 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:02:03.0884 0x0738 luafv - ok
19:02:03.0900 0x0738 [ 085435AE1A124361304044029B5CC644, FEEDB68A3A31B31DD2550591E220A25FCAA8EF1A4BC87EA2750E73E2BE56848D ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
19:02:03.0900 0x0738 lullaby - ok
19:02:03.0931 0x0738 lxbu_device - ok
19:02:03.0947 0x0738 lxcj_device - ok
19:02:03.0993 0x0738 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:02:03.0993 0x0738 MBAMProtector - ok
19:02:04.0087 0x0738 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:02:04.0149 0x0738 MBAMScheduler - ok
19:02:04.0212 0x0738 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:02:04.0243 0x0738 MBAMService - ok
19:02:04.0274 0x0738 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:02:04.0290 0x0738 Mcx2Svc - ok
19:02:04.0321 0x0738 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:02:04.0321 0x0738 megasas - ok
19:02:04.0337 0x0738 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:02:04.0352 0x0738 MegaSR - ok
19:02:04.0399 0x0738 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:02:04.0399 0x0738 MMCSS - ok
19:02:04.0399 0x0738 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:02:04.0399 0x0738 Modem - ok
19:02:04.0415 0x0738 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:02:04.0430 0x0738 monitor - ok
19:02:04.0477 0x0738 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:02:04.0493 0x0738 mouclass - ok
19:02:04.0524 0x0738 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:02:04.0524 0x0738 mouhid - ok
19:02:04.0555 0x0738 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:02:04.0555 0x0738 mountmgr - ok
19:02:04.0633 0x0738 [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:02:04.0649 0x0738 MpFilter - ok
19:02:04.0727 0x0738 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:02:04.0727 0x0738 mpio - ok
19:02:04.0773 0x0738 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:02:04.0773 0x0738 mpsdrv - ok
19:02:04.0851 0x0738 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:02:04.0883 0x0738 MpsSvc - ok
19:02:04.0914 0x0738 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:02:04.0929 0x0738 MRxDAV - ok
19:02:04.0961 0x0738 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:04.0976 0x0738 mrxsmb - ok
19:02:05.0007 0x0738 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:05.0007 0x0738 mrxsmb10 - ok
19:02:05.0039 0x0738 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:05.0039 0x0738 mrxsmb20 - ok
19:02:05.0070 0x0738 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:02:05.0070 0x0738 msahci - ok
19:02:05.0085 0x0738 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:02:05.0101 0x0738 msdsm - ok
19:02:05.0132 0x0738 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:02:05.0163 0x0738 MSDTC - ok
19:02:05.0210 0x0738 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:02:05.0210 0x0738 Msfs - ok
19:02:05.0226 0x0738 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:02:05.0226 0x0738 mshidkmdf - ok
19:02:05.0257 0x0738 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:02:05.0257 0x0738 msisadrv - ok
19:02:05.0304 0x0738 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:02:05.0304 0x0738 MSiSCSI - ok
19:02:05.0319 0x0738 msiserver - ok
19:02:05.0351 0x0738 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:02:05.0351 0x0738 MSKSSRV - ok
19:02:05.0413 0x0738 [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:02:05.0429 0x0738 MsMpSvc - ok
19:02:05.0429 0x0738 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:05.0429 0x0738 MSPCLOCK - ok
19:02:05.0444 0x0738 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:02:05.0444 0x0738 MSPQM - ok
19:02:05.0475 0x0738 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:02:05.0507 0x0738 MsRPC - ok
19:02:05.0538 0x0738 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:02:05.0538 0x0738 mssmbios - ok
19:02:05.0585 0x0738 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:02:05.0585 0x0738 MSTEE - ok
19:02:05.0585 0x0738 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:02:05.0585 0x0738 MTConfig - ok
19:02:05.0616 0x0738 [ 032D35C996F21D19A205A7C8F0B76F3C, 1A1C5BD7204BB937A05E201BCC0840B2C8E4B273D8E1D6D9407264FB4C57F014 ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:02:05.0616 0x0738 MTsensor - ok
19:02:05.0647 0x0738 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:02:05.0647 0x0738 Mup - ok
19:02:05.0678 0x0738 [ A9BC2302FBDF52C8AF4E2FC966288D21, 4CBDCDCC2BA8133BDC0BA1A1EB47FB9241CAACF93544BAD37175417DA9E616D6 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:02:05.0694 0x0738 MyWiFiDHCPDNS - ok
19:02:05.0741 0x0738 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:02:05.0772 0x0738 napagent - ok
19:02:05.0819 0x0738 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:02:05.0834 0x0738 NativeWifiP - ok
19:02:05.0912 0x0738 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:02:05.0959 0x0738 NDIS - ok
19:02:06.0006 0x0738 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:06.0006 0x0738 NdisCap - ok
19:02:06.0037 0x0738 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:06.0037 0x0738 NdisTapi - ok
19:02:06.0084 0x0738 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:06.0084 0x0738 Ndisuio - ok
19:02:06.0131 0x0738 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:06.0131 0x0738 NdisWan - ok
19:02:06.0146 0x0738 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:02:06.0146 0x0738 NDProxy - ok
19:02:06.0162 0x0738 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:02:06.0162 0x0738 NetBIOS - ok
19:02:06.0224 0x0738 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:02:06.0224 0x0738 NetBT - ok
19:02:06.0271 0x0738 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
19:02:06.0271 0x0738 Netlogon - ok
19:02:06.0318 0x0738 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:02:06.0333 0x0738 Netman - ok
19:02:06.0380 0x0738 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:06.0411 0x0738 NetMsmqActivator - ok
19:02:06.0411 0x0738 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:06.0427 0x0738 NetPipeActivator - ok
19:02:06.0443 0x0738 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:02:06.0474 0x0738 netprofm - ok
19:02:06.0489 0x0738 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:06.0489 0x0738 NetTcpActivator - ok
19:02:06.0489 0x0738 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:06.0489 0x0738 NetTcpPortSharing - ok
19:02:06.0755 0x0738 [ 24F64343F14A119308456E1CA7507B26, E9219B173426E872977C3D615552B066C697A31D003AE3F0012BF1C6FFCEFF51 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
19:02:07.0035 0x0738 NETw5s64 - ok
19:02:07.0098 0x0738 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:02:07.0098 0x0738 nfrd960 - ok
19:02:07.0160 0x0738 [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:02:07.0160 0x0738 NisDrv - ok
19:02:07.0223 0x0738 [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:02:07.0238 0x0738 NisSrv - ok
19:02:07.0254 0x0738 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:02:07.0285 0x0738 NlaSvc - ok
19:02:07.0316 0x0738 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:02:07.0316 0x0738 Npfs - ok
19:02:07.0347 0x0738 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:02:07.0347 0x0738 nsi - ok
19:02:07.0363 0x0738 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:02:07.0363 0x0738 nsiproxy - ok
19:02:07.0457 0x0738 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:02:07.0550 0x0738 Ntfs - ok
19:02:07.0597 0x0738 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:02:07.0597 0x0738 Null - ok
19:02:07.0628 0x0738 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:02:07.0628 0x0738 nvraid - ok
19:02:07.0675 0x0738 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:02:07.0675 0x0738 nvstor - ok
19:02:07.0706 0x0738 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:02:07.0706 0x0738 nv_agp - ok
19:02:07.0831 0x0738 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:02:07.0893 0x0738 odserv - ok
19:02:07.0940 0x0738 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:02:07.0940 0x0738 ohci1394 - ok
19:02:07.0987 0x0738 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:08.0003 0x0738 ose - ok
19:02:08.0049 0x0738 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:02:08.0049 0x0738 p2pimsvc - ok
19:02:08.0081 0x0738 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:02:08.0112 0x0738 p2psvc - ok
19:02:08.0143 0x0738 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:02:08.0143 0x0738 Parport - ok
19:02:08.0174 0x0738 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:02:08.0174 0x0738 partmgr - ok
19:02:08.0205 0x0738 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:02:08.0221 0x0738 PcaSvc - ok
19:02:08.0252 0x0738 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:02:08.0268 0x0738 pci - ok
19:02:08.0299 0x0738 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:02:08.0299 0x0738 pciide - ok
19:02:08.0315 0x0738 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:02:08.0330 0x0738 pcmcia - ok
19:02:08.0346 0x0738 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:02:08.0346 0x0738 pcw - ok
19:02:08.0393 0x0738 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:02:08.0408 0x0738 PEAUTH - ok
19:02:08.0486 0x0738 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:02:08.0502 0x0738 PerfHost - ok
19:02:08.0580 0x0738 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:02:08.0658 0x0738 pla - ok
19:02:08.0689 0x0738 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:02:08.0720 0x0738 PlugPlay - ok
19:02:08.0751 0x0738 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:02:08.0751 0x0738 PNRPAutoReg - ok
19:02:08.0767 0x0738 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:02:08.0783 0x0738 PNRPsvc - ok
19:02:08.0829 0x0738 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:02:08.0861 0x0738 PolicyAgent - ok
19:02:08.0892 0x0738 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:02:08.0892 0x0738 Power - ok
19:02:08.0939 0x0738 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:02:08.0939 0x0738 PptpMiniport - ok
19:02:08.0970 0x0738 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:02:08.0970 0x0738 Processor - ok
19:02:09.0017 0x0738 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
19:02:09.0017 0x0738 ProfSvc - ok
19:02:09.0048 0x0738 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:09.0048 0x0738 ProtectedStorage - ok
19:02:09.0110 0x0738 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:02:09.0110 0x0738 Psched - ok
19:02:09.0204 0x0738 [ B1A7437A886CE87B31A12A154ED33833, B62C1A27445E02A1E2119A27BA22CFAC877F53186872F44EF837FE35295E4518 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
19:02:09.0266 0x0738 QBCFMonitorService - ok
19:02:09.0313 0x0738 [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
19:02:09.0313 0x0738 QBFCService - ok
19:02:09.0375 0x0738 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:02:09.0469 0x0738 ql2300 - ok
19:02:09.0516 0x0738 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:02:09.0516 0x0738 ql40xx - ok
19:02:09.0563 0x0738 QuickBooksDB20 - ok
19:02:09.0594 0x0738 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:02:09.0594 0x0738 QWAVE - ok
19:02:09.0609 0x0738 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:02:09.0609 0x0738 QWAVEdrv - ok
19:02:09.0672 0x0738 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:02:09.0672 0x0738 RasAcd - ok
19:02:09.0719 0x0738 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:09.0719 0x0738 RasAgileVpn - ok
19:02:09.0734 0x0738 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:02:09.0750 0x0738 RasAuto - ok
19:02:09.0781 0x0738 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:09.0797 0x0738 Rasl2tp - ok
19:02:09.0812 0x0738 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:02:09.0828 0x0738 RasMan - ok
19:02:09.0859 0x0738 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:09.0859 0x0738 RasPppoe - ok
19:02:09.0875 0x0738 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:02:09.0875 0x0738 RasSstp - ok
19:02:09.0921 0x0738 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:02:09.0937 0x0738 rdbss - ok
19:02:09.0953 0x0738 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:02:09.0953 0x0738 rdpbus - ok
19:02:09.0968 0x0738 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:09.0968 0x0738 RDPCDD - ok
19:02:09.0999 0x0738 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:02:09.0999 0x0738 RDPENCDD - ok
19:02:10.0015 0x0738 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:02:10.0015 0x0738 RDPREFMP - ok
19:02:10.0046 0x0738 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:02:10.0062 0x0738 RDPWD - ok
19:02:10.0109 0x0738 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:02:10.0124 0x0738 rdyboost - ok
19:02:10.0202 0x0738 [ 0AA473966357C4A41B5EB19649EB6E5E, D4F1EADDECE41481332CBF03B8CAB4AC6AB048834DF013DB30757E7941F306FE ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:02:10.0233 0x0738 RegSrvc - ok
19:02:10.0280 0x0738 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:02:10.0296 0x0738 RemoteAccess - ok
19:02:10.0311 0x0738 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:02:10.0327 0x0738 RemoteRegistry - ok
19:02:10.0358 0x0738 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:02:10.0374 0x0738 RpcEptMapper - ok
19:02:10.0374 0x0738 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:02:10.0389 0x0738 RpcLocator - ok
19:02:10.0452 0x0738 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
19:02:10.0452 0x0738 RpcSs - ok
19:02:10.0514 0x0738 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:02:10.0514 0x0738 rspndr - ok
19:02:10.0561 0x0738 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
19:02:10.0561 0x0738 SamSs - ok
19:02:10.0592 0x0738 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:02:10.0592 0x0738 sbp2port - ok
19:02:10.0639 0x0738 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:02:10.0639 0x0738 SCardSvr - ok
19:02:10.0686 0x0738 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:02:10.0701 0x0738 scfilter - ok
19:02:10.0748 0x0738 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:02:10.0795 0x0738 Schedule - ok
19:02:10.0842 0x0738 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:02:10.0842 0x0738 SCPolicySvc - ok
19:02:10.0889 0x0738 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:02:10.0904 0x0738 sdbus - ok
19:02:10.0935 0x0738 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:02:10.0951 0x0738 SDRSVC - ok
19:02:10.0982 0x0738 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:02:10.0982 0x0738 secdrv - ok
19:02:11.0013 0x0738 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:02:11.0013 0x0738 seclogon - ok
19:02:11.0060 0x0738 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
19:02:11.0060 0x0738 SENS - ok
19:02:11.0076 0x0738 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:02:11.0076 0x0738 SensrSvc - ok
19:02:11.0107 0x0738 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:02:11.0123 0x0738 Serenum - ok
19:02:11.0169 0x0738 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:02:11.0169 0x0738 Serial - ok
19:02:11.0216 0x0738 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:02:11.0216 0x0738 sermouse - ok
19:02:11.0247 0x0738 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:02:11.0247 0x0738 SessionEnv - ok
19:02:11.0279 0x0738 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:02:11.0279 0x0738 sffdisk - ok
19:02:11.0279 0x0738 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:02:11.0294 0x0738 sffp_mmc - ok
19:02:11.0294 0x0738 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:02:11.0294 0x0738 sffp_sd - ok
19:02:11.0294 0x0738 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:02:11.0310 0x0738 sfloppy - ok
19:02:11.0357 0x0738 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:02:11.0372 0x0738 SharedAccess - ok
19:02:11.0403 0x0738 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:11.0419 0x0738 ShellHWDetection - ok
19:02:11.0450 0x0738 [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:02:11.0450 0x0738 SiSGbeLH - ok
19:02:11.0466 0x0738 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:02:11.0466 0x0738 SiSRaid2 - ok
19:02:11.0481 0x0738 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:02:11.0481 0x0738 SiSRaid4 - ok
19:02:11.0481 0x0738 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:02:11.0481 0x0738 Smb - ok
19:02:11.0544 0x0738 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:02:11.0544 0x0738 SNMPTRAP - ok
19:02:11.0637 0x0738 [ 1D8474722CDFFBB8FCA5FA12C50A05A2, C0B8B8DDDC1CEDD92FE6DA4DF4FBE036D3C71822128C417B7B978E7B86C6C29D ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
19:02:11.0731 0x0738 SNP2UVC - ok
19:02:11.0762 0x0738 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:02:11.0762 0x0738 spldr - ok
19:02:11.0809 0x0738 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
19:02:11.0840 0x0738 Spooler - ok
19:02:11.0981 0x0738 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:02:12.0152 0x0738 sppsvc - ok
19:02:12.0183 0x0738 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:02:12.0199 0x0738 sppuinotify - ok
19:02:12.0246 0x0738 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:02:12.0261 0x0738 srv - ok
19:02:12.0277 0x0738 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:02:12.0293 0x0738 srv2 - ok
19:02:12.0308 0x0738 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:02:12.0308 0x0738 srvnet - ok
19:02:12.0339 0x0738 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:02:12.0339 0x0738 SSDPSRV - ok
19:02:12.0355 0x0738 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:02:12.0371 0x0738 SstpSvc - ok
19:02:12.0386 0x0738 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:02:12.0402 0x0738 stexstor - ok
19:02:12.0480 0x0738 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:02:12.0511 0x0738 stisvc - ok
19:02:12.0542 0x0738 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:02:12.0542 0x0738 swenum - ok
19:02:12.0573 0x0738 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:02:12.0605 0x0738 swprv - ok
19:02:12.0698 0x0738 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:02:12.0792 0x0738 SysMain - ok
19:02:12.0839 0x0738 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:02:12.0839 0x0738 TabletInputService - ok
19:02:12.0885 0x0738 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:02:12.0917 0x0738 TapiSrv - ok
19:02:12.0932 0x0738 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:02:12.0948 0x0738 TBS - ok
19:02:13.0073 0x0738 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:02:13.0151 0x0738 Tcpip - ok
19:02:13.0260 0x0738 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:02:13.0291 0x0738 TCPIP6 - ok
19:02:13.0338 0x0738 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:02:13.0338 0x0738 tcpipreg - ok
19:02:13.0385 0x0738 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:02:13.0385 0x0738 TDPIPE - ok
19:02:13.0416 0x0738 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:02:13.0416 0x0738 TDTCP - ok
19:02:13.0478 0x0738 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:02:13.0478 0x0738 tdx - ok
19:02:13.0525 0x0738 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:02:13.0525 0x0738 TermDD - ok
19:02:13.0587 0x0738 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
19:02:13.0619 0x0738 TermService - ok
19:02:13.0650 0x0738 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:02:13.0650 0x0738 Themes - ok
19:02:13.0665 0x0738 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:02:13.0681 0x0738 THREADORDER - ok
19:02:13.0712 0x0738 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:02:13.0712 0x0738 TrkWks - ok
19:02:13.0759 0x0738 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:02:13.0853 0x0738 TrustedInstaller - ok
19:02:13.0884 0x0738 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:02:13.0884 0x0738 tssecsrv - ok
19:02:13.0946 0x0738 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:02:13.0946 0x0738 TsUsbFlt - ok
19:02:14.0009 0x0738 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:02:14.0024 0x0738 tunnel - ok
19:02:14.0055 0x0738 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:02:14.0055 0x0738 uagp35 - ok
19:02:14.0102 0x0738 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:02:14.0102 0x0738 udfs - ok
19:02:14.0133 0x0738 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:02:14.0133 0x0738 UI0Detect - ok
19:02:14.0165 0x0738 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:02:14.0165 0x0738 uliagpkx - ok
19:02:14.0227 0x0738 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
19:02:14.0227 0x0738 umbus - ok
19:02:14.0258 0x0738 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:02:14.0258 0x0738 UmPass - ok
19:02:14.0383 0x0738 [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:02:14.0492 0x0738 UNS - ok
19:02:14.0523 0x0738 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:02:14.0539 0x0738 upnphost - ok
19:02:14.0570 0x0738 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:02:14.0570 0x0738 usbccgp - ok
19:02:14.0633 0x0738 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:02:14.0633 0x0738 usbcir - ok
19:02:14.0664 0x0738 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:02:14.0664 0x0738 usbehci - ok
19:02:14.0742 0x0738 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:02:14.0742 0x0738 usbhub - ok
19:02:14.0773 0x0738 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:02:14.0773 0x0738 usbohci - ok
19:02:14.0835 0x0738 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:02:14.0835 0x0738 usbprint - ok
19:02:14.0882 0x0738 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
19:02:14.0882 0x0738 usbscan - ok
19:02:14.0898 0x0738 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:02:14.0898 0x0738 USBSTOR - ok
19:02:14.0929 0x0738 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:02:14.0945 0x0738 usbuhci - ok
19:02:15.0007 0x0738 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:02:15.0007 0x0738 usbvideo - ok
19:02:15.0038 0x0738 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:02:15.0038 0x0738 UxSms - ok
19:02:15.0069 0x0738 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
19:02:15.0069 0x0738 VaultSvc - ok
19:02:15.0101 0x0738 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:02:15.0101 0x0738 vdrvroot - ok
19:02:15.0194 0x0738 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:02:15.0225 0x0738 vds - ok
19:02:15.0288 0x0738 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:02:15.0288 0x0738 vga - ok
19:02:15.0303 0x0738 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:02:15.0303 0x0738 VgaSave - ok
19:02:15.0335 0x0738 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:02:15.0350 0x0738 vhdmp - ok
19:02:15.0366 0x0738 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:02:15.0366 0x0738 viaide - ok
19:02:15.0397 0x0738 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:02:15.0413 0x0738 volmgr - ok
19:02:15.0444 0x0738 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:02:15.0475 0x0738 volmgrx - ok
19:02:15.0491 0x0738 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:02:15.0506 0x0738 volsnap - ok
19:02:15.0600 0x0738 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:02:15.0600 0x0738 vsmraid - ok
19:02:15.0678 0x0738 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:02:15.0740 0x0738 VSS - ok
19:02:15.0756 0x0738 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:02:15.0756 0x0738 vwifibus - ok
19:02:15.0771 0x0738 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:02:15.0771 0x0738 vwififlt - ok
19:02:15.0787 0x0738 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:02:15.0787 0x0738 vwifimp - ok
19:02:15.0834 0x0738 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:02:15.0865 0x0738 W32Time - ok
19:02:15.0896 0x0738 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:02:15.0896 0x0738 WacomPen - ok
19:02:15.0943 0x0738 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:02:15.0943 0x0738 WANARP - ok
19:02:15.0974 0x0738 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:02:15.0974 0x0738 Wanarpv6 - ok
19:02:16.0052 0x0738 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:02:16.0099 0x0738 WatAdminSvc - ok
19:02:16.0177 0x0738 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:02:16.0239 0x0738 wbengine - ok
19:02:16.0271 0x0738 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:02:16.0271 0x0738 WbioSrvc - ok
19:02:16.0317 0x0738 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:02:16.0349 0x0738 wcncsvc - ok
19:02:16.0364 0x0738 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:02:16.0380 0x0738 WcsPlugInService - ok
19:02:16.0411 0x0738 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:02:16.0411 0x0738 Wd - ok
19:02:16.0473 0x0738 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:02:16.0520 0x0738 Wdf01000 - ok
19:02:16.0551 0x0738 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:02:16.0551 0x0738 WdiServiceHost - ok
19:02:16.0583 0x0738 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:02:16.0583 0x0738 WdiSystemHost - ok
19:02:16.0614 0x0738 [ FE31110E39A0B11ABAE1BA43A2DC94F9, 5C520E0FB737A2113FB89F23FB1D36916980BBBD020638EEB04144C10A9D9522 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
19:02:16.0614 0x0738 wdkmd - ok
19:02:16.0645 0x0738 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
19:02:16.0661 0x0738 WebClient - ok
19:02:16.0676 0x0738 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:02:16.0692 0x0738 Wecsvc - ok
19:02:16.0707 0x0738 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:02:16.0723 0x0738 wercplsupport - ok
19:02:16.0754 0x0738 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:02:16.0770 0x0738 WerSvc - ok
19:02:16.0785 0x0738 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:02:16.0785 0x0738 WfpLwf - ok
19:02:16.0863 0x0738 [ 8686E96E13F41AC9806A79CA8004FEEE, 1B8077D288B2169E7DFDAC7C90F6AD0C04A1A9590D83F4DBAC346ECA6D4F6184 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
19:02:16.0879 0x0738 WiMAXAppSrv - ok
19:02:16.0926 0x0738 [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:02:16.0926 0x0738 WimFltr - ok
19:02:16.0957 0x0738 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:02:16.0957 0x0738 WIMMount - ok
19:02:16.0973 0x0738 WinDefend - ok
19:02:17.0004 0x0738 WinHttpAutoProxySvc - ok
19:02:17.0051 0x0738 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:02:17.0097 0x0738 Winmgmt - ok
19:02:17.0222 0x0738 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
19:02:17.0300 0x0738 WinRM - ok
19:02:17.0363 0x0738 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:02:17.0409 0x0738 Wlansvc - ok
19:02:17.0441 0x0738 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:02:17.0441 0x0738 WmiAcpi - ok
19:02:17.0487 0x0738 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:02:17.0487 0x0738 wmiApSrv - ok
19:02:17.0519 0x0738 WMPNetworkSvc - ok
19:02:17.0550 0x0738 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:02:17.0550 0x0738 WPCSvc - ok
19:02:17.0581 0x0738 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:02:17.0597 0x0738 WPDBusEnum - ok
19:02:17.0659 0x0738 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:02:17.0659 0x0738 ws2ifsl - ok
19:02:17.0706 0x0738 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
19:02:17.0721 0x0738 wscsvc - ok
19:02:17.0721 0x0738 WSearch - ok
19:02:17.0846 0x0738 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
19:02:17.0924 0x0738 wuauserv - ok
19:02:17.0971 0x0738 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:02:17.0971 0x0738 WudfPf - ok
19:02:18.0002 0x0738 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:02:18.0002 0x0738 WUDFRd - ok
19:02:18.0049 0x0738 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:02:18.0049 0x0738 wudfsvc - ok
19:02:18.0080 0x0738 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:02:18.0096 0x0738 WwanSvc - ok
19:02:18.0143 0x0738 ================ Scan global ===============================
19:02:18.0158 0x0738 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:02:18.0189 0x0738 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:02:18.0205 0x0738 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:02:18.0252 0x0738 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:02:18.0283 0x0738 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:02:18.0299 0x0738 [ Global ] - ok
19:02:18.0314 0x0738 ================ Scan MBR ==================================
19:02:18.0314 0x0738 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:02:18.0533 0x0738 \Device\Harddisk0\DR0 - ok
19:02:18.0533 0x0738 ================ Scan VBR ==================================
19:02:18.0533 0x0738 [ 10A9BCE48985A03C6265A72DE6CDF2BE ] \Device\Harddisk0\DR0\Partition1
19:02:18.0533 0x0738 \Device\Harddisk0\DR0\Partition1 - ok
19:02:18.0548 0x0738 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
19:02:18.0626 0x0738 Win FW state via NFP2: enabled
19:02:18.0626 0x0738 ============================================================
19:02:18.0626 0x0738 Scan finished
19:02:18.0626 0x0738 ============================================================
19:02:18.0642 0x0730 Detected object count: 0
19:02:18.0642 0x0730 Actual detected object count: 0
19:03:10.0543 0x0718 Deinitialize success

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 23 May 2014 - 04:18 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 25 May 2014 - 09:55 AM

ComboFix 14-05-19.01 - Owner 05/25/2014 10:28:36.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3885.2312 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffcenter.html
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewDialog.html
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewNotesPopUp.html
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskNotesDialog.html
.
.
((((((((((((((((((((((((( Files Created from 2014-04-25 to 2014-05-25 )))))))))))))))))))))))))))))))
.
.
2014-05-24 15:22 . 2014-05-02 22:55 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FA8F7F1-986F-4F70-9953-FDE5CB5DB9A2}\gapaengine.dll
2014-05-24 15:21 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8B0F38-B4B8-4A85-929D-0DFDD566BF13}\mpengine.dll
2014-05-22 23:23 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-22 23:12 . 2014-05-24 15:11 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2014-05-14 01:40 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 01:40 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 01:40 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 01:40 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-13 23:21 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-13 23:21 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-13 23:21 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 21:58 . 2014-05-08 21:58 -------- d-----w- c:\program files (x86)\ESET
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 21:52 . 2014-05-07 21:52 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieUserList
2014-05-07 21:52 . 2014-05-07 21:52 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieSiteList
2014-05-07 00:49 . 2014-05-14 19:28 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-07 00:17 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-07 00:15 . 2014-05-07 00:27 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 01:38 . 2010-10-07 00:17 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-13 23:31 . 2012-04-07 14:22 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 23:31 . 2011-11-27 17:17 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-02 22:55 . 2013-06-14 12:14 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-11 13:52 . 2013-01-20 19:59 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:44 . 2014-04-09 01:03 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 01:03 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 01:03 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 01:03 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 01:03 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 01:03 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 01:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 01:03 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 01:03 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 01:03 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 01:03 2048 ----a-w- c:\windows\SysWow64\user.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 21:26 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:31]
.
2014-05-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-11-09 16:16]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 15:41]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 15:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-11-21 31744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"LXBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll" [2007-04-17 28672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nw6sjsik.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Getlyrcis@levaddons.com - c:\program files (x86)\GetLyrics\uninstall.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-25 10:49:49
ComboFix-quarantined-files.txt 2014-05-25 14:49
.
Pre-Run: 400,318,337,024 bytes free
Post-Run: 401,345,482,752 bytes free
.
- - End Of File - - C18E7D731F291E2B9F0EE5754A5CEDC2
A36C5E4F47E84449FF07ED3517B43A31

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 26 May 2014 - 08:03 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.1.2.1733-10139.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 29 May 2014 - 09:54 PM


No threats were found during the ESET scan



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.29.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Owner :: OWNER-PC [administrator]

5/29/2014 7:28:08 PM
MBAM-log-2014-05-29 (21-14-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 465822
Time elapsed: 1 hour(s), 43 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 31 May 2014 - 01:55 PM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 chakra angel

chakra angel
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 June 2014 - 12:29 PM

Hope I'm right in reporting these issues before I begin this phase of the work...

Google is my home page on IE. When I open IE I do not get the search box or links to access to my email. In order to move to another website I cannot simply type in its address--it will buffer for a while and then revert to the empty google page so I have to open a new tab and even then it may simply revert after I enter a web address.

MS Essentials still shows "at risk" icon after about a minute--even though it will show "protected" icon on start-up

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 02 June 2014 - 03:19 PM

Please follow the provided steps.

When there are any issues left at the end, we´ll handle these. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users