Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Non-Standard or Infected MBR


  • This topic is locked This topic is locked
44 replies to this topic

#1 zoomy123

zoomy123

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 July 2014 - 03:11 PM

I'm not sure what rootkit or bootkit I have. I have run multiple anti-malware scan/removal programs (malwarebytes, microsoft security essentials, adwcleaner, superantispyware) which helped to remove a fair amount of infectious material. I suspected that the damage done to the computer was rather extensive, so I also used mbrcheck which found that a non-standard or infected mbr. Any help you can provide will be greatly appreciated. Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16561
Run by Steph at 15:48:05 on 2014-07-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1976.742 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Steph\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_5335
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: HeadlineAlley: {8F61E414-EA79-4559-8BB6-61D956F70306} - 
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: HeadlineAlley: {8f61e414-ea79-4559-8bb6-61d956f70306} - 
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\steph\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8F9FBC30-956D-4DAF-BCBB-B75F270119B2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A69BFD4A-0CB2-41AA-89C4-08E958769A81} : DHCPNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  c:\progra~1\google\google~1\goec62~1.dll 
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-5 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-5 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20140718.001\BHDrvx86.sys [2014-7-23 1101616]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20140725.001\IDSvix86.sys [2014-7-27 395992]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-5 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2012-4-5 331384]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-30 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-30 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-5 130008]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104264]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-30 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-13 388096]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-20 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-07-27 18:33:42 -------- d-----w- c:\program files\CCleaner
2014-07-27 17:45:45 -------- d-----w- C:\AdwCleaner
2014-07-27 13:55:53 -------- d-----w- C:\SUPERDelete
2014-07-27 07:14:30 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{33b393a7-0309-4d23-916d-0bb3cbf11733}\mpengine.dll
2014-07-27 06:15:10 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-27 06:12:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-27 05:43:05 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-27 05:43:04 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-27 05:43:04 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-27 05:43:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 21:58:48 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e6bd2b27-41a7-4deb-b2b1-a7adb7ac8d4c}\gapaengine.dll
2014-07-10 22:25:55 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-10 22:25:54 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-10 22:25:52 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-10 22:25:52 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-10 22:25:00 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-10 22:25:00 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
.
==================== Find3M  ====================
.
2014-07-09 20:01:31 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 20:01:31 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 15:50:30.01 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 01 August 2014 - 03:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542434 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 04 August 2014 - 08:15 AM

Greetings zoomy123 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 07 August 2014 - 08:16 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 zoomy123

zoomy123
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 08 August 2014 - 02:35 AM

I'm sorry. I never got a message in my email about your reply to this thread. I only saw it just now. Please give me some time to put together a post within the next 24 hours. Thanks for your assistance and patience.



#6 zoomy123

zoomy123
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 08 August 2014 - 03:37 AM

Here is my new DDS scan results:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16561
Run by Steph at 4:19:32 on 2014-08-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1976.693 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Steph\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_5335
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: HeadlineAlley: {8F61E414-EA79-4559-8BB6-61D956F70306} - 
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: HeadlineAlley: {8f61e414-ea79-4559-8bb6-61d956f70306} - 
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\steph\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8F9FBC30-956D-4DAF-BCBB-B75F270119B2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A69BFD4A-0CB2-41AA-89C4-08E958769A81} : DHCPNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  c:\progra~1\google\google~1\goec62~1.dll 
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-5 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-5 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20140801.001\BHDrvx86.sys [2014-8-5 1101616]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20140806.001\IDSvix86.sys [2014-8-6 395992]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-5 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2012-4-5 331384]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-30 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-30 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-5 130008]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-30 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-13 388096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-20 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-08-08 02:29:52 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29888abc-9467-42fe-8893-d5ae994a7f80}\mpengine.dll
2014-08-06 23:25:15 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-08-02 23:38:48 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6d254347-9910-47ce-8f41-69c9c13ea25e}\gapaengine.dll
2014-07-29 23:40:05 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f7d377ff-3405-4da9-bb80-c7ffd7e67b8b}\gapaengine.dll
2014-07-27 20:22:50 0 ----a-w- c:\users\steph\appdata\roaming\chymvtw.dll
2014-07-27 20:20:15 -------- d-----w- c:\users\steph\appdata\roaming\BitTorrent
2014-07-27 18:33:42 -------- d-----w- c:\program files\CCleaner
2014-07-27 17:45:45 -------- d-----w- C:\AdwCleaner
2014-07-27 13:55:53 -------- d-----w- C:\SUPERDelete
2014-07-27 06:12:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-27 05:43:05 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-27 05:43:04 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-27 05:43:04 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-27 05:43:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 21:58:48 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e6bd2b27-41a7-4deb-b2b1-a7adb7ac8d4c}\gapaengine.dll
2014-07-10 22:25:55 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-10 22:25:54 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-10 22:25:52 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-10 22:25:52 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-10 22:25:00 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-10 22:25:00 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
.
==================== Find3M  ====================
.
2014-07-09 20:01:31 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 20:01:31 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH:  4:21:33.91 ===============
 

Attached Files



#7 zoomy123

zoomy123
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 08 August 2014 - 04:35 AM

Here is the TDSS log file:

 

04:42:26.0360 0x5900  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
04:43:01.0154 0x5900  ============================================================
04:43:01.0154 0x5900  Current date / time: 2014/08/08 04:43:01.0154
04:43:01.0154 0x5900  SystemInfo:
04:43:01.0154 0x5900  
04:43:01.0154 0x5900  OS Version: 6.0.6002 ServicePack: 2.0
04:43:01.0154 0x5900  Product type: Workstation
04:43:01.0155 0x5900  ComputerName: STEPH-PC
04:43:01.0155 0x5900  UserName: Steph
04:43:01.0155 0x5900  Windows directory: C:\Windows
04:43:01.0155 0x5900  System windows directory: C:\Windows
04:43:01.0155 0x5900  Processor architecture: Intel x86
04:43:01.0155 0x5900  Number of processors: 1
04:43:01.0156 0x5900  Page size: 0x1000
04:43:01.0156 0x5900  Boot type: Normal boot
04:43:01.0156 0x5900  ============================================================
04:43:03.0883 0x5900  KLMD registered as C:\Windows\system32\drivers\56430537.sys
04:43:04.0355 0x5900  System UUID: {C0CF970A-5F3D-F0A8-6CC3-B60D0DD8ED1B}
04:43:05.0479 0x5900  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:43:05.0660 0x5900  Drive \Device\Harddisk1\DR1 - Size: 0x775F8000 ( 1.87 Gb ), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:43:05.0662 0x5900  ============================================================
04:43:05.0662 0x5900  \Device\Harddisk0\DR0:
04:43:05.0662 0x5900  MBR partitions:
04:43:05.0662 0x5900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
04:43:05.0662 0x5900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
04:43:05.0662 0x5900  \Device\Harddisk1\DR1:
04:43:05.0663 0x5900  MBR partitions:
04:43:05.0663 0x5900  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3BAD41
04:43:05.0663 0x5900  ============================================================
04:43:05.0730 0x5900  C: <-> \Device\Harddisk0\DR0\Partition1
04:43:05.0782 0x5900  D: <-> \Device\Harddisk0\DR0\Partition2
04:43:05.0783 0x5900  ============================================================
04:43:05.0783 0x5900  Initialize success
04:43:05.0783 0x5900  ============================================================
04:43:55.0163 0x5e8c  ============================================================
04:43:55.0163 0x5e8c  Scan started
04:43:55.0163 0x5e8c  Mode: Manual; SigCheck; TDLFS; 
04:43:55.0163 0x5e8c  ============================================================
04:43:55.0163 0x5e8c  KSN ping started
04:44:08.0772 0x5e8c  KSN ping finished: true
04:44:09.0444 0x5e8c  ================ Scan system memory ========================
04:44:09.0444 0x5e8c  System memory - ok
04:44:09.0447 0x5e8c  ================ Scan services =============================
04:44:09.0551 0x5e8c  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
04:44:09.0758 0x5e8c  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
04:44:12.0142 0x5e8c  Detect skipped due to KSN trusted
04:44:12.0142 0x5e8c  !SASCORE - ok
04:44:12.0410 0x5e8c  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
04:44:12.0468 0x5e8c  ACPI - ok
04:44:12.0574 0x5e8c  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:44:12.0664 0x5e8c  AdobeARMservice - ok
04:44:12.0785 0x5e8c  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
04:44:12.0928 0x5e8c  AdobeFlashPlayerUpdateSvc - ok
04:44:13.0010 0x5e8c  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
04:44:13.0084 0x5e8c  adp94xx - ok
04:44:13.0125 0x5e8c  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
04:44:13.0225 0x5e8c  adpahci - ok
04:44:13.0254 0x5e8c  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
04:44:13.0316 0x5e8c  adpu160m - ok
04:44:13.0350 0x5e8c  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
04:44:13.0451 0x5e8c  adpu320 - ok
04:44:13.0515 0x5e8c  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
04:44:13.0670 0x5e8c  AeLookupSvc - ok
04:44:13.0760 0x5e8c  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
04:44:13.0845 0x5e8c  AFD - ok
04:44:13.0899 0x5e8c  [ EFBC44FBD75E4F80BD927AEBF6E7EADE, 0A1ACFE5D007DF8ABB97081C93111A1F18D90CB34093CD5784588971BFE86AE7 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
04:44:13.0967 0x5e8c  AgereModemAudio - ok
04:44:14.0049 0x5e8c  [ 38325C6AA8EAE011897D61CE48EC6435, 6F96F992022692E354BB61610936F39EA89F31F58135D0F5339A3690402F74ED ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
04:44:14.0202 0x5e8c  AgereSoftModem - ok
04:44:14.0274 0x5e8c  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
04:44:14.0319 0x5e8c  agp440 - ok
04:44:14.0348 0x5e8c  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
04:44:14.0402 0x5e8c  aic78xx - ok
04:44:14.0437 0x5e8c  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
04:44:14.0665 0x5e8c  ALG - ok
04:44:14.0691 0x5e8c  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
04:44:14.0750 0x5e8c  aliide - ok
04:44:14.0800 0x5e8c  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
04:44:14.0842 0x5e8c  amdagp - ok
04:44:14.0871 0x5e8c  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
04:44:14.0906 0x5e8c  amdide - ok
04:44:14.0957 0x5e8c  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
04:44:15.0025 0x5e8c  AmdK7 - ok
04:44:15.0058 0x5e8c  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
04:44:15.0140 0x5e8c  AmdK8 - ok
04:44:15.0202 0x5e8c  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
04:44:15.0271 0x5e8c  Appinfo - ok
04:44:15.0376 0x5e8c  [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:44:15.0562 0x5e8c  Apple Mobile Device - ok
04:44:15.0621 0x5e8c  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
04:44:15.0659 0x5e8c  arc - ok
04:44:15.0708 0x5e8c  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
04:44:15.0748 0x5e8c  arcsas - ok
04:44:15.0938 0x5e8c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
04:44:16.0006 0x5e8c  aspnet_state - ok
04:44:16.0066 0x5e8c  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
04:44:16.0162 0x5e8c  AsyncMac - ok
04:44:16.0205 0x5e8c  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
04:44:16.0236 0x5e8c  atapi - ok
04:44:16.0302 0x5e8c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:44:16.0410 0x5e8c  AudioEndpointBuilder - ok
04:44:16.0447 0x5e8c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
04:44:16.0504 0x5e8c  Audiosrv - ok
04:44:16.0571 0x5e8c  [ 502F1C30BD50B32D00CE4DCAECC3D3C7, F1F74D821C0D436C438313B522704F5DCA38A008725B74C2F6659ACAABDB210C ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
04:44:16.0661 0x5e8c  b57nd60x - ok
04:44:16.0726 0x5e8c  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
04:44:16.0807 0x5e8c  Beep - ok
04:44:16.0884 0x5e8c  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
04:44:17.0049 0x5e8c  BFE - ok
04:44:17.0302 0x5e8c  [ 5A55D8D9340A00B3BD2CC3413B4CB0C0, 438BB95072EC14AD597CFEF040CA7FDE8D46E4AAEE9145AC1014522F1842F713 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx86.sys
04:44:17.0568 0x5e8c  BHDrvx86 - ok
04:44:17.0666 0x5e8c  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
04:44:17.0791 0x5e8c  BITS - ok
04:44:17.0821 0x5e8c  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
04:44:17.0903 0x5e8c  blbdrive - ok
04:44:18.0012 0x5e8c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:44:18.0100 0x5e8c  Bonjour Service - ok
04:44:18.0151 0x5e8c  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
04:44:18.0231 0x5e8c  bowser - ok
04:44:18.0283 0x5e8c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
04:44:18.0356 0x5e8c  BrFiltLo - ok
04:44:18.0399 0x5e8c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
04:44:18.0581 0x5e8c  BrFiltUp - ok
04:44:18.0688 0x5e8c  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
04:44:18.0753 0x5e8c  Browser - ok
04:44:18.0817 0x5e8c  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
04:44:19.0017 0x5e8c  Brserid - ok
04:44:19.0047 0x5e8c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
04:44:19.0153 0x5e8c  BrSerWdm - ok
04:44:19.0190 0x5e8c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
04:44:19.0280 0x5e8c  BrUsbMdm - ok
04:44:19.0300 0x5e8c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
04:44:19.0378 0x5e8c  BrUsbSer - ok
04:44:19.0438 0x5e8c  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
04:44:19.0558 0x5e8c  BTHMODEM - ok
04:44:19.0589 0x5e8c  Bulk1528 - ok
04:44:19.0642 0x5e8c  [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
04:44:19.0710 0x5e8c  BUNAgentSvc - detected UnsignedFile.Multi.Generic ( 1 )
04:44:22.0097 0x5e8c  Detect skipped due to KSN trusted
04:44:22.0097 0x5e8c  BUNAgentSvc - ok
04:44:22.0182 0x5e8c  Ca1528av - ok
04:44:22.0214 0x5e8c  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
04:44:22.0325 0x5e8c  cdfs - ok
04:44:22.0392 0x5e8c  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
04:44:22.0466 0x5e8c  cdrom - ok
04:44:22.0528 0x5e8c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
04:44:22.0636 0x5e8c  CertPropSvc - ok
04:44:22.0657 0x5e8c  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
04:44:22.0720 0x5e8c  circlass - ok
04:44:22.0770 0x5e8c  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
04:44:22.0823 0x5e8c  CLFS - ok
04:44:22.0894 0x5e8c  [ 5CA9B1062C0C3E3AE19C23AD9D8A5048, D77BF4F907A41DB239DE2E046006F299963CF2DBEB42BACF16F505D259FF23FA ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
04:44:23.0008 0x5e8c  CLHNService - detected UnsignedFile.Multi.Generic ( 1 )
04:44:25.0404 0x5e8c  Detect skipped due to KSN trusted
04:44:25.0404 0x5e8c  CLHNService - ok
04:44:25.0495 0x5e8c  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:44:25.0566 0x5e8c  clr_optimization_v2.0.50727_32 - ok
04:44:25.0643 0x5e8c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:44:25.0700 0x5e8c  clr_optimization_v4.0.30319_32 - ok
04:44:25.0758 0x5e8c  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
04:44:25.0828 0x5e8c  CmBatt - ok
04:44:25.0867 0x5e8c  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
04:44:25.0897 0x5e8c  cmdide - ok
04:44:25.0929 0x5e8c  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
04:44:25.0962 0x5e8c  Compbatt - ok
04:44:25.0979 0x5e8c  COMSysApp - ok
04:44:25.0994 0x5e8c  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
04:44:26.0031 0x5e8c  crcdisk - ok
04:44:26.0065 0x5e8c  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
04:44:26.0148 0x5e8c  Crusoe - ok
04:44:26.0220 0x5e8c  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
04:44:26.0356 0x5e8c  CryptSvc - ok
04:44:26.0457 0x5e8c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
04:44:26.0573 0x5e8c  DcomLaunch - ok
04:44:26.0630 0x5e8c  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
04:44:26.0719 0x5e8c  DfsC - ok
04:44:26.0866 0x5e8c  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
04:44:27.0400 0x5e8c  DFSR - ok
04:44:27.0550 0x5e8c  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
04:44:27.0661 0x5e8c  Dhcp - ok
04:44:27.0753 0x5e8c  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
04:44:27.0812 0x5e8c  disk - ok
04:44:27.0886 0x5e8c  [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
04:44:27.0929 0x5e8c  DKbFltr - ok
04:44:27.0988 0x5e8c  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
04:44:28.0060 0x5e8c  Dnscache - ok
04:44:28.0100 0x5e8c  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
04:44:28.0207 0x5e8c  dot3svc - ok
04:44:28.0277 0x5e8c  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
04:44:28.0356 0x5e8c  Dot4 - ok
04:44:28.0381 0x5e8c  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:44:28.0449 0x5e8c  Dot4Print - ok
04:44:28.0475 0x5e8c  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
04:44:28.0554 0x5e8c  dot4usb - ok
04:44:28.0608 0x5e8c  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
04:44:28.0689 0x5e8c  DPS - ok
04:44:28.0720 0x5e8c  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
04:44:28.0776 0x5e8c  drmkaud - ok
04:44:28.0862 0x5e8c  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
04:44:28.0973 0x5e8c  DXGKrnl - ok
04:44:29.0146 0x5e8c  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
04:44:29.0304 0x5e8c  E1G60 - ok
04:44:29.0362 0x5e8c  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
04:44:29.0447 0x5e8c  EapHost - ok
04:44:29.0526 0x5e8c  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
04:44:29.0580 0x5e8c  Ecache - ok
04:44:29.0686 0x5e8c  [ 2CE2DDCB1A41ED4488A2A8B98D286B3D, B92EDBCCEE59A31764AF4A0C049FE2211459FD36FEE06412677645BB116D1F46 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
04:44:29.0817 0x5e8c  eDataSecurity Service - ok
04:44:29.0958 0x5e8c  [ 10D14FAEF105DF2432D0E03860895284, 200662CD73537A8152FA0C276F20CE9B558FB2EB1AD0C171E5CCF4DC8C02F8B3 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:44:30.0084 0x5e8c  eeCtrl - ok
04:44:30.0150 0x5e8c  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
04:44:30.0266 0x5e8c  ehRecvr - ok
04:44:30.0311 0x5e8c  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
04:44:30.0408 0x5e8c  ehSched - ok
04:44:30.0436 0x5e8c  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
04:44:30.0490 0x5e8c  ehstart - ok
04:44:30.0551 0x5e8c  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
04:44:30.0636 0x5e8c  elxstor - ok
04:44:30.0723 0x5e8c  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
04:44:30.0834 0x5e8c  EMDMgmt - ok
04:44:30.0904 0x5e8c  [ 0424EAB7549926FB864BD41E7F0639CC, 04E349F311B24239E1B4DAD073360A0D91391B69E74B43D705A1C00FDF113F45 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:44:30.0992 0x5e8c  EraserUtilRebootDrv - ok
04:44:31.0042 0x5e8c  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
04:44:31.0088 0x5e8c  ErrDev - ok
04:44:31.0150 0x5e8c  [ A51FD9DF23720485991F56741BBEFCFB, 8998926A056074963898FE5A9148FDCDA9C66607A7F534D69952E4CDDE10EDC5 ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
04:44:31.0271 0x5e8c  ETService - detected UnsignedFile.Multi.Generic ( 1 )
04:44:33.0784 0x5e8c  Detect skipped due to KSN trusted
04:44:33.0784 0x5e8c  ETService - ok
04:44:33.0876 0x5e8c  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
04:44:33.0964 0x5e8c  EventSystem - ok
04:44:34.0019 0x5e8c  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
04:44:34.0106 0x5e8c  exfat - ok
04:44:34.0165 0x5e8c  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
04:44:34.0219 0x5e8c  fastfat - ok
04:44:34.0273 0x5e8c  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
04:44:34.0380 0x5e8c  fdc - ok
04:44:34.0427 0x5e8c  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
04:44:34.0524 0x5e8c  fdPHost - ok
04:44:34.0563 0x5e8c  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
04:44:34.0660 0x5e8c  FDResPub - ok
04:44:34.0691 0x5e8c  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
04:44:34.0737 0x5e8c  FileInfo - ok
04:44:34.0767 0x5e8c  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
04:44:34.0841 0x5e8c  Filetrace - ok
04:44:34.0871 0x5e8c  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
04:44:34.0931 0x5e8c  flpydisk - ok
04:44:34.0977 0x5e8c  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
04:44:35.0043 0x5e8c  FltMgr - ok
04:44:35.0162 0x5e8c  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
04:44:35.0289 0x5e8c  FontCache - ok
04:44:35.0379 0x5e8c  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:44:35.0413 0x5e8c  FontCache3.0.0.0 - ok
04:44:35.0460 0x5e8c  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
04:44:35.0527 0x5e8c  Fs_Rec - ok
04:44:35.0568 0x5e8c  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
04:44:35.0626 0x5e8c  gagp30kx - ok
04:44:35.0668 0x5e8c  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:44:35.0720 0x5e8c  GEARAspiWDM - ok
04:44:35.0823 0x5e8c  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
04:44:35.0865 0x5e8c  GoogleDesktopManager-051210-111108 - ok
04:44:35.0937 0x5e8c  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
04:44:36.0097 0x5e8c  gpsvc - ok
04:44:36.0167 0x5e8c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
04:44:36.0294 0x5e8c  gupdate - ok
04:44:36.0309 0x5e8c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
04:44:36.0387 0x5e8c  gupdatem - ok
04:44:36.0468 0x5e8c  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
04:44:36.0575 0x5e8c  gusvc - ok
04:44:36.0651 0x5e8c  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:44:36.0747 0x5e8c  HdAudAddService - ok
04:44:36.0815 0x5e8c  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
04:44:36.0948 0x5e8c  HDAudBus - ok
04:44:36.0999 0x5e8c  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
04:44:37.0069 0x5e8c  HidBth - ok
04:44:37.0099 0x5e8c  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
04:44:37.0278 0x5e8c  HidIr - ok
04:44:37.0320 0x5e8c  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
04:44:37.0414 0x5e8c  hidserv - ok
04:44:37.0469 0x5e8c  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
04:44:37.0534 0x5e8c  HidUsb - ok
04:44:37.0599 0x5e8c  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
04:44:37.0699 0x5e8c  hkmsvc - ok
04:44:37.0740 0x5e8c  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
04:44:37.0777 0x5e8c  HpCISSs - ok
04:44:37.0893 0x5e8c  [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
04:44:38.0013 0x5e8c  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
04:44:40.0395 0x5e8c  Detect skipped due to KSN trusted
04:44:40.0395 0x5e8c  hpqcxs08 - ok
04:44:40.0428 0x5e8c  [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
04:44:40.0519 0x5e8c  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
04:44:43.0357 0x5e8c  Detect skipped due to KSN trusted
04:44:43.0357 0x5e8c  hpqddsvc - ok
04:44:43.0418 0x5e8c  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
04:44:43.0495 0x5e8c  HSFHWAZL - ok
04:44:43.0569 0x5e8c  [ EC36F1D542ED4252390D446BF6D4DFD0, DB55D73726E96D3653C37EEBE628D48466D766A9EC1219ED735D5D8FF2822BE2 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
04:44:43.0697 0x5e8c  HSF_DPV - ok
04:44:43.0753 0x5e8c  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
04:44:43.0866 0x5e8c  HTTP - ok
04:44:43.0909 0x5e8c  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
04:44:43.0941 0x5e8c  i2omp - ok
04:44:43.0997 0x5e8c  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
04:44:44.0076 0x5e8c  i8042prt - ok
04:44:44.0136 0x5e8c  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
04:44:44.0190 0x5e8c  iaStorV - ok
04:44:44.0292 0x5e8c  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:44:44.0480 0x5e8c  idsvc - ok
04:44:44.0613 0x5e8c  [ 373C0F67CC49772028D311FD147F4E85, D88613EB4DCB6F0A77D947D3DAB853689FFD71331484723C7CDCBADC7F01CB34 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20140806.001\IDSvix86.sys
04:44:44.0711 0x5e8c  IDSVix86 - ok
04:44:45.0220 0x5e8c  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
04:44:46.0613 0x5e8c  igfx - ok
04:44:46.0672 0x5e8c  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
04:44:46.0708 0x5e8c  iirsp - ok
04:44:46.0775 0x5e8c  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
04:44:46.0938 0x5e8c  IKEEXT - ok
04:44:46.0987 0x5e8c  [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15           C:\Windows\system32\drivers\int15.sys
04:44:47.0017 0x5e8c  int15 - ok
04:44:47.0170 0x5e8c  [ 23EBCEE9AAA4D6C88728791FAB462456, 0D4FD37930F96B5FD93A4B8996A1544FF665AA7ABC3D14563CCEEC3E657E892D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
04:44:47.0383 0x5e8c  IntcAzAudAddService - ok
04:44:47.0466 0x5e8c  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
04:44:47.0496 0x5e8c  intelide - ok
04:44:47.0539 0x5e8c  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
04:44:47.0612 0x5e8c  intelppm - ok
04:44:47.0670 0x5e8c  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
04:44:47.0756 0x5e8c  IPBusEnum - ok
04:44:47.0834 0x5e8c  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:44:47.0908 0x5e8c  IpFilterDriver - ok
04:44:47.0967 0x5e8c  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
04:44:48.0061 0x5e8c  iphlpsvc - ok
04:44:48.0073 0x5e8c  IpInIp - ok
04:44:48.0102 0x5e8c  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
04:44:48.0183 0x5e8c  IPMIDRV - ok
04:44:48.0235 0x5e8c  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
04:44:48.0306 0x5e8c  IPNAT - ok
04:44:48.0376 0x5e8c  [ 57EDB35EA2FECA88F8B17C0C095C9A56, 7D5BD4547E60E42BE71C5D2B8FB91F0576D95CC9C86699FCA7F2A5722C318AB1 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
04:44:48.0576 0x5e8c  iPod Service - ok
04:44:48.0630 0x5e8c  [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda            C:\Windows\system32\DRIVERS\irda.sys
04:44:48.0714 0x5e8c  irda - ok
04:44:48.0749 0x5e8c  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
04:44:48.0797 0x5e8c  IRENUM - ok
04:44:48.0861 0x5e8c  [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon           C:\Windows\System32\irmon.dll
04:44:48.0948 0x5e8c  Irmon - ok
04:44:48.0970 0x5e8c  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
04:44:49.0048 0x5e8c  isapnp - ok
04:44:49.0129 0x5e8c  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
04:44:49.0168 0x5e8c  iScsiPrt - ok
04:44:49.0208 0x5e8c  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
04:44:49.0241 0x5e8c  iteatapi - ok
04:44:49.0275 0x5e8c  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
04:44:49.0310 0x5e8c  iteraid - ok
04:44:49.0342 0x5e8c  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
04:44:49.0378 0x5e8c  kbdclass - ok
04:44:49.0430 0x5e8c  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
04:44:49.0492 0x5e8c  kbdhid - ok
04:44:49.0525 0x5e8c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
04:44:49.0609 0x5e8c  KeyIso - ok
04:44:49.0670 0x5e8c  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
04:44:49.0801 0x5e8c  KSecDD - ok
04:44:49.0885 0x5e8c  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
04:44:50.0086 0x5e8c  KtmRm - ok
04:44:50.0205 0x5e8c  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
04:44:50.0302 0x5e8c  LanmanServer - ok
04:44:50.0353 0x5e8c  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:44:50.0450 0x5e8c  LanmanWorkstation - ok
04:44:50.0510 0x5e8c  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
04:44:50.0602 0x5e8c  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
04:44:52.0974 0x5e8c  Detect skipped due to KSN trusted
04:44:52.0974 0x5e8c  LightScribeService - ok
04:44:53.0044 0x5e8c  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
04:44:53.0112 0x5e8c  lltdio - ok
04:44:53.0156 0x5e8c  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
04:44:53.0228 0x5e8c  lltdsvc - ok
04:44:53.0258 0x5e8c  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
04:44:53.0368 0x5e8c  lmhosts - ok
04:44:53.0403 0x5e8c  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
04:44:53.0455 0x5e8c  LSI_FC - ok
04:44:53.0511 0x5e8c  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
04:44:53.0558 0x5e8c  LSI_SAS - ok
04:44:53.0607 0x5e8c  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
04:44:53.0656 0x5e8c  LSI_SCSI - ok
04:44:53.0696 0x5e8c  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
04:44:53.0772 0x5e8c  luafv - ok
04:44:53.0904 0x5e8c  [ 8113133EC42DD6C566908008CE913EDD, 9D388AEF0A1F62E45D1F84D0429B6AD3AB3FE73ABB0C9E0564B6D91337A74E98 ] LVcKap          C:\Windows\system32\DRIVERS\LVcKap.sys
04:44:54.0046 0x5e8c  LVcKap - ok
04:44:54.0131 0x5e8c  [ 9E41266C68C11D7101A2D18CD1F7553E, ECFE65FDEA7F9A10F5B776370AE6F2DEA6BB7C249902F034BB199C0548356E5E ] LVCOMSer        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
04:44:54.0219 0x5e8c  LVCOMSer - ok
04:44:54.0338 0x5e8c  [ 0DD5B8AF4917A2821047450195C511B3, 9F5D57CA468DCE508E5A037543A6D99F535F84C35BB49B0FF96A2C385AB8A247 ] LVMVDrv         C:\Windows\system32\DRIVERS\LVMVDrv.sys
04:44:54.0669 0x5e8c  LVMVDrv - ok
04:44:54.0747 0x5e8c  [ 406B1D186F75B4B4832D6237859E1B00, 7FB2657F98B425262F57574FEFF70ECCCEAD2238F10195D347AA95EAA632109D ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
04:44:54.0784 0x5e8c  LVPr2Mon - ok
04:44:54.0831 0x5e8c  [ 85C2E84BC1224C75A20B5560D5A15DB9, C95E4FB231DF7381CC66B91FACE99BA21FF2E5A0ED8D4BD7B317A5ADBF604D51 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
04:44:54.0910 0x5e8c  LVPrcSrv - ok
04:44:54.0956 0x5e8c  [ 656180E9C0C5199520972426C44BC2F0, AE5EDCA443A2C530247E27882DAFAECBE814C7575CF162A8C7ED5CD0B5049AEC ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
04:44:55.0051 0x5e8c  LVSrvLauncher - ok
04:44:55.0279 0x5e8c  [ 5BC80451109A8DD7F2DDD35BCE2929A3, F97BAD2D43D1E199841BAE5707424B49B4451CD486F249646E898FC7CC7AB4C8 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
04:44:55.0777 0x5e8c  LVUVC - ok
04:44:55.0937 0x5e8c  [ C3ED67C05F3923F9A8FEBA7A996337E1, 0A092A22339A9BFFAAB4A8A7C795480C058C0360C743BDF5D5DE042825F464A7 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
04:44:56.0025 0x5e8c  McComponentHostService - ok
04:44:56.0082 0x5e8c  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
04:44:56.0145 0x5e8c  Mcx2Svc - ok
04:44:56.0187 0x5e8c  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
04:44:56.0240 0x5e8c  megasas - ok
04:44:56.0286 0x5e8c  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
04:44:56.0337 0x5e8c  MegaSR - ok
04:44:56.0389 0x5e8c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
04:44:56.0470 0x5e8c  MMCSS - ok
04:44:56.0525 0x5e8c  MobilityService - ok
04:44:56.0554 0x5e8c  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
04:44:56.0623 0x5e8c  Modem - ok
04:44:56.0664 0x5e8c  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
04:44:56.0740 0x5e8c  monitor - ok
04:44:56.0784 0x5e8c  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
04:44:56.0820 0x5e8c  mouclass - ok
04:44:56.0856 0x5e8c  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
04:44:56.0904 0x5e8c  mouhid - ok
04:44:56.0948 0x5e8c  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
04:44:57.0008 0x5e8c  MountMgr - ok
04:44:57.0088 0x5e8c  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
04:44:57.0138 0x5e8c  MpFilter - ok
04:44:57.0169 0x5e8c  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
04:44:57.0226 0x5e8c  mpio - ok
04:44:57.0420 0x5e8c  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsldae08cf0   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1BD73479-A838-404D-BB2D-5A3D0C9C9B7C}\MpKsldae08cf0.sys
04:44:57.0458 0x5e8c  MpKsldae08cf0 - ok
04:44:57.0511 0x5e8c  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
04:44:57.0553 0x5e8c  mpsdrv - ok
04:44:57.0614 0x5e8c  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
04:44:57.0712 0x5e8c  MpsSvc - ok
04:44:57.0749 0x5e8c  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
04:44:57.0785 0x5e8c  Mraid35x - ok
04:44:57.0843 0x5e8c  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
04:44:57.0901 0x5e8c  MRxDAV - ok
04:44:57.0930 0x5e8c  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
04:44:58.0025 0x5e8c  mrxsmb - ok
04:44:58.0085 0x5e8c  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:44:58.0129 0x5e8c  mrxsmb10 - ok
04:44:58.0180 0x5e8c  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:44:58.0228 0x5e8c  mrxsmb20 - ok
04:44:58.0296 0x5e8c  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\drivers\msahci.sys
04:44:58.0330 0x5e8c  msahci - ok
04:44:58.0370 0x5e8c  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
04:44:58.0404 0x5e8c  msdsm - ok
04:44:58.0436 0x5e8c  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
04:44:58.0509 0x5e8c  MSDTC - ok
04:44:58.0554 0x5e8c  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
04:44:58.0622 0x5e8c  Msfs - ok
04:44:58.0651 0x5e8c  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
04:44:58.0689 0x5e8c  msisadrv - ok
04:44:58.0731 0x5e8c  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
04:44:58.0829 0x5e8c  MSiSCSI - ok
04:44:58.0869 0x5e8c  msiserver - ok
04:44:58.0920 0x5e8c  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
04:44:58.0994 0x5e8c  MSKSSRV - ok
04:44:59.0067 0x5e8c  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
04:44:59.0101 0x5e8c  MsMpSvc - ok
04:44:59.0129 0x5e8c  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
04:44:59.0232 0x5e8c  MSPCLOCK - ok
04:44:59.0259 0x5e8c  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
04:44:59.0325 0x5e8c  MSPQM - ok
04:44:59.0374 0x5e8c  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
04:44:59.0440 0x5e8c  MsRPC - ok
04:44:59.0504 0x5e8c  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
04:44:59.0564 0x5e8c  mssmbios - ok
04:44:59.0675 0x5e8c  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
04:44:59.0922 0x5e8c  MSTEE - ok
04:45:00.0026 0x5e8c  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
04:45:00.0129 0x5e8c  Mup - ok
04:45:00.0439 0x5e8c  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
04:45:00.0878 0x5e8c  napagent - ok
04:45:01.0350 0x5e8c  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
04:45:01.0958 0x5e8c  NativeWifiP - ok
04:45:02.0580 0x5e8c  [ E78A365CC3E0FBFC018A33DCE01909F8, 0A414BDD8F8FB4BA493B8FBE9EB63377D9BB0A6800C55B2E3500913CF0F96AC6 ] NAV             C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
04:45:03.0575 0x5e8c  NAV - ok
04:45:03.0877 0x5e8c  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20140807.001\NAVENG.SYS
04:45:03.0923 0x5e8c  NAVENG - ok
04:45:04.0046 0x5e8c  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20140807.001\NAVEX15.SYS
04:45:04.0201 0x5e8c  NAVEX15 - ok
04:45:04.0284 0x5e8c  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
04:45:04.0352 0x5e8c  NDIS - ok
04:45:04.0395 0x5e8c  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
04:45:04.0458 0x5e8c  NdisTapi - ok
04:45:04.0494 0x5e8c  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
04:45:04.0549 0x5e8c  Ndisuio - ok
04:45:04.0612 0x5e8c  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
04:45:04.0685 0x5e8c  NdisWan - ok
04:45:04.0722 0x5e8c  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
04:45:04.0777 0x5e8c  NDProxy - ok
04:45:04.0834 0x5e8c  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
04:45:04.0892 0x5e8c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
04:45:07.0717 0x5e8c  Detect skipped due to KSN trusted
04:45:07.0717 0x5e8c  Net Driver HPZ12 - ok
04:45:07.0758 0x5e8c  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
04:45:07.0812 0x5e8c  NetBIOS - ok
04:45:07.0878 0x5e8c  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
04:45:08.0005 0x5e8c  netbt - ok
04:45:08.0047 0x5e8c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
04:45:08.0164 0x5e8c  Netlogon - ok
04:45:08.0266 0x5e8c  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
04:45:08.0390 0x5e8c  Netman - ok
04:45:08.0494 0x5e8c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:45:08.0606 0x5e8c  NetMsmqActivator - ok
04:45:08.0633 0x5e8c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:45:08.0681 0x5e8c  NetPipeActivator - ok
04:45:08.0731 0x5e8c  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
04:45:08.0822 0x5e8c  netprofm - ok
04:45:08.0916 0x5e8c  [ A013222A9A890DDAAC967DEBADE59EAD, A36EDE54BFF1204981BABA185926718FFFEA72DDE6DB21A4869A0A1B016CD7F6 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
04:45:09.0051 0x5e8c  netr28 - ok
04:45:09.0093 0x5e8c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:45:09.0138 0x5e8c  NetTcpActivator - ok
04:45:09.0158 0x5e8c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:45:09.0205 0x5e8c  NetTcpPortSharing - ok
04:45:09.0267 0x5e8c  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
04:45:09.0385 0x5e8c  nfrd960 - ok
04:45:09.0469 0x5e8c  [ FCBC2F48430EB0D7150A6521C0B84ACA, EEFB975E2D1121EE9E93702F2CA2938C99C6B2273616C85816BA15E857E8D4FF ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:45:09.0522 0x5e8c  NisDrv - ok
04:45:09.0567 0x5e8c  [ E4AA07F8BCBCB66EF115C443CD45C7A2, 3B538D9E376F12FC8589BA500BB5E859337CF1856D0E4AA66E2E3B5E301DAEC5 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
04:45:09.0625 0x5e8c  NisSrv - ok
04:45:09.0675 0x5e8c  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
04:45:09.0755 0x5e8c  NlaSvc - ok
04:45:09.0830 0x5e8c  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
04:45:09.0920 0x5e8c  Npfs - ok
04:45:09.0948 0x5e8c  [ 6D8D2E5652FC2442C810C5D8BE784148, 013FF4FA03CA2E066B1946CC09889616B243068BA0FB2E58D4C1435BF66FBC87 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
04:45:10.0010 0x5e8c  NSCIRDA - ok
04:45:10.0049 0x5e8c  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
04:45:10.0129 0x5e8c  nsi - ok
04:45:10.0161 0x5e8c  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
04:45:10.0230 0x5e8c  nsiproxy - ok
04:45:10.0321 0x5e8c  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
04:45:10.0471 0x5e8c  Ntfs - ok
04:45:10.0524 0x5e8c  [ CB76F68BA0D57C5D25B538981B1C611C, D078ADEFCF1559EA86AFBD3F6766065EE12B85CF44736A87D4140FB0C480215E ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
04:45:10.0654 0x5e8c  NTIBackupSvc - ok
04:45:10.0694 0x5e8c  [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
04:45:10.0758 0x5e8c  NTIDrvr - ok
04:45:10.0856 0x5e8c  [ 547BFA3591C70674B0BFC99354AB78B3, B237BF92DF8AF8839EA77914BC8BAF103B6136E68E6705BA0BA283F8C7172BBE ] NTIPPKernel     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
04:45:10.0943 0x5e8c  NTIPPKernel - detected UnsignedFile.Multi.Generic ( 1 )
04:45:21.0041 0x5e8c  NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
04:45:25.0777 0x5e8c  [ DF1C10A75DF7E50195FC417F88A33227, 1551A6243236FD46F34C6F2443A3CC78D5424D9BCECB8576227A9E0AC91EC804 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
04:45:25.0912 0x5e8c  NTISchedulerSvc - detected UnsignedFile.Multi.Generic ( 1 )
04:45:28.0514 0x5e8c  Detect skipped due to KSN trusted
04:45:28.0514 0x5e8c  NTISchedulerSvc - ok
04:45:28.0570 0x5e8c  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
04:45:28.0680 0x5e8c  ntrigdigi - ok
04:45:28.0705 0x5e8c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
04:45:28.0769 0x5e8c  Null - ok
04:45:28.0810 0x5e8c  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
04:45:28.0882 0x5e8c  nvraid - ok
04:45:28.0930 0x5e8c  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
04:45:28.0973 0x5e8c  nvstor - ok
04:45:29.0006 0x5e8c  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
04:45:29.0097 0x5e8c  nv_agp - ok
04:45:29.0109 0x5e8c  NwlnkFlt - ok
04:45:29.0125 0x5e8c  NwlnkFwd - ok
04:45:29.0232 0x5e8c  [ E54AA592A65F317390EEE386A8821692, 7997F8C07802F6C49F06620B35C4C382ADD5419EA8BE02CD7AF0F2EF42A93E53 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:45:29.0359 0x5e8c  odserv - ok
04:45:29.0412 0x5e8c  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
04:45:29.0494 0x5e8c  ohci1394 - ok
04:45:29.0550 0x5e8c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:45:29.0640 0x5e8c  ose - ok
04:45:29.0715 0x5e8c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
04:45:29.0852 0x5e8c  p2pimsvc - ok
04:45:29.0906 0x5e8c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
04:45:30.0044 0x5e8c  p2psvc - ok
04:45:30.0098 0x5e8c  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
04:45:30.0189 0x5e8c  Parport - ok
04:45:30.0242 0x5e8c  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
04:45:30.0308 0x5e8c  partmgr - ok
04:45:30.0326 0x5e8c  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
04:45:30.0407 0x5e8c  Parvdm - ok
04:45:30.0449 0x5e8c  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
04:45:30.0548 0x5e8c  PcaSvc - ok
04:45:30.0607 0x5e8c  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
04:45:30.0650 0x5e8c  pci - ok
04:45:30.0696 0x5e8c  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
04:45:30.0733 0x5e8c  pciide - ok
04:45:30.0802 0x5e8c  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
04:45:30.0839 0x5e8c  pcmcia - ok
04:45:30.0916 0x5e8c  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
04:45:31.0079 0x5e8c  PEAUTH - ok
04:45:31.0196 0x5e8c  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
04:45:31.0410 0x5e8c  pla - ok
04:45:31.0494 0x5e8c  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
04:45:32.0711 0x5e8c  PlugPlay - ok
04:45:32.0763 0x5e8c  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:45:32.0813 0x5e8c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
04:45:35.0192 0x5e8c  Detect skipped due to KSN trusted
04:45:35.0192 0x5e8c  Pml Driver HPZ12 - ok
04:45:35.0248 0x5e8c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
04:45:35.0394 0x5e8c  PNRPAutoReg - ok
04:45:35.0459 0x5e8c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
04:45:35.0523 0x5e8c  PNRPsvc - ok
04:45:35.0583 0x5e8c  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
04:45:35.0711 0x5e8c  PolicyAgent - ok
04:45:35.0766 0x5e8c  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
04:45:35.0840 0x5e8c  PptpMiniport - ok
04:45:35.0871 0x5e8c  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
04:45:35.0942 0x5e8c  Processor - ok
04:45:36.0000 0x5e8c  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
04:45:36.0090 0x5e8c  ProfSvc - ok
04:45:36.0121 0x5e8c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
04:45:36.0205 0x5e8c  ProtectedStorage - ok
04:45:36.0261 0x5e8c  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
04:45:36.0314 0x5e8c  PSched - ok
04:45:36.0357 0x5e8c  [ 1DCBB35090CC4B2BD3D661E6089523C6, AF2628490A2A4E85057BF7D269F35BDCBD3B0BF655F77E57759D1BFAAD97A91B ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
04:45:36.0389 0x5e8c  PSDFilter - ok
04:45:36.0413 0x5e8c  [ E26E46D619469964AC3609620F443867, 61A2683E8E76ED3B204D734498BB9A2AF72F995B83DE2B80E9106A0BC1675276 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
04:45:36.0457 0x5e8c  PSDNServ - ok
04:45:36.0490 0x5e8c  [ 3E1D134AF2806867D06047C4CC33CC65, D9D742E354E473BF3CAC6FB573DCCB3A90DE3F3AB243294078BD61ED6E1F5269 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
04:45:36.0582 0x5e8c  psdvdisk - ok
04:45:36.0651 0x5e8c  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
04:45:36.0745 0x5e8c  ql2300 - ok
04:45:36.0790 0x5e8c  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
04:45:36.0841 0x5e8c  ql40xx - ok
04:45:36.0888 0x5e8c  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
04:45:37.0010 0x5e8c  QWAVE - ok
04:45:37.0045 0x5e8c  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
04:45:37.0117 0x5e8c  QWAVEdrv - ok
04:45:37.0145 0x5e8c  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
04:45:37.0298 0x5e8c  RasAcd - ok
04:45:37.0375 0x5e8c  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
04:45:37.0462 0x5e8c  RasAuto - ok
04:45:37.0484 0x5e8c  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
04:45:37.0583 0x5e8c  Rasl2tp - ok
04:45:37.0651 0x5e8c  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
04:45:37.0723 0x5e8c  RasMan - ok
04:45:37.0769 0x5e8c  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
04:45:37.0833 0x5e8c  RasPppoe - ok
04:45:37.0887 0x5e8c  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
04:45:37.0936 0x5e8c  RasSstp - ok
04:45:37.0992 0x5e8c  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
04:45:38.0075 0x5e8c  rdbss - ok
04:45:38.0120 0x5e8c  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
04:45:38.0165 0x5e8c  RDPCDD - ok
04:45:38.0208 0x5e8c  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
04:45:38.0265 0x5e8c  rdpdr - ok
04:45:38.0281 0x5e8c  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
04:45:38.0341 0x5e8c  RDPENCDD - ok
04:45:38.0408 0x5e8c  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
04:45:38.0502 0x5e8c  RDPWD - ok
04:45:38.0562 0x5e8c  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
04:45:38.0723 0x5e8c  RemoteAccess - ok
04:45:38.0778 0x5e8c  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
04:45:38.0848 0x5e8c  RemoteRegistry - ok
04:45:38.0916 0x5e8c  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449, F05A32DA0A62144AAE78A3A9173F21F52FAED4E39F9250B3E1B11066760B2576 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
04:45:39.0017 0x5e8c  RichVideo - ok
04:45:39.0060 0x5e8c  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
04:45:39.0140 0x5e8c  RpcLocator - ok
04:45:39.0207 0x5e8c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
04:45:39.0351 0x5e8c  RpcSs - ok
04:45:39.0394 0x5e8c  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
04:45:39.0483 0x5e8c  rspndr - ok
04:45:39.0520 0x5e8c  [ 9EA88492B1DAB90DCE43A6F2C0E133BD, 88A8AC2A681357C086F3F149DFB59A64D4C204AF496DD0F4D477F2B4A27D9BAF ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
04:45:39.0597 0x5e8c  RTSTOR - ok
04:45:39.0632 0x5e8c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
04:45:39.0676 0x5e8c  SamSs - ok
04:45:39.0745 0x5e8c  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:45:39.0824 0x5e8c  SASDIFSV - ok
04:45:39.0843 0x5e8c  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:45:39.0898 0x5e8c  SASKUTIL - ok
04:45:39.0945 0x5e8c  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
04:45:40.0018 0x5e8c  sbp2port - ok
04:45:40.0151 0x5e8c  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
04:45:40.0310 0x5e8c  SCardSvr - ok
04:45:40.0374 0x5e8c  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
04:45:40.0482 0x5e8c  Schedule - ok
04:45:40.0534 0x5e8c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
04:45:40.0597 0x5e8c  SCPolicySvc - ok
04:45:40.0629 0x5e8c  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
04:45:40.0694 0x5e8c  sdbus - ok
04:45:40.0733 0x5e8c  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
04:45:40.0839 0x5e8c  SDRSVC - ok
04:45:40.0872 0x5e8c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
04:45:40.0984 0x5e8c  secdrv - ok
04:45:41.0015 0x5e8c  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
04:45:41.0077 0x5e8c  seclogon - ok
04:45:41.0117 0x5e8c  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
04:45:41.0195 0x5e8c  SENS - ok
04:45:41.0238 0x5e8c  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
04:45:41.0341 0x5e8c  Serenum - ok
04:45:41.0377 0x5e8c  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
04:45:41.0453 0x5e8c  Serial - ok
04:45:41.0485 0x5e8c  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
04:45:41.0531 0x5e8c  sermouse - ok
04:45:41.0601 0x5e8c  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
04:45:41.0655 0x5e8c  SessionEnv - ok
04:45:41.0686 0x5e8c  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
04:45:41.0726 0x5e8c  sffdisk - ok
04:45:41.0778 0x5e8c  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
04:45:41.0841 0x5e8c  sffp_mmc - ok
04:45:41.0864 0x5e8c  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
04:45:41.0935 0x5e8c  sffp_sd - ok
04:45:41.0962 0x5e8c  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
04:45:42.0037 0x5e8c  sfloppy - ok
04:45:42.0088 0x5e8c  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
04:45:42.0187 0x5e8c  SharedAccess - ok
04:45:42.0239 0x5e8c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:45:42.0319 0x5e8c  ShellHWDetection - ok
04:45:42.0352 0x5e8c  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
04:45:42.0448 0x5e8c  sisagp - ok
04:45:42.0594 0x5e8c  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
04:45:42.0634 0x5e8c  SiSRaid2 - ok
04:45:42.0668 0x5e8c  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
04:45:42.0709 0x5e8c  SiSRaid4 - ok
04:45:42.0889 0x5e8c  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
04:45:43.0201 0x5e8c  slsvc - ok
04:45:43.0277 0x5e8c  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
04:45:43.0361 0x5e8c  SLUINotify - ok
04:45:43.0414 0x5e8c  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
04:45:43.0489 0x5e8c  Smb - ok
04:45:43.0549 0x5e8c  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
04:45:43.0596 0x5e8c  SNMPTRAP - ok
04:45:43.0640 0x5e8c  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
04:45:43.0675 0x5e8c  spldr - ok
04:45:43.0723 0x5e8c  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
04:45:43.0803 0x5e8c  Spooler - ok
04:45:43.0934 0x5e8c  [ 83726CF02ECED69138948083E06B6EAC, 30E3A3F1D0EC941585657F180F8C4E9DD3A531410E2A8FCC4D89C7D0F87F6D25 ] SRTSP           C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS
04:45:43.0993 0x5e8c  SRTSP - ok
04:45:44.0026 0x5e8c  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225, 18EE7D8AB8A04C1BF9C8A011D086E442EF1BB2272C2272638A2223289803B4BD ] SRTSPX          C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS
04:45:44.0071 0x5e8c  SRTSPX - ok
04:45:44.0126 0x5e8c  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
04:45:44.0218 0x5e8c  srv - ok
04:45:44.0277 0x5e8c  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
04:45:44.0330 0x5e8c  srv2 - ok
04:45:44.0364 0x5e8c  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
04:45:44.0419 0x5e8c  srvnet - ok
04:45:44.0464 0x5e8c  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
04:45:44.0596 0x5e8c  SSDPSRV - ok
04:45:44.0641 0x5e8c  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
04:45:44.0697 0x5e8c  SstpSvc - ok
04:45:44.0784 0x5e8c  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
04:45:44.0864 0x5e8c  stisvc - ok
04:45:44.0909 0x5e8c  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
04:45:44.0943 0x5e8c  swenum - ok
04:45:44.0980 0x5e8c  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
04:45:45.0061 0x5e8c  swprv - ok
04:45:45.0098 0x5e8c  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
04:45:45.0146 0x5e8c  Symc8xx - ok
04:45:45.0170 0x5e8c  SYMDNS - ok
04:45:45.0228 0x5e8c  [ 9BBEB8C6258E72D62E7560E6667AAD39, 23B90D925465FE7AF22D685FFEC3A51D438AE545DC3EC8AEF5F528379937F53D ] SymDS           C:\Windows\system32\drivers\NAV\1207010.003\SYMDS.SYS
04:45:45.0295 0x5e8c  SymDS - ok
04:45:45.0361 0x5e8c  [ D5C02629C02A820A7E71BCA3D44294A3, 8E2200284ACB55576DB263655596E5CED32CDEDDFF604595128E05430D932CC2 ] SymEFA          C:\Windows\system32\drivers\NAV\1207010.003\SYMEFA.SYS
04:45:45.0429 0x5e8c  SymEFA - ok
04:45:45.0493 0x5e8c  [ AB33C3B196197CA467CBDDA717860DBA, B4A0AE96AB2BFB5309B035651E2BCE4BE339FE58CC282124BF625313714D97EB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
04:45:45.0576 0x5e8c  SymEvent - ok
04:45:45.0613 0x5e8c  SYMFW - ok
04:45:45.0673 0x5e8c  [ A73399804D5D4A8B20BA60FCF70C9F1F, 1697B961FBAFA9EE9D0AE52229342A619404AB5C390D6E3CA12E4966C822E19E ] SymIRON         C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS
04:45:45.0713 0x5e8c  SymIRON - ok
04:45:45.0732 0x5e8c  SYMNDISV - ok
04:45:45.0762 0x5e8c  SYMREDRV - ok
04:45:45.0796 0x5e8c  [ D42A7229E333AF725F1445F785E4658D, 7E0CC55FD5D93FD010481F62B8FC6D682ABB60A9BBA1D534B1D9B270E0BD77B8 ] SYMTDIv         C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS
04:45:45.0873 0x5e8c  SYMTDIv - ok
04:45:45.0910 0x5e8c  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
04:45:45.0944 0x5e8c  Sym_hi - ok
04:45:45.0968 0x5e8c  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
04:45:46.0002 0x5e8c  Sym_u3 - ok
04:45:46.0059 0x5e8c  [ 4C9BB4B3B9EAC26211484C30B914C6DC, 2F90146A72E666B5D990B8B7C66F56EAC540565AC7C57F6905714AE65B597C40 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
04:45:46.0106 0x5e8c  SynTP - ok
04:45:46.0174 0x5e8c  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
04:45:46.0266 0x5e8c  SysMain - ok
04:45:46.0321 0x5e8c  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:45:46.0372 0x5e8c  TabletInputService - ok
04:45:46.0434 0x5e8c  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
04:45:46.0516 0x5e8c  TapiSrv - ok
04:45:46.0550 0x5e8c  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
04:45:46.0615 0x5e8c  TBS - ok
04:45:46.0703 0x5e8c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
04:45:46.0789 0x5e8c  Tcpip - ok
04:45:46.0859 0x5e8c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
04:45:46.0934 0x5e8c  Tcpip6 - ok
04:45:46.0980 0x5e8c  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
04:45:47.0031 0x5e8c  tcpipreg - ok
04:45:47.0071 0x5e8c  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
04:45:47.0131 0x5e8c  TDPIPE - ok
04:45:47.0174 0x5e8c  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
04:45:47.0231 0x5e8c  TDTCP - ok
04:45:47.0284 0x5e8c  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
04:45:47.0399 0x5e8c  tdx - ok
04:45:47.0440 0x5e8c  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
04:45:47.0488 0x5e8c  TermDD - ok
04:45:47.0538 0x5e8c  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
04:45:47.0787 0x5e8c  TermService - ok
04:45:47.0872 0x5e8c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
04:45:47.0922 0x5e8c  Themes - ok
04:45:47.0952 0x5e8c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
04:45:48.0002 0x5e8c  THREADORDER - ok
04:45:48.0044 0x5e8c  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
04:45:48.0117 0x5e8c  TrkWks - ok
04:45:48.0197 0x5e8c  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:45:48.0271 0x5e8c  TrustedInstaller - ok
04:45:48.0319 0x5e8c  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
04:45:48.0384 0x5e8c  tssecsrv - ok
04:45:48.0427 0x5e8c  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
04:45:48.0484 0x5e8c  tunmp - ok
04:45:48.0520 0x5e8c  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
04:45:48.0578 0x5e8c  tunnel - ok
04:45:48.0609 0x5e8c  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
04:45:48.0652 0x5e8c  uagp35 - ok
04:45:48.0683 0x5e8c  [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
04:45:48.0744 0x5e8c  UBHelper - ok
04:45:48.0788 0x5e8c  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
04:45:48.0855 0x5e8c  udfs - ok
04:45:48.0912 0x5e8c  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
04:45:48.0997 0x5e8c  UI0Detect - ok
04:45:49.0037 0x5e8c  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
04:45:49.0119 0x5e8c  uliagpkx - ok
04:45:49.0159 0x5e8c  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
04:45:49.0214 0x5e8c  uliahci - ok
04:45:49.0257 0x5e8c  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
04:45:49.0295 0x5e8c  UlSata - ok
04:45:49.0343 0x5e8c  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
04:45:49.0378 0x5e8c  ulsata2 - ok
04:45:49.0410 0x5e8c  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
04:45:49.0477 0x5e8c  umbus - ok
04:45:49.0557 0x5e8c  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
04:45:49.0712 0x5e8c  UMVPFSrv - ok
04:45:49.0800 0x5e8c  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
04:45:49.0901 0x5e8c  upnphost - ok
04:45:49.0971 0x5e8c  [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
04:45:50.0059 0x5e8c  USBAAPL - ok
04:45:50.0115 0x5e8c  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
04:45:50.0194 0x5e8c  usbaudio - ok
04:45:50.0249 0x5e8c  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
04:45:50.0361 0x5e8c  usbccgp - ok
04:45:50.0408 0x5e8c  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
04:45:50.0517 0x5e8c  usbcir - ok
04:45:50.0584 0x5e8c  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
04:45:50.0626 0x5e8c  usbehci - ok
04:45:50.0656 0x5e8c  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
04:45:50.0702 0x5e8c  usbhub - ok
04:45:50.0732 0x5e8c  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
04:45:50.0802 0x5e8c  usbohci - ok
04:45:50.0853 0x5e8c  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
04:45:50.0953 0x5e8c  usbprint - ok
04:45:51.0004 0x5e8c  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
04:45:51.0113 0x5e8c  usbscan - ok
04:45:51.0150 0x5e8c  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:45:51.0238 0x5e8c  USBSTOR - ok
04:45:51.0283 0x5e8c  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
04:45:51.0340 0x5e8c  usbuhci - ok
04:45:51.0388 0x5e8c  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
04:45:51.0436 0x5e8c  usbvideo - ok
04:45:51.0479 0x5e8c  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
04:45:51.0548 0x5e8c  UxSms - ok
04:45:51.0606 0x5e8c  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
04:45:51.0716 0x5e8c  vds - ok
04:45:51.0762 0x5e8c  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
04:45:51.0843 0x5e8c  vga - ok
04:45:51.0872 0x5e8c  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
04:45:51.0935 0x5e8c  VgaSave - ok
04:45:51.0960 0x5e8c  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
04:45:52.0026 0x5e8c  viaagp - ok
04:45:52.0056 0x5e8c  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
04:45:52.0119 0x5e8c  ViaC7 - ok
04:45:52.0145 0x5e8c  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
04:45:52.0178 0x5e8c  viaide - ok
04:45:52.0222 0x5e8c  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
04:45:52.0262 0x5e8c  volmgr - ok
04:45:52.0331 0x5e8c  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
04:45:52.0379 0x5e8c  volmgrx - ok
04:45:52.0426 0x5e8c  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
04:45:52.0469 0x5e8c  volsnap - ok
04:45:52.0519 0x5e8c  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
04:45:52.0566 0x5e8c  vsmraid - ok
04:45:52.0643 0x5e8c  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
04:45:52.0841 0x5e8c  VSS - ok
04:45:52.0969 0x5e8c  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
04:45:53.0136 0x5e8c  W32Time - ok
04:45:53.0184 0x5e8c  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
04:45:53.0264 0x5e8c  WacomPen - ok
04:45:53.0317 0x5e8c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
04:45:53.0388 0x5e8c  Wanarp - ok
04:45:53.0407 0x5e8c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
04:45:53.0474 0x5e8c  Wanarpv6 - ok
04:45:53.0544 0x5e8c  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
04:45:53.0710 0x5e8c  wcncsvc - ok
04:45:53.0762 0x5e8c  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:45:53.0810 0x5e8c  WcsPlugInService - ok
04:45:53.0841 0x5e8c  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
04:45:53.0875 0x5e8c  Wd - ok
04:45:53.0954 0x5e8c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
04:45:54.0060 0x5e8c  Wdf01000 - ok
04:45:54.0107 0x5e8c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
04:45:54.0162 0x5e8c  WdiServiceHost - ok
04:45:54.0179 0x5e8c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
04:45:54.0236 0x5e8c  WdiSystemHost - ok
04:45:54.0297 0x5e8c  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
04:45:54.0389 0x5e8c  WebClient - ok
04:45:54.0422 0x5e8c  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
04:45:54.0495 0x5e8c  Wecsvc - ok
04:45:54.0522 0x5e8c  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
04:45:54.0593 0x5e8c  wercplsupport - ok
04:45:54.0644 0x5e8c  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
04:45:54.0731 0x5e8c  WerSvc - ok
04:45:54.0789 0x5e8c  [ 5C7BDCF5864DB00323FE2D90FA26A8A2, E948B6BF8985CFF56FBE99AF7AF78CC3123AE5DAC9A5420ADE3C8B52CA702686 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
04:45:54.0989 0x5e8c  winachsf - ok
04:45:55.0038 0x5e8c  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
04:45:55.0106 0x5e8c  WinDefend - ok
04:45:55.0132 0x5e8c  WinHttpAutoProxySvc - ok
04:45:55.0199 0x5e8c  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
04:45:55.0273 0x5e8c  Winmgmt - ok
04:45:55.0369 0x5e8c  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
04:45:55.0497 0x5e8c  WinRM - ok
04:45:55.0588 0x5e8c  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
04:45:55.0725 0x5e8c  Wlansvc - ok
04:45:55.0770 0x5e8c  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
04:45:55.0832 0x5e8c  WmiAcpi - ok
04:45:55.0896 0x5e8c  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
04:45:55.0995 0x5e8c  wmiApSrv - ok
04:45:56.0082 0x5e8c  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
04:45:56.0403 0x5e8c  WMPNetworkSvc - ok
04:45:56.0468 0x5e8c  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
04:45:56.0566 0x5e8c  WPCSvc - ok
04:45:56.0619 0x5e8c  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
04:45:56.0706 0x5e8c  WPDBusEnum - ok
04:45:56.0754 0x5e8c  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
04:45:56.0812 0x5e8c  WpdUsb - ok
04:45:56.0914 0x5e8c  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:45:57.0059 0x5e8c  WPFFontCache_v0400 - ok
04:45:57.0103 0x5e8c  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
04:45:57.0169 0x5e8c  ws2ifsl - ok
04:45:57.0222 0x5e8c  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
04:45:57.0324 0x5e8c  wscsvc - ok
04:45:57.0337 0x5e8c  WSearch - ok
04:45:57.0491 0x5e8c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
04:45:57.0763 0x5e8c  wuauserv - ok
04:45:57.0841 0x5e8c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
04:45:57.0929 0x5e8c  WudfPf - ok
04:45:57.0973 0x5e8c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
04:45:58.0042 0x5e8c  WUDFRd - ok
04:45:58.0088 0x5e8c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
04:45:58.0144 0x5e8c  wudfsvc - ok
04:45:58.0224 0x5e8c  [ 3E1C915C6291AB5D1CFCA680E1BD6BAD, 1464DE536602C86EE32F406E1E1E6FB26F65B7B7B5C2A61C0EB4D156B3090D11 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
04:45:58.0355 0x5e8c  yukonwlh - ok
04:45:58.0407 0x5e8c  [ 4D840C6AF3C020ED3A35EFBA9025CF4A, 2B90872AA16FBDF05103EEE4C57167C2B99E9A75FB48D100D7D81C199186C079 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
04:45:58.0451 0x5e8c  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
04:45:58.0488 0x5e8c  ================ Scan global ===============================
04:45:58.0526 0x5e8c  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
04:45:58.0578 0x5e8c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
04:45:58.0611 0x5e8c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
04:45:58.0669 0x5e8c  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
04:45:58.0678 0x5e8c  [ Global ] - ok
04:45:58.0683 0x5e8c  ================ Scan MBR ==================================
04:45:58.0711 0x5e8c  [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
04:46:01.0557 0x5e8c  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
04:46:01.0557 0x5e8c  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:46:04.0086 0x5e8c  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
04:46:04.0189 0x5e8c  \Device\Harddisk1\DR1 - ok
04:46:04.0192 0x5e8c  ================ Scan VBR ==================================
04:46:04.0197 0x5e8c  [ DD7135C8C40BA84EEECD3600268E932E ] \Device\Harddisk0\DR0\Partition1
04:46:04.0241 0x5e8c  \Device\Harddisk0\DR0\Partition1 - ok
04:46:04.0250 0x5e8c  [ E3AEAAC6F6B98EAE54467C0AB02F8A58 ] \Device\Harddisk0\DR0\Partition2
04:46:04.0268 0x5e8c  \Device\Harddisk0\DR0\Partition2 - ok
04:46:04.0279 0x5e8c  [ 07C0C414641CDC6CD34600CEA74B685B ] \Device\Harddisk1\DR1\Partition1
04:46:04.0281 0x5e8c  \Device\Harddisk1\DR1\Partition1 - ok
04:46:04.0288 0x5e8c  ================ Scan generic autorun ======================
04:46:04.0353 0x5e8c  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
04:46:04.0513 0x5e8c  Windows Defender - ok
04:46:04.0619 0x5e8c  [ 5C080C61235C74568C2978FC7E602AE0, 7A4A3D1D51762EC17A0CF0E5099C0E76E9311D884DF461C77F17295DFDD91151 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04:46:04.0848 0x5e8c  SynTPEnh - ok
04:46:04.0943 0x5e8c  [ 6882D187F65ECA79110848A68FDEB2BF, 1BE59945F6D5040E9675DC31C27AD230D4C2C02B84BD4E16AB459D04D9B9E7B4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
04:46:05.0134 0x5e8c  BkupTray - ok
04:46:05.0257 0x5e8c  [ 6650569A682D8E4F98D774D8B1D9C70F, 70DC2183E9A2D4020D31D4D6AB448FA5A824C6EAA4921079110DF202F3F98A3D ] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
04:46:05.0406 0x5e8c  ArcadeDeluxeAgent - detected UnsignedFile.Multi.Generic ( 1 )
04:46:08.0224 0x5e8c  Detect skipped due to KSN trusted
04:46:08.0224 0x5e8c  ArcadeDeluxeAgent - ok
04:46:08.0291 0x5e8c  [ 7C5927B256B7CC04540B56AA3FDCCE36, 143CB7EE377AD93181F5084AB637E739E10BBA454A8CDC7D6E77ECE73BDF519C ] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
04:46:08.0397 0x5e8c  CLMLServer - detected UnsignedFile.Multi.Generic ( 1 )
04:46:10.0777 0x5e8c  Detect skipped due to KSN trusted
04:46:10.0778 0x5e8c  CLMLServer - ok
04:46:10.0819 0x5e8c  [ 9E83742461CFFF48E2885E68B4519CB2, EEA83B3476863D48E47C2A2C57FB75B700B159B8E49BBE390B45E2DCC98C42DE ] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
04:46:10.0974 0x5e8c  PlayMovie - detected UnsignedFile.Multi.Generic ( 1 )
04:46:13.0817 0x5e8c  Detect skipped due to KSN trusted
04:46:13.0817 0x5e8c  PlayMovie - ok
04:46:14.0264 0x5e8c  [ 86171114D84AFBD3DFCE930E320C1BBF, 259F7C836CCC3864B687C89D298ABA8C994EBE822E25AC984EE2F618B4364B30 ] C:\Windows\RtHDVCpl.exe
04:46:15.0203 0x5e8c  RtHDVCpl - ok
04:46:15.0324 0x5e8c  [ C8612E58FB7FCFA5EEA4E39F7B8CBC17, 91FAF64968D26992574D5078989493F5A5F24239C7CB6834B31A25ECA9AA189A ] C:\Windows\Skytel.exe
04:46:15.0656 0x5e8c  Skytel - ok
04:46:15.0707 0x5e8c  [ 2F2DF068BED6E62E4C007DF7446B4F19, 96FE78E2B8BD067B7378ECDF1E74939C71EFFBF09B2C184361650DBF4ED0FCC3 ] C:\Windows\PLFSetI.exe
04:46:15.0863 0x5e8c  PLFSetI - detected UnsignedFile.Multi.Generic ( 1 )
04:46:18.0685 0x5e8c  Detect skipped due to KSN trusted
04:46:18.0686 0x5e8c  PLFSetI - ok
04:46:18.0782 0x5e8c  [ A9E634BBEDC2B41162767ED7F7DD9646, C589535A269E4ADC2BFA60182A9664847BA60F7AAEDED67AAC2203A8C182E0AD ] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
04:46:19.0241 0x5e8c  eDataSecurity Loader - ok
04:46:19.0406 0x5e8c  [ A580E4309E636A93B89E89712FF0959D, A836E058C0D8977456831DCD31811C44C3BECBABF10A2F670D4B6C335570F250 ] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
04:46:19.0600 0x5e8c  ePower_DMC - detected UnsignedFile.Multi.Generic ( 1 )
04:46:22.0221 0x5e8c  Detect skipped due to KSN trusted
04:46:22.0221 0x5e8c  ePower_DMC - ok
04:46:22.0314 0x5e8c  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
04:46:22.0363 0x5e8c  Google Desktop Search - ok
04:46:22.0456 0x5e8c  [ 19B2731AFB82729F8FF10B082CD609B3, 34AAEC8E2CBDB46BBB88CD588CD6FD915A99C8598F65702B7A0BC04880840E9C ] C:\Program Files\Acer\Acer Assist\launcher.exe
04:46:22.0907 0x5e8c  Acer Assist Launcher - detected UnsignedFile.Multi.Generic ( 1 )
04:46:25.0502 0x5e8c  Detect skipped due to KSN trusted
04:46:25.0502 0x5e8c  Acer Assist Launcher - ok
04:46:25.0677 0x5e8c  [ CBA663475AB6D117C164988EC2098C9E, DBB8614EB22D8688406BC549ACF274064A1953204B9CE3EA5E56CF1565447AF8 ] C:\Program Files\Acer\Acer Registration\ACE1.exe
04:46:26.0177 0x5e8c  Acer Product Registration - detected UnsignedFile.Multi.Generic ( 1 )
04:46:36.0177 0x5e8c  Acer Product Registration ( UnsignedFile.Multi.Generic ) - warning
04:46:38.0721 0x5e8c  [ 7AF5A466CF4AECA28E3DCBCF5B6FD220, 9A295A781883A5BE29F05CB22DEBEC29495528FE17787C53A7F51BA1038FDCE8 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04:46:38.0841 0x5e8c  HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )
04:46:41.0211 0x5e8c  Detect skipped due to KSN trusted
04:46:41.0211 0x5e8c  HP Software Update - ok
04:46:41.0255 0x5e8c  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
04:46:41.0354 0x5e8c  IgfxTray - ok
04:46:41.0388 0x5e8c  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
04:46:41.0462 0x5e8c  HotKeysCmds - ok
04:46:41.0495 0x5e8c  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
04:46:41.0605 0x5e8c  Persistence - ok
04:46:41.0666 0x5e8c  [ 35AC4B63CBB9FB6B4472913E9948B517, 104C7D5E97A680CDF660AA98E6E92447F0FF6B857A847CDAFB0A9EB26086B5A4 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
04:46:41.0764 0x5e8c  APSDaemon - ok
04:46:41.0841 0x5e8c  [ AF43C4F7F3C8BC95DAD95024F96CDC4A, 6348F6D8F301C5F7290B963D6923E389414ADFBCF6AED562A32245BCADC05580 ] C:\Program Files\QuickTime\QTTask.exe
04:46:42.0021 0x5e8c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
04:46:44.0399 0x5e8c  Detect skipped due to KSN trusted
04:46:44.0399 0x5e8c  QuickTime Task - ok
04:46:44.0487 0x5e8c  [ D9D79F547AE2A70C650DFCFC27AEC0F7, 756BA12D31908746AA6B743040990C5CCA2D2FB500199B67580F2E548DD2FE86 ] C:\Program Files\iTunes\iTunesHelper.exe
04:46:44.0624 0x5e8c  iTunesHelper - ok
04:46:44.0746 0x5e8c  [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] C:\Program Files\Microsoft Security Client\msseces.exe
04:46:44.0847 0x5e8c  MSC - ok
04:46:45.0002 0x5e8c  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
04:46:45.0257 0x5e8c  Sidebar - ok
04:46:45.0269 0x5e8c  WindowsWelcomeCenter - ok
04:46:45.0438 0x5e8c  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
04:46:45.0670 0x5e8c  Sidebar - ok
04:46:45.0684 0x5e8c  WindowsWelcomeCenter - ok
04:46:45.0718 0x5e8c  [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04:46:45.0793 0x5e8c  swg - ok
04:46:45.0852 0x5e8c  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
04:46:45.0945 0x5e8c  ehTray.exe - ok
04:46:45.0952 0x5e8c  Waiting for KSN requests completion. In queue: 10
04:46:46.0952 0x5e8c  Waiting for KSN requests completion. In queue: 10
04:46:47.0952 0x5e8c  Waiting for KSN requests completion. In queue: 10
04:46:49.0079 0x5e8c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
04:46:49.0081 0x5e8c  AV detected via SS2: Norton AntiVirus, C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\WSCStub.exe ( 18.7.0.0 ), 0x50000 ( disabled : updated )
04:46:49.0089 0x5e8c  Win FW state via NFP2: disabled
04:46:51.0546 0x5e8c  ============================================================
04:46:51.0546 0x5e8c  Scan finished
04:46:51.0546 0x5e8c  ============================================================
04:46:51.0571 0x5aa8  Detected object count: 3
04:46:51.0572 0x5aa8  Actual detected object count: 3
04:52:47.0227 0x5aa8  NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
04:52:47.0227 0x5aa8  NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
04:52:47.0227 0x5aa8  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:52:47.0227 0x5aa8  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
04:52:47.0228 0x5aa8  Acer Product Registration ( UnsignedFile.Multi.Generic ) - skipped by user
04:52:47.0228 0x5aa8  Acer Product Registration ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 
The other log files will be up later. Thanks for your assistance and patience.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 08 August 2014 - 07:46 AM

Greetings,

No problem on the delay, sometimes the notification I posted doesn't come through for some reason. Once the additional information is posted we will be ready to go.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 zoomy123

zoomy123
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 09 August 2014 - 01:27 AM

Here is the rest of what you asked for:

 

1. aswMBR log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-09 01:26:19
-----------------------------
01:26:19.111    OS Version: Windows 6.0.6002 Service Pack 2
01:26:19.111    Number of processors: 1 586 0xF0D
01:26:19.111    ComputerName: STEPH-PC  UserName: Steph
01:27:35.307    Initialize success
01:27:36.040    VM: initialized successfully
01:27:36.243    VM: Intel CPU virtualization not supported 
01:31:55.345    AVAST engine defs: 14080801
01:32:48.958    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:32:48.961    Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
01:32:49.112    Disk 0 MBR read successfully
01:32:49.132    Disk 0 MBR scan
01:32:49.199    Disk 0 unknown MBR code
01:32:49.216    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
01:32:49.237    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        71317 MB offset 20482048
01:32:49.260    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        71308 MB offset 166539264
01:32:49.272    Disk 0 scanning sectors +312578048
01:32:49.445    Disk 0 scanning C:\Windows\system32\drivers
01:33:03.190    Service scanning
01:33:08.426    Service BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx86.sys **LOCKED** 5
01:33:12.873    Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
01:33:13.508    Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
01:33:17.443    Service IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20140808.001\IDSvix86.sys **LOCKED** 5
01:33:26.208    Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20140808.003\NAVENG.SYS **LOCKED** 5
01:33:26.411    Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20140808.003\NAVEX15.SYS **LOCKED** 5
01:33:36.543    Service SRTSPX C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS **LOCKED** 5
01:33:37.366    Service SymDS C:\Windows\system32\drivers\NAV\1207010.003\SYMDS.SYS **LOCKED** 5
01:33:37.635    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
01:33:37.759    Service SymIRON C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS **LOCKED** 5
01:33:37.916    Service SYMTDIv C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS **LOCKED** 5
01:33:47.460    Modules scanning
01:33:59.759    Disk 0 trace - called modules:
01:33:59.794    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
01:33:59.801    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861e12e0]
01:33:59.810    3 CLASSPNP.SYS[88ba58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ff9310]
01:34:00.369    AVAST engine scan C:\Windows
01:34:05.102    AVAST engine scan C:\Windows\system32
01:37:54.785    AVAST engine scan C:\Windows\system32\drivers
01:38:13.962    AVAST engine scan C:\Users\Steph
01:43:10.228    AVAST engine scan C:\ProgramData
01:52:50.653    Scan finished successfully
01:56:06.811    Disk 0 MBR has been saved successfully to "C:\Users\Steph\Desktop\MBR.dat"
01:56:06.817    The log file has been saved successfully to "C:\Users\Steph\Desktop\aswMBR.txt"
 

 

2. FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Steph (administrator) on STEPH-PC on 09-08-2014 01:58:05
Running from C:\Users\Steph\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\Steph\AppData\Local\Temp\RtkBtMnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-20] (Google Inc.)
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...\MountPoints2: {12cccf30-2236-11de-b629-001d72f0ebe4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...\MountPoints2: {b91fae32-e1c9-11dd-b5e8-806e6f6e6963} - E:\SMSetup.exe
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\n. ATTENTION! ====> ZeroAccess/Alureon?
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-16] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0109&m=aspire_5335
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - HeadlineAlley - {8f61e414-ea79-4559-8bb6-61d956f70306} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29bar.dll No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - HeadlineAlley - {8F61E414-EA79-4559-8BB6-61D956F70306} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29bar.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @HeadlineAlley_29.com/Plugin -> C:\Program Files\HeadlineAlley_29\bar\1.bin\NP29Stub.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [29ffxtbr@HeadlineAlley_29.com] - C:\Program Files\HeadlineAlley_29\bar\1.bin
FF Extension: HeadlineAlley - C:\Program Files\HeadlineAlley_29\bar\1.bin [2012-04-20]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha5930.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha5930\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home7898.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home7898\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaBuzzV1mode201.net] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode201\ff
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release598.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release598\ff
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://yahoo.com/", "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Wheretoget) - C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcbagiiepbjgkfjhakhilgeikkoapem [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Default Extension) - C:\Users\Steph\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagfdidagdgfdidjdedgdgdededhdfge [2012-06-12]
CHR HKLM\...\Chrome\Extension: [flomdfkgmobdnfdpokldfkpchlbdnafg] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release598\ch\RichMediaViewV1release598.crx [2012-06-12]
CHR HKLM\...\Chrome\Extension: [jaomagefpiimklfbcdfplbofdmmfajpl] - C:\Program Files\MediaViewV1\MediaViewV1alpha5930\ch\MediaViewV1alpha5930.crx [2012-06-12]
CHR HKLM\...\Chrome\Extension: [lfdcoagioakinacdpcghodpjojndhcdg] - C:\Program Files\MediaWatchV1\MediaWatchV1home7898\ch\MediaWatchV1home7898.crx [2012-06-12]
CHR HKLM\...\Chrome\Extension: [lhjbhbckjbholpokiomdababcbcjeppl] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode201\ch\MediaBuzzV1mode201.crx [2012-06-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-16] (Google)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20140808.002\IDSvix86.sys [395992 2014-03-24] (Symantec Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20140808.003\NAVENG.SYS [93272 2014-08-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20140808.003\NAVEX15.SYS [1612376 2014-08-08] (Symantec Corporation)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1207010.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1207010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-04-18] (Cyberlink Corp.)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
R1 MpKsldae08cf0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1BD73479-A838-404D-BB2D-5A3D0C9C9B7C}\MpKsldae08cf0.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 srservice; 
S3 SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [X]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS [X]
U3 aswMBR; \??\C:\Users\Steph\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Steph\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 01:58 - 2014-08-09 02:00 - 00024144 _____ () C:\Users\Steph\Desktop\FRST.txt
2014-08-09 01:57 - 2014-08-09 01:58 - 00000000 ____D () C:\FRST
2014-08-09 01:56 - 2014-08-09 01:56 - 01084928 _____ (Farbar) C:\Users\Steph\Desktop\FRST.exe
2014-08-09 01:56 - 2014-08-09 01:56 - 00003478 _____ () C:\Users\Steph\Desktop\aswMBR.txt
2014-08-09 01:56 - 2014-08-09 01:56 - 00000512 _____ () C:\Users\Steph\Desktop\MBR.dat
2014-08-08 04:57 - 2014-08-08 04:58 - 05185536 _____ (AVAST Software) C:\Users\Steph\Desktop\aswMBR.exe
2014-08-08 04:42 - 2014-08-08 04:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Steph\Desktop\tdsskiller.exe
2014-08-06 18:53 - 2014-08-06 18:53 - 00002248 _____ () C:\{8584878B-D154-4AA8-A4F0-8EB9B92F61DB}
2014-08-06 17:19 - 2014-08-06 17:19 - 00003352 _____ () C:\{2302F050-F245-4126-84BF-E280DB12483F}
2014-07-27 16:31 - 2014-07-27 16:31 - 00030766 _____ () C:\Users\Steph\Downloads\[kickass.to]star.wars.books.torrent
2014-07-27 16:27 - 2014-07-27 16:27 - 00038340 _____ () C:\Users\Steph\Downloads\[kickass.to]star.wars.books.collection.243.books.epub.torrent
2014-07-27 16:22 - 2014-07-27 16:22 - 00000000 _____ () C:\Users\Steph\AppData\Roaming\chymvtw.dll
2014-07-27 16:21 - 2014-07-27 16:21 - 00000783 _____ () C:\Users\Steph\Desktop\BitTorrent.lnk
2014-07-27 16:20 - 2014-07-27 16:48 - 00000000 ____D () C:\Users\Steph\AppData\Roaming\BitTorrent
2014-07-27 16:19 - 2014-07-27 16:20 - 01940568 _____ (BitTorrent Inc.) C:\Users\Steph\Downloads\BitTorrent.exe
2014-07-27 15:50 - 2014-08-08 04:27 - 00018569 _____ () C:\Users\Steph\Desktop\dds.txt
2014-07-27 15:50 - 2014-08-08 04:27 - 00007958 _____ () C:\Users\Steph\Desktop\attach.txt
2014-07-27 15:41 - 2014-07-27 15:43 - 00688992 ____R (Swearware) C:\Users\Steph\Desktop\dds.com
2014-07-27 15:00 - 2014-07-27 15:00 - 00006469 _____ () C:\Users\Steph\Desktop\MBRCheck_07.27.14_15.00.24.txt
2014-07-27 14:56 - 2014-07-27 14:56 - 00000512 _____ () C:\Users\Steph\Downloads\MBRCheck_MBR_Backup_07-27-14_14-56-32.bak
2014-07-27 14:45 - 2014-07-27 14:56 - 00009167 _____ () C:\Users\Steph\Desktop\MBRCheck_07.27.14_14.45.28.txt
2014-07-27 14:45 - 2014-07-27 14:45 - 00080384 _____ () C:\Users\Steph\Downloads\MBRCheck.exe
2014-07-27 14:33 - 2014-07-27 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-27 14:33 - 2014-07-27 14:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-27 14:32 - 2014-07-27 14:32 - 04813544 _____ (Piriform Ltd) C:\Users\Steph\Downloads\ccsetup416.exe
2014-07-27 13:45 - 2014-07-27 14:14 - 00000000 ____D () C:\AdwCleaner
2014-07-27 09:55 - 2014-07-27 09:55 - 00000000 ____D () C:\SUPERDelete
2014-07-27 03:02 - 2014-07-27 03:02 - 04161313 _____ () C:\Users\Steph\Downloads\tdsskiller.zip
2014-07-27 02:12 - 2014-07-27 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 01:44 - 2014-07-27 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 01:43 - 2014-07-27 01:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 01:43 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 01:43 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-27 01:43 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-27 01:32 - 2014-07-27 01:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Steph\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 22:35 - 2014-07-20 22:35 - 00003224 _____ () C:\{B619793B-BB33-436C-AF1D-71836D841720}
2014-07-15 20:24 - 2014-07-15 20:24 - 00002552 _____ () C:\{AC0803C8-848A-4640-8EC8-C9D67F56F0F4}
2014-07-15 13:18 - 2014-07-15 13:18 - 00003224 _____ () C:\{F79BC730-36F7-4B7A-92E3-BB81549B6F3B}
2014-07-10 18:25 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 18:24 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 18:24 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 18:24 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 18:24 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 18:24 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 18:24 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 18:24 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 18:24 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 18:24 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-10 18:24 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 18:24 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-10 18:24 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 18:24 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 18:23 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 18:23 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 18:23 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 18:23 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-10 18:23 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 18:23 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 18:23 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 18:23 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 18:23 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-10 18:23 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 14:32 - 2014-07-10 14:33 - 00001968 _____ () C:\Users\Steph\Downloads\this_message_in_html (2).html
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 02:00 - 2014-08-09 01:58 - 00024144 _____ () C:\Users\Steph\Desktop\FRST.txt
2014-08-09 02:00 - 2009-01-13 19:31 - 01430680 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 01:58 - 2014-08-09 01:57 - 00000000 ____D () C:\FRST
2014-08-09 01:56 - 2014-08-09 01:56 - 01084928 _____ (Farbar) C:\Users\Steph\Desktop\FRST.exe
2014-08-09 01:56 - 2014-08-09 01:56 - 00003478 _____ () C:\Users\Steph\Desktop\aswMBR.txt
2014-08-09 01:56 - 2014-08-09 01:56 - 00000512 _____ () C:\Users\Steph\Desktop\MBR.dat
2014-08-09 01:52 - 2012-04-18 20:44 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 01:52 - 2012-04-18 20:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 01:24 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 01:24 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 17:34 - 2012-04-18 20:44 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 17:33 - 2008-04-30 05:54 - 00000147 _____ () C:\Windows\system32\agent.log
2014-08-08 17:33 - 2008-01-20 22:47 - 03486832 _____ () C:\Windows\PFRO.log
2014-08-08 17:33 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 04:58 - 2014-08-08 04:57 - 05185536 _____ (AVAST Software) C:\Users\Steph\Desktop\aswMBR.exe
2014-08-08 04:42 - 2014-08-08 04:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Steph\Desktop\tdsskiller.exe
2014-08-08 04:41 - 2012-06-07 17:44 - 00000000 ____D () C:\Users\Steph\Desktop\Anti-Virus
2014-08-08 04:27 - 2014-07-27 15:50 - 00018569 _____ () C:\Users\Steph\Desktop\dds.txt
2014-08-08 04:27 - 2014-07-27 15:50 - 00007958 _____ () C:\Users\Steph\Desktop\attach.txt
2014-08-07 16:53 - 2006-11-02 06:23 - 00000179 _____ () C:\Windows\win.ini
2014-08-07 15:21 - 2008-04-30 05:40 - 00002627 _____ () C:\Users\Steph\Desktop\Microsoft Office Word 2007.lnk
2014-08-06 18:53 - 2014-08-06 18:53 - 00002248 _____ () C:\{8584878B-D154-4AA8-A4F0-8EB9B92F61DB}
2014-08-06 17:19 - 2014-08-06 17:19 - 00003352 _____ () C:\{2302F050-F245-4126-84BF-E280DB12483F}
2014-07-28 14:11 - 2011-03-28 10:06 - 00000000 ____D () C:\Users\Steph\AppData\Local\CrashDumps
2014-07-27 16:48 - 2014-07-27 16:20 - 00000000 ____D () C:\Users\Steph\AppData\Roaming\BitTorrent
2014-07-27 16:31 - 2014-07-27 16:31 - 00030766 _____ () C:\Users\Steph\Downloads\[kickass.to]star.wars.books.torrent
2014-07-27 16:30 - 2012-06-07 11:10 - 00764564 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 16:28 - 2006-11-02 08:52 - 00138771 _____ () C:\Windows\setupact.log
2014-07-27 16:27 - 2014-07-27 16:27 - 00038340 _____ () C:\Users\Steph\Downloads\[kickass.to]star.wars.books.collection.243.books.epub.torrent
2014-07-27 16:22 - 2014-07-27 16:22 - 00000000 _____ () C:\Users\Steph\AppData\Roaming\chymvtw.dll
2014-07-27 16:21 - 2014-07-27 16:21 - 00000783 _____ () C:\Users\Steph\Desktop\BitTorrent.lnk
2014-07-27 16:20 - 2014-07-27 16:19 - 01940568 _____ (BitTorrent Inc.) C:\Users\Steph\Downloads\BitTorrent.exe
2014-07-27 15:43 - 2014-07-27 15:41 - 00688992 ____R (Swearware) C:\Users\Steph\Desktop\dds.com
2014-07-27 15:25 - 2011-11-25 04:49 - 00001356 _____ () C:\Users\Steph\AppData\Local\d3d9caps.dat
2014-07-27 15:17 - 2009-03-20 13:31 - 00000000 ____D () C:\Users\Steph
2014-07-27 15:00 - 2014-07-27 15:00 - 00006469 _____ () C:\Users\Steph\Desktop\MBRCheck_07.27.14_15.00.24.txt
2014-07-27 14:56 - 2014-07-27 14:56 - 00000512 _____ () C:\Users\Steph\Downloads\MBRCheck_MBR_Backup_07-27-14_14-56-32.bak
2014-07-27 14:56 - 2014-07-27 14:45 - 00009167 _____ () C:\Users\Steph\Desktop\MBRCheck_07.27.14_14.45.28.txt
2014-07-27 14:45 - 2014-07-27 14:45 - 00080384 _____ () C:\Users\Steph\Downloads\MBRCheck.exe
2014-07-27 14:33 - 2014-07-27 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-27 14:33 - 2014-07-27 14:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-27 14:32 - 2014-07-27 14:32 - 04813544 _____ (Piriform Ltd) C:\Users\Steph\Downloads\ccsetup416.exe
2014-07-27 14:14 - 2014-07-27 13:45 - 00000000 ____D () C:\AdwCleaner
2014-07-27 13:49 - 2006-11-02 09:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-27 11:12 - 2008-04-30 05:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-07-27 11:12 - 2008-04-30 05:42 - 00000000 ____D () C:\Program Files\Acer GameZone
2014-07-27 11:07 - 2014-03-17 14:48 - 00000000 ____D () C:\ProgramData\4a7bc6549d2d9d61
2014-07-27 09:55 - 2014-07-27 09:55 - 00000000 ____D () C:\SUPERDelete
2014-07-27 09:35 - 2014-07-27 02:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 03:02 - 2014-07-27 03:02 - 04161313 _____ () C:\Users\Steph\Downloads\tdsskiller.zip
2014-07-27 02:58 - 2012-06-08 00:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-27 01:45 - 2012-06-06 20:50 - 00000000 ____D () C:\Users\Steph\AppData\Roaming\Malwarebytes
2014-07-27 01:45 - 2012-06-06 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 01:44 - 2014-07-27 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 01:43 - 2014-07-27 01:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 01:33 - 2014-07-27 01:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Steph\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-21 16:42 - 2009-03-21 06:23 - 00000000 ____D () C:\ProgramData\Norton
2014-07-20 22:35 - 2014-07-20 22:35 - 00003224 _____ () C:\{B619793B-BB33-436C-AF1D-71836D841720}
2014-07-15 20:24 - 2014-07-15 20:24 - 00002552 _____ () C:\{AC0803C8-848A-4640-8EC8-C9D67F56F0F4}
2014-07-15 13:18 - 2014-07-15 13:18 - 00003224 _____ () C:\{F79BC730-36F7-4B7A-92E3-BB81549B6F3B}
2014-07-13 19:24 - 2012-05-22 10:25 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-07-11 21:41 - 2006-11-02 08:47 - 00298664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 21:39 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 22:31 - 2013-08-15 17:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 22:24 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-10 14:33 - 2014-07-10 14:32 - 00001968 _____ () C:\Users\Steph\Downloads\this_message_in_html (2).html
 
ZeroAccess:
C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}
C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\L\00000004.@
C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\L\1afb2d56
 
Some content of TEMP:
====================
C:\Users\Steph\AppData\Local\Temp\ApnStub.exe
C:\Users\Steph\AppData\Local\Temp\AskSLib.dll
C:\Users\Steph\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steph\AppData\Local\Temp\dlLogic.exe
C:\Users\Steph\AppData\Local\Temp\drvinstal.exe
C:\Users\Steph\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Steph\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Steph\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih[1].exe
C:\Users\Steph\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\nos_uninstall_Adobe.dll
C:\Users\Steph\AppData\Local\Temp\Quarantine.exe
C:\Users\Steph\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Steph\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Steph\AppData\Local\Temp\setup.exe
C:\Users\Steph\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Steph\AppData\Local\Temp\{72A8B113-FFBF-4489-B469-E8E347FE7520}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-08 17:39
 
==================== End Of Log ============================

 

 

3. Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014
Ran by Steph at 2014-08-09 02:01:06
Running from C:\Users\Steph\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton AntiVirus (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton AntiVirus (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5225 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5225 - CyberLink Corp.) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye Webcam 2.0.9.2 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.9.2 - SuYin)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3062 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3006 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3012 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0805 - Acer Incorporated)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Ancestry Family Tree (HKLM\...\{C9F83CB8-EDD2-448F-86B3-E4E678278500}) (Version:  - )
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)
Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32550 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
DJ_AIO_ProductContext (Version: 90.0.201.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000189 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000189 - esobi Inc.) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Flip Words 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version:  - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{706BB40A-4102-4c89-8107-DC68C4EBD19B}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Hewlett-Packard)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Logitech QuickCam (HKLM\...\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}) (Version: 11.50.1169 - Logitech Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.50) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.55.3.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
Norton AntiVirus (HKLM\...\NAV) (Version: 18.7.1.3 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6322 - NewTech Infosystems) Hidden
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2713 - CyberLink Corp.)
PowerDirector (Version: 6.5.2713 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5643 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Snap 'n Share Pro  (HKLM\...\SnapNShare) (Version:  - Smith Micro Software, Inc.)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.2.0 - sunplus)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoExpress1.0 (HKLM\...\Video Express_is1) (Version:  - VideoExpress)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2173595702-3430817526-3780716159-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2173595702-3430817526-3780716159-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-2173595702-3430817526-3780716159-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\n. No File
CustomCLSID: HKU\S-1-5-21-2173595702-3430817526-3780716159-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2173595702-3430817526-3780716159-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
 
==================== Restore Points  =========================
 
25-07-2014 17:10:48 Windows Update
29-07-2014 23:32:29 Windows Update
02-08-2014 23:29:58 Windows Update
06-08-2014 20:22:56 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0DFE99E6-815E-4FB8-A6A4-116D229D0821} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {15138BDE-01AF-47AA-8B59-CBE5937D614A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {41C30168-9B61-440A-AAFB-850352A741C2} - System32\Tasks\{CDCBAEBD-AE7D-EE02-32FC-D50F931CED5F} => C:\Users\Steph\AppData\Roaming\jvhqi.dll/s "C:\Users\Steph\AppData\Roaming\jvhqi.dll"
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4D44F28F-E522-46FD-B133-A3BF7D594386} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe [2012-03-27] (Symantec Corporation)
Task: {4DFF0A9A-079F-4E79-84BD-F5EB7BE0754E} - System32\Tasks\Acer\Acer Assist\New Message Check - Steph => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {BC0DBD02-1892-4E43-B74F-134179404CC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-18] (Google Inc.)
Task: {D4038F06-0159-4A06-9A64-AA951A499856} - System32\Tasks\Microsoft\Windows\RestartManager\{1AB72C30-450E-42ee-BC45-323CA10DA516} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {DD46E846-542C-459F-A449-041A992CD1E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-18] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FC235C90-1BCA-4D11-9D31-22F89CB1C00F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FD50CDB5-B3FF-43A8-A733-560670190C2D} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe [2012-03-27] (Symantec Corporation)
Task: {FE9E2483-6472-41B2-A737-ED9D7274DA8F} - System32\Tasks\Microsoft\Windows\RestartManager\{4502B7F4-3C01-4fc4-9EED-0125337603C7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-02-29 01:44 - 2008-02-29 01:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-29 01:44 - 2008-02-29 01:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-29 01:44 - 2008-02-29 01:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-04-30 05:59 - 2008-01-16 21:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-04-30 05:56 - 2008-03-21 16:22 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-04-30 05:56 - 2008-04-30 05:56 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-04-30 05:56 - 2008-04-30 05:56 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-04-30 05:56 - 2008-04-30 05:56 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
2008-04-30 05:56 - 2008-04-30 05:56 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll
2008-04-30 05:56 - 2008-04-30 05:56 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-01-13 19:46 - 2008-05-26 18:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2009-01-13 19:46 - 2008-05-26 18:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2009-01-13 19:46 - 2008-05-26 18:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2009-01-13 19:46 - 2008-05-26 18:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2007-10-19 13:17 - 2007-10-19 13:17 - 00068120 _____ () C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
2009-01-13 19:48 - 2007-12-06 20:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-13 19:48 - 2007-11-27 19:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-04 06:03 - 2008-04-04 06:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-04-30 05:56 - 2007-01-09 14:25 - 00272024 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2009-01-13 19:45 - 2008-06-11 14:21 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2008-04-07 01:42 - 2008-04-07 01:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-04 06:00 - 2008-04-04 06:00 - 00002560 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2008-04-10 19:30 - 2008-04-10 19:30 - 00753664 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-04-10 19:30 - 2008-04-10 19:30 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-01-13 19:42 - 2008-07-29 23:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-05-14 21:05 - 2008-05-14 21:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-04-30 05:56 - 2008-04-30 05:56 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
2009-03-20 13:31 - 2010-08-16 21:45 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2007-10-25 16:33 - 2007-10-25 16:33 - 00563984 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2007-10-25 16:33 - 2007-10-25 16:33 - 00344336 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
2007-10-25 16:33 - 2007-10-25 16:33 - 00167184 _____ () C:\Program Files\Logitech\QuickCam\EFVal.dll
2007-10-25 16:34 - 2007-10-25 16:34 - 00138000 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
2007-10-25 16:34 - 2007-10-25 16:34 - 00165136 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
2007-10-25 16:35 - 2007-10-25 16:35 - 00149264 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
2007-10-25 16:37 - 2007-10-25 16:37 - 02178832 _____ () C:\Program Files\Logitech\QuickCam\Quickcam.exe
2007-10-25 16:44 - 2007-10-25 16:44 - 00103184 _____ () C:\Program Files\Logitech\QuickCam\LAppRes.dll
2014-03-17 13:15 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 13:15 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 13:15 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 13:15 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/08/2014 05:34:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/08/2014 00:43:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4430
 
Error: (08/08/2014 00:43:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4430
 
Error: (08/08/2014 00:43:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/08/2014 00:43:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1232
 
Error: (08/08/2014 00:43:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1232
 
Error: (08/08/2014 00:43:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/07/2014 10:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24773
 
Error: (08/07/2014 10:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24773
 
Error: (08/07/2014 10:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/08/2014 10:50:34 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A69BFD4A-0CB2-41AA-89C4-08E958769A81} because another computer on the network has the same name.  The server could not start.
 
Error: (08/08/2014 05:34:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPCA1528 Video Camera Service%%2
 
Error: (08/08/2014 05:34:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (08/08/2014 05:33:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\RAIHV.dll126
 
Error: (08/08/2014 05:33:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:59:23 PM on 8/8/2014 was unexpected.
 
Error: (08/06/2014 07:39:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain
 
Error: (08/06/2014 07:39:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks
 
Error: (08/05/2014 09:22:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pml Driver HPZ12%%1053
 
Error: (08/05/2014 09:22:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Pml Driver HPZ12
 
Error: (08/05/2014 03:29:26 PM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00242B447669.  The following error occurred: 
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
 
 
Microsoft Office Sessions:
=========================
Error: (11/24/2013 02:33:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 555 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (04/15/2010 10:09:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5044 seconds with 4140 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-09 02:00:53.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:53.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:52.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:52.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:51.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:50.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:50.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:49.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:24.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-09 02:00:24.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 63%
Total physical RAM: 1976.13 MB
Available physical RAM: 727.94 MB
Total Pagefile: 4193.55 MB
Available Pagefile: 2566.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.53 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:18.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:69.31 GB) NTFS
Drive e: (DVR 518) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 8B0B8388)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 685106F3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
 
==================== End Of Log ============================

 

 

4. Summary attachment

Attached Files



#10 zoomy123

zoomy123
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 09 August 2014 - 01:30 AM

Again, thanks for your assistance and patience.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 09 August 2014 - 01:42 PM

Greetings, 

Again, thanks for your assistance and patience.

You are most welcome.

Your computer is quite ill so I intend on hitting it hard right from the start. I have a lot of things for you to do but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Please rerun TDSSKiller and select Cure on the following entry:

\Device\Harddisk0\DR0 ( TDSS File System )

Rerun TDSSKiller again and post the log.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...\MountPoints2: {12cccf30-2236-11de-b629-001d72f0ebe4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...\MountPoints2: {b91fae32-e1c9-11dd-b5e8-806e6f6e6963} - E:\SMSetup.exe
HKU\S-1-5-21-2173595702-3430817526-3780716159-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\n. ATTENTION! ====> ZeroAccess/Alureon?
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - HeadlineAlley - {8f61e414-ea79-4559-8bb6-61d956f70306} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29bar.dll No File
Toolbar: HKCU - HeadlineAlley - {8F61E414-EA79-4559-8BB6-61D956F70306} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29bar.dll No File
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
R1 MpKsldae08cf0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1BD73479-A838-404D-BB2D-5A3D0C9C9B7C}\MpKsldae08cf0.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 srservice; 
S3 SYMDNS; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [X]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS [X]
U3 aswMBR; \??\C:\Users\Steph\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Steph\AppData\Local\Temp\aswVmm.sys [X]
2014-07-27 16:22 - 2014-07-27 16:22 - 00000000 _____ () C:\Users\Steph\AppData\Roaming\chymvtw.dll
C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}
C:\Users\Steph\AppData\Local\Temp\ApnStub.exe
C:\Users\Steph\AppData\Local\Temp\AskSLib.dll
C:\Users\Steph\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steph\AppData\Local\Temp\dlLogic.exe
C:\Users\Steph\AppData\Local\Temp\drvinstal.exe
C:\Users\Steph\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Steph\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Steph\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih[1].exe
C:\Users\Steph\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Steph\AppData\Local\Temp\nos_uninstall_Adobe.dll
C:\Users\Steph\AppData\Local\Temp\Quarantine.exe
C:\Users\Steph\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Steph\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Steph\AppData\Local\Temp\setup.exe
C:\Users\Steph\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Steph\AppData\Local\Temp\{72A8B113-FFBF-4489-B469-E8E347FE7520}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
CustomCLSID: HKU\S-1-5-21-2173595702-3430817526-3780716159-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Steph\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\n. No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • Fixlog
  • Combofix log
  • What symptoms are you currently experiencing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 12 August 2014 - 05:40 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 zoomy123

zoomy123
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 13 August 2014 - 02:13 AM

Okay, here's the situation. This is not my computer, it's my mother's. She uses this computer to access and manage her personal banking account and has a lot of other personal and important information stored on it. For the most part, she's completely computer illiterate. As far as symptoms go she had her email account hacked several months ago, and I'm fairly certain that this computer has been infected for a very long time. However, besides the problems with her email account, she said that she hasn't noticed any other suspicious or irregular activity with respect to any of her other online accounts. Would you recommend reformatting or re-installing the OS? Personally, I'm leaning towards reformatting/re-installing.

 

Again, thanks for your patience and assistance.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 13 August 2014 - 01:29 PM

You are very welcome.

 

If you are up for reformatting and reinstalling that is what I would recommend.  What I would like to suggest is to transfer all the files and other data onto an external drive, then we can scan those files to make sure they are clean before reinserting them back into the new operating system.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:35 PM

Posted 17 August 2014 - 08:57 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users