Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spoof Google Chrome Processes & Other Badness


  • This topic is locked This topic is locked
14 replies to this topic

#1 337stat

337stat

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 17 August 2014 - 03:57 PM

Probably starting with messages I needed to update my Java version after wandering onto an infected site, and clicking to do that update, I soon found things runnings slowly.  Reviewing the Task Manager, I found a number of Google Chrome processes running (this time as chrome.exe), without any visible corresponding browser windows, I couldn't permanently kill via the Task Manager.

 

Trying to take this in stages, I ran the AdwCleaner tool.  (Google Chrome was never my default browser on this machine, so, if reading right, that was suspicious in this log, which is attached.)  I removed an eBay link, but nothing major found here.

 

Initially, trying to deal with this as an infected executable, I moved (to hide it) the folder c:\ProgramFiles(x86)\Google\Chrome\Application, as it was the initial source when I viewed properties of all the Google Chrome processes.  At that time, the Task Manager showed them all to be chrome.exe.  (Later, properties showed as Google Chrome, but the files themselves were called browser.exe *32.)  The files re-installed, still at this time pointed to chrome.exe in the same folder, and it was basically a useless exercise.

 

Next, I installed the malwarebytes trial version.  This found a number of trojans and registry issues, triggered a restart, seems to have helped somewhat, but, with each re-start, I find about six of those files back and running again every time.  The program is still apparently blocking (outbound) attempts by my computer to contact at least the following sites (as also shown in the log):

vnarode.com

go.trafficshop.com

flyclick.biz

honeymods.com

appsrumors.com

imp.premiuminstaller.com

ad.interpolru.eu

jackcasinogames.com

carscritic.com

watchmygf.net

adhood.com

5.149.250.194

88.214.193.212

46.229.172.158

46.229.172.156

195.42.102.24

The blocker is showing the address c:\Users\<UserName>\SysWOW64\svchost.exe trying to connect to these external sites.  (Yes, I've substituted <UserName> for my User Name here.)  Typically, the port addresses are in the 59000's.  This continues at least every few minutes, sometimes continuously in series for a couple of minutes, as long as the computer is on.  A log file tracking these items for the day is attached here.

 

After running malwarebytes, the Task Manager now shows new bogus browser exe's to be from browser.exe *32, though they are still described within the Task Manager as Google Chrome processes.  In trying to delete this and related files now in the C:\Users\<UserName>\AppData\LocalLow\NotifyDisk\SchedulerVideo folder (and the whole folder with it), I'm getting the message some associated files can't be deleted because they are open in "Windows Host Process(Rundll32)".

 

I've gone into the Windows Firewall and turned off Google Chrome as an exception now, to try to lock this down better from adding to the infection.

 

At least while Internet Explorer is running, the (bogus? infected?) Google executables seem to reinstall when finally deleted.  For the moment, I'm not seeing this, even though I am still seeing the chronic series of blocked attempts to external sites.

 

Typically, four Chrome exe's are running when things are left alone for a while.  But, immediately after they re-install from what I suspect is an infection, 15-20 can suddenly be present.  After killing, if only killing processes, two immediately return if the executable is still present, then others add until there are about 7-10, which then gradually scale back to 4 (on average) running, again, without any browser windows showing as open.

 

After the latest restart, malwarebytes still finds 7 items to quarantine.  One registry value, two folders (each with paths starting c:\Users\<UserName>\AppData\Roaming\<10-digit number>, and four files.  (Each cluster of files when reinstalled seems to have a unique 10-digit number in the path name...which I'm simply calling <10-digit number> here as generic to all cases.)

 

Seeing the svchost executable path via the Task Manager was through the SysWOW64 folder, I looked at the SysWOW64 virus information here, but didn't see a true fit to the problems I'm currently having.

 

While Google Chrome had been installed, it was not being used.  Opera is my main and default browser, with Internet Explorer (7?) & FireFox sometimes being used as a backup.

 

I'm technically aware enough to run programs as needed here, and get just a little adventurous in taking some initiative.  However, I think we're dealing with registry infection and too complex an issue for me to try the Root Kit cleaner on my own without looking for technical advice here first.  I'm not an expert on current viruses, and think it's best for me to look for an assist here, because I think it's needed.

 

As requested in your Guide For Requesting Help, I'm posting my DDS.txt file next.  Then, the attach.txt file is my third attachment with this post.

 

 

==================

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Michael at 15:31:23 on 2014-08-17
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8099.3572 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
"svchost.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
"C:\Windows\SysWOW64\svchost.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Games\Evony\NEAT\NEAT2955P.exe
C:\Windows\system32\SearchIndexer.exe
C:\Games\Evony\NEAT\NEAT2955P.exe
C:\Games\Evony\NEAT\NEAT2955P.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe"
C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.blackle.com/
mWinlogon: Userinit = userinit.exe,
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [InterruptDisk] C:\Windows\System32\rundll32.exe "C:\Users\Michael\AppData\Local\InterruptDisk\InterruptDisk.dll",DllRegisterServer
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] "C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe"
mExplorerRun: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] "C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 66.189.0.100 24.178.162.3 24.247.15.53
TCP: Interfaces\{09930399-2AAB-4AC8-A969-E1D954324492} : DHCPNameServer = 66.189.0.100 24.178.162.3 24.247.15.53
TCP: Interfaces\{1568F502-BFA3-4538-A6FB-8F7E135124A8} : DHCPNameServer = 66.189.0.100 24.178.162.3 24.247.15.53
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7l1dv2y5.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2013-1-9 126520]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-4 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-4 860472]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-2 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-2 2656280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-4 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-4 63704]
R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-11-7 19968]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-9-2 1360960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-2 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-2 158976]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-9-2 31152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-08-16 22:01:06 -------- d-----w- C:\Users\Michael\AppData\Local\InterruptDisk
2014-08-12 16:23:42 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-12 16:22:21 -------- d-----w- C:\AdwCleaner
2014-08-12 15:38:06 1658880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2014-08-12 15:33:10 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-07 05:09:32 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73F237DD-0250-402D-82B5-E9BBE20891E8}\offreg.dll
2014-08-05 09:28:01 -------- d-----w- C:\Users\Michael\AppData\Local\browser_dir
2014-08-05 03:32:47 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-05 03:32:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-05 03:32:38 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-05 03:32:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-05 03:32:38 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-05 03:32:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-05 03:32:11 -------- d-----w- C:\Users\Michael\AppData\Local\Programs
2014-08-05 03:20:37 -------- d-----w- C:\Users\Michael\AppData\Local\3933617794
2014-08-05 03:01:37 -------- d--h--w- C:\ProgramData\Common Files
2014-08-05 03:01:37 -------- d-----w- C:\Users\Michael\AppData\Local\MFAData
2014-08-05 03:01:37 -------- d-----w- C:\Users\Michael\AppData\Local\Avg2014
2014-08-05 03:01:37 -------- d-----w- C:\ProgramData\MFAData
2014-08-03 09:06:45 -------- d-----w- C:\Users\Michael\AppData\Roaming\9a49b2
2014-08-03 09:06:44 -------- d-----w- C:\Users\Michael\AppData\Local\9a49b2
2014-07-05 04:32:47 -------- d-----w- C:\Users\Michael\AppData\Local\Opera
2014-06-30 20:32:53 251447 ----a-w- C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe
.
==================== Find6M  ====================
.
2014-07-20 03:50:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-20 03:50:07 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:33:20.59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 18 August 2014 - 12:18 PM

Hi there,

please run the following scans to start with:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 18 August 2014 - 02:55 PM

Instructions followed as you've given them.

 

 

For TDSSKiller, no threats found, log file copied below.  I've been avoiding a computer re-start, pending your reply.  Not sure if that would change this result.

 

 

FRST.txt & Addition.txt copied and pasted below TDSSKiller log.

 

 

FRST has a Fix button I haven't used yet.  (Not in your instructions to do so.)

 

 

Malwarebyes still finding on average more than 1 outbound attempt per minute to block as malicious content.

 

 

Should probably add I'm not seeing any changes yet at this time.

 

 

 

__________________

TDSSKILLER LOG

-----------------------------

 

15:32:24.0465 0x2b1e8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
15:32:28.0680 0x2b1e8  ============================================================
15:32:28.0680 0x2b1e8  Current date / time: 2014/08/18 15:32:28.0680
15:32:28.0680 0x2b1e8  SystemInfo:
15:32:28.0680 0x2b1e8  
15:32:28.0680 0x2b1e8  OS Version: 6.1.7601 ServicePack: 1.0
15:32:28.0680 0x2b1e8  Product type: Workstation
15:32:28.0680 0x2b1e8  ComputerName: STANLEY
15:32:28.0680 0x2b1e8  UserName: Michael
15:32:28.0680 0x2b1e8  Windows directory: C:\Windows
15:32:28.0680 0x2b1e8  System windows directory: C:\Windows
15:32:28.0680 0x2b1e8  Running under WOW64
15:32:28.0680 0x2b1e8  Processor architecture: Intel x64
15:32:28.0680 0x2b1e8  Number of processors: 4
15:32:28.0680 0x2b1e8  Page size: 0x1000
15:32:28.0680 0x2b1e8  Boot type: Normal boot
15:32:28.0680 0x2b1e8  ============================================================
15:32:28.0790 0x2b1e8  KLMD registered as C:\Windows\system32\drivers\23108615.sys
15:32:29.0220 0x2b1e8  System UUID: {C53955DD-E875-E9CF-FD2D-FDF385D023E8}
15:32:29.0700 0x2b1e8  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:29.0702 0x2b1e8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:32:39.0746 0x2b1e8  ============================================================
15:32:39.0746 0x2b1e8  \Device\Harddisk0\DR0:
15:32:39.0746 0x2b1e8  MBR partitions:
15:32:39.0746 0x2b1e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:32:39.0746 0x2b1e8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD2F8741
15:32:39.0746 0x2b1e8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD32AF41, BlocksNum 0x175B800
15:32:39.0746 0x2b1e8  \Device\Harddisk1\DR1:
15:32:39.0746 0x2b1e8  MBR partitions:
15:32:39.0746 0x2b1e8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
15:32:39.0746 0x2b1e8  ============================================================
15:32:39.0795 0x2b1e8  C: <-> \Device\Harddisk0\DR0\Partition2
15:32:39.0844 0x2b1e8  D: <-> \Device\Harddisk0\DR0\Partition3
15:32:39.0871 0x2b1e8  J: <-> \Device\Harddisk1\DR1\Partition1
15:32:39.0871 0x2b1e8  ============================================================
15:32:39.0871 0x2b1e8  Initialize success
15:32:39.0871 0x2b1e8  ============================================================
15:33:16.0045 0x4d5d0  ============================================================
15:33:16.0045 0x4d5d0  Scan started
15:33:16.0045 0x4d5d0  Mode: Manual; SigCheck; TDLFS; 
15:33:16.0045 0x4d5d0  ============================================================
15:33:16.0045 0x4d5d0  KSN ping started
15:33:18.0810 0x4d5d0  KSN ping finished: true
15:33:21.0991 0x4d5d0  ================ Scan system memory ========================
15:33:21.0991 0x4d5d0  System memory - ok
15:33:21.0992 0x4d5d0  ================ Scan services =============================
15:33:22.0150 0x4d5d0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:33:22.0253 0x4d5d0  1394ohci - ok
15:33:22.0290 0x4d5d0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:33:22.0304 0x4d5d0  ACPI - ok
15:33:22.0334 0x4d5d0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:33:22.0383 0x4d5d0  AcpiPmi - ok
15:33:22.0473 0x4d5d0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:33:22.0488 0x4d5d0  AdobeARMservice - ok
15:33:22.0530 0x4d5d0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:33:22.0546 0x4d5d0  adp94xx - ok
15:33:22.0597 0x4d5d0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:33:22.0611 0x4d5d0  adpahci - ok
15:33:22.0641 0x4d5d0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:33:22.0652 0x4d5d0  adpu320 - ok
15:33:22.0683 0x4d5d0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:33:22.0771 0x4d5d0  AeLookupSvc - ok
15:33:22.0844 0x4d5d0  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
15:33:22.0927 0x4d5d0  AFD - ok
15:33:22.0953 0x4d5d0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:33:22.0962 0x4d5d0  agp440 - ok
15:33:22.0971 0x4d5d0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:33:23.0021 0x4d5d0  ALG - ok
15:33:23.0054 0x4d5d0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:33:23.0062 0x4d5d0  aliide - ok
15:33:23.0070 0x4d5d0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:33:23.0078 0x4d5d0  amdide - ok
15:33:23.0098 0x4d5d0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:33:23.0114 0x4d5d0  AmdK8 - ok
15:33:23.0118 0x4d5d0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:33:23.0135 0x4d5d0  AmdPPM - ok
15:33:23.0182 0x4d5d0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:33:23.0190 0x4d5d0  amdsata - ok
15:33:23.0211 0x4d5d0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:33:23.0220 0x4d5d0  amdsbs - ok
15:33:23.0229 0x4d5d0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:33:23.0235 0x4d5d0  amdxata - ok
15:33:23.0267 0x4d5d0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:33:23.0378 0x4d5d0  AppID - ok
15:33:23.0401 0x4d5d0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:33:23.0451 0x4d5d0  AppIDSvc - ok
15:33:23.0516 0x4d5d0  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
15:33:23.0569 0x4d5d0  Appinfo - ok
15:33:23.0588 0x4d5d0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:33:23.0597 0x4d5d0  arc - ok
15:33:23.0611 0x4d5d0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:33:23.0619 0x4d5d0  arcsas - ok
15:33:23.0789 0x4d5d0  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:33:23.0798 0x4d5d0  aspnet_state - ok
15:33:23.0804 0x4d5d0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:23.0855 0x4d5d0  AsyncMac - ok
15:33:23.0905 0x4d5d0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:33:23.0912 0x4d5d0  atapi - ok
15:33:23.0935 0x4d5d0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:33:24.0022 0x4d5d0  AudioEndpointBuilder - ok
15:33:24.0041 0x4d5d0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:33:24.0081 0x4d5d0  AudioSrv - ok
15:33:24.0115 0x4d5d0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:33:24.0158 0x4d5d0  AxInstSV - ok
15:33:24.0215 0x4d5d0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:33:24.0266 0x4d5d0  b06bdrv - ok
15:33:24.0287 0x4d5d0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:33:24.0327 0x4d5d0  b57nd60a - ok
15:33:24.0333 0x4d5d0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:33:24.0355 0x4d5d0  BDESVC - ok
15:33:24.0394 0x4d5d0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:33:24.0434 0x4d5d0  Beep - ok
15:33:24.0506 0x4d5d0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:33:24.0547 0x4d5d0  BFE - ok
15:33:24.0601 0x4d5d0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:33:24.0678 0x4d5d0  BITS - ok
15:33:24.0691 0x4d5d0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:33:24.0699 0x4d5d0  blbdrive - ok
15:33:24.0717 0x4d5d0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:33:24.0731 0x4d5d0  bowser - ok
15:33:24.0755 0x4d5d0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:33:24.0771 0x4d5d0  BrFiltLo - ok
15:33:24.0778 0x4d5d0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:33:24.0788 0x4d5d0  BrFiltUp - ok
15:33:24.0816 0x4d5d0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:33:24.0843 0x4d5d0  Browser - ok
15:33:24.0860 0x4d5d0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:33:24.0922 0x4d5d0  Brserid - ok
15:33:24.0931 0x4d5d0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:33:24.0947 0x4d5d0  BrSerWdm - ok
15:33:24.0980 0x4d5d0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:33:24.0990 0x4d5d0  BrUsbMdm - ok
15:33:25.0023 0x4d5d0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:33:25.0034 0x4d5d0  BrUsbSer - ok
15:33:25.0044 0x4d5d0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:33:25.0066 0x4d5d0  BTHMODEM - ok
15:33:25.0091 0x4d5d0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:33:25.0131 0x4d5d0  bthserv - ok
15:33:25.0146 0x4d5d0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:33:25.0176 0x4d5d0  cdfs - ok
15:33:25.0228 0x4d5d0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:33:25.0246 0x4d5d0  cdrom - ok
15:33:25.0257 0x4d5d0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:33:25.0300 0x4d5d0  CertPropSvc - ok
15:33:25.0331 0x4d5d0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:33:25.0341 0x4d5d0  circlass - ok
15:33:25.0361 0x4d5d0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:33:25.0376 0x4d5d0  CLFS - ok
15:33:25.0456 0x4d5d0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:25.0463 0x4d5d0  clr_optimization_v2.0.50727_32 - ok
15:33:25.0500 0x4d5d0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:33:25.0509 0x4d5d0  clr_optimization_v2.0.50727_64 - ok
15:33:25.0560 0x4d5d0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:33:25.0567 0x4d5d0  clr_optimization_v4.0.30319_32 - ok
15:33:25.0591 0x4d5d0  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:33:25.0600 0x4d5d0  clr_optimization_v4.0.30319_64 - ok
15:33:25.0603 0x4d5d0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:33:25.0628 0x4d5d0  CmBatt - ok
15:33:25.0674 0x4d5d0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:33:25.0680 0x4d5d0  cmdide - ok
15:33:25.0722 0x4d5d0  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
15:33:25.0743 0x4d5d0  CNG - ok
15:33:25.0746 0x4d5d0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:33:25.0752 0x4d5d0  Compbatt - ok
15:33:25.0774 0x4d5d0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:33:25.0783 0x4d5d0  CompositeBus - ok
15:33:25.0786 0x4d5d0  COMSysApp - ok
15:33:25.0794 0x4d5d0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:33:25.0801 0x4d5d0  crcdisk - ok
15:33:25.0833 0x4d5d0  [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:33:25.0879 0x4d5d0  CryptSvc - ok
15:33:25.0925 0x4d5d0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:33:25.0960 0x4d5d0  DcomLaunch - ok
15:33:26.0010 0x4d5d0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:33:26.0046 0x4d5d0  defragsvc - ok
15:33:26.0092 0x4d5d0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:33:26.0169 0x4d5d0  DfsC - ok
15:33:26.0203 0x4d5d0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:33:26.0278 0x4d5d0  Dhcp - ok
15:33:26.0293 0x4d5d0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:33:26.0333 0x4d5d0  discache - ok
15:33:26.0369 0x4d5d0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:33:26.0377 0x4d5d0  Disk - ok
15:33:26.0400 0x4d5d0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:33:26.0447 0x4d5d0  Dnscache - ok
15:33:26.0466 0x4d5d0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:33:26.0512 0x4d5d0  dot3svc - ok
15:33:26.0523 0x4d5d0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:33:26.0557 0x4d5d0  DPS - ok
15:33:26.0601 0x4d5d0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:33:26.0613 0x4d5d0  drmkaud - ok
15:33:26.0652 0x4d5d0  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:33:26.0684 0x4d5d0  DXGKrnl - ok
15:33:26.0733 0x4d5d0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:33:26.0785 0x4d5d0  EapHost - ok
15:33:26.0896 0x4d5d0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:33:27.0032 0x4d5d0  ebdrv - ok
15:33:27.0066 0x4d5d0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
15:33:27.0093 0x4d5d0  EFS - ok
15:33:27.0151 0x4d5d0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:33:27.0205 0x4d5d0  ehRecvr - ok
15:33:27.0221 0x4d5d0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:33:27.0236 0x4d5d0  ehSched - ok
15:33:27.0263 0x4d5d0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:33:27.0284 0x4d5d0  elxstor - ok
15:33:27.0316 0x4d5d0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:33:27.0327 0x4d5d0  ErrDev - ok
15:33:27.0349 0x4d5d0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:33:27.0382 0x4d5d0  EventSystem - ok
15:33:27.0409 0x4d5d0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:33:27.0439 0x4d5d0  exfat - ok
15:33:27.0447 0x4d5d0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:33:27.0475 0x4d5d0  fastfat - ok
15:33:27.0526 0x4d5d0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:33:27.0600 0x4d5d0  Fax - ok
15:33:27.0623 0x4d5d0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:33:27.0650 0x4d5d0  fdc - ok
15:33:27.0659 0x4d5d0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:33:27.0682 0x4d5d0  fdPHost - ok
15:33:27.0698 0x4d5d0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:33:27.0726 0x4d5d0  FDResPub - ok
15:33:27.0761 0x4d5d0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:33:27.0768 0x4d5d0  FileInfo - ok
15:33:27.0778 0x4d5d0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:33:27.0833 0x4d5d0  Filetrace - ok
15:33:27.0889 0x4d5d0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:33:27.0896 0x4d5d0  flpydisk - ok
15:33:27.0918 0x4d5d0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:33:27.0930 0x4d5d0  FltMgr - ok
15:33:28.0015 0x4d5d0  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
15:33:28.0113 0x4d5d0  FontCache - ok
15:33:28.0154 0x4d5d0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:33:28.0160 0x4d5d0  FontCache3.0.0.0 - ok
15:33:28.0206 0x4d5d0  [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE, 7CA82C54BB8CADE9D0F90CAC332B22D18E8A2FE0231B8E2E5C5D571A902EB5FE ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:33:28.0216 0x4d5d0  FPLService - ok
15:33:28.0262 0x4d5d0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:33:28.0270 0x4d5d0  FsDepends - ok
15:33:28.0282 0x4d5d0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:33:28.0290 0x4d5d0  Fs_Rec - ok
15:33:28.0317 0x4d5d0  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:33:28.0330 0x4d5d0  fvevol - ok
15:33:28.0341 0x4d5d0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:33:28.0348 0x4d5d0  gagp30kx - ok
15:33:28.0409 0x4d5d0  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:33:28.0418 0x4d5d0  GamesAppService - ok
15:33:28.0447 0x4d5d0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:33:28.0511 0x4d5d0  gpsvc - ok
15:33:28.0559 0x4d5d0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:33:28.0586 0x4d5d0  hcw85cir - ok
15:33:28.0616 0x4d5d0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:33:28.0682 0x4d5d0  HdAudAddService - ok
15:33:28.0692 0x4d5d0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:33:28.0721 0x4d5d0  HDAudBus - ok
15:33:28.0753 0x4d5d0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:33:28.0770 0x4d5d0  HidBatt - ok
15:33:28.0801 0x4d5d0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:33:28.0840 0x4d5d0  HidBth - ok
15:33:28.0891 0x4d5d0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:33:28.0904 0x4d5d0  HidIr - ok
15:33:28.0925 0x4d5d0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:33:28.0948 0x4d5d0  hidserv - ok
15:33:28.0999 0x4d5d0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:33:29.0006 0x4d5d0  HidUsb - ok
15:33:29.0023 0x4d5d0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:33:29.0059 0x4d5d0  hkmsvc - ok
15:33:29.0111 0x4d5d0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:33:29.0140 0x4d5d0  HomeGroupListener - ok
15:33:29.0155 0x4d5d0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:33:29.0170 0x4d5d0  HomeGroupProvider - ok
15:33:29.0236 0x4d5d0  [ 531D1843C7A411F4E41EC6786F291E5F, 78339BDF1468D0B2FB6EB4D95B64149A87449CA15FF2C5D58D49DDF0A8560B41 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:33:29.0243 0x4d5d0  HP Support Assistant Service - ok
15:33:29.0315 0x4d5d0  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:33:29.0327 0x4d5d0  HPClientSvc - ok
15:33:29.0376 0x4d5d0  [ BCC4A8B2E2E902F52E7F2E7D8E125765, 4253DEABF5E4613E42BFC921BF4E2DD5BDF80A640250F41BDA7DD2711A6BA8A1 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:33:29.0382 0x4d5d0  HPDrvMntSvc.exe - ok
15:33:29.0425 0x4d5d0  [ EC9739A46F1F83C6E52A7A4697F44A65, CF4E93D3E8CA607DDEF87C6996F6C7326316144A61C1B4F83EA1B4B2F9BDC69B ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:33:29.0451 0x4d5d0  hpqwmiex - ok
15:33:29.0472 0x4d5d0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:33:29.0482 0x4d5d0  HpSAMD - ok
15:33:29.0513 0x4d5d0  [ D70DAE4D3ACBF4ACB99E50BA960CB9F7, 6D8D9D9C1E4CEADE9EF96D03C278AEF18F2F05FD7A21EACEB395BC0769487765 ] HPSIService     C:\Windows\system32\HPSIsvc.exe
15:33:29.0522 0x4d5d0  HPSIService - ok
15:33:29.0551 0x4d5d0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:33:29.0607 0x4d5d0  HTTP - ok
15:33:29.0623 0x4d5d0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:33:29.0634 0x4d5d0  hwpolicy - ok
15:33:29.0639 0x4d5d0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:33:29.0649 0x4d5d0  i8042prt - ok
15:33:29.0691 0x4d5d0  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:33:29.0712 0x4d5d0  iaStor - ok
15:33:29.0777 0x4d5d0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:33:29.0798 0x4d5d0  iaStorV - ok
15:33:29.0856 0x4d5d0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:33:29.0884 0x4d5d0  idsvc - ok
15:33:30.0243 0x4d5d0  [ EFE5A0AF39A8E179624117C521F1E012, 185BB1106E42256A6E7C63B09737A7059DD14DEA7C1D85ADF66C50D63CFDA556 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:33:30.0696 0x4d5d0  igfx - ok
15:33:30.0719 0x4d5d0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:33:30.0727 0x4d5d0  iirsp - ok
15:33:30.0771 0x4d5d0  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:33:30.0832 0x4d5d0  IKEEXT - ok
15:33:30.0851 0x4d5d0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\drivers\Impcd.sys
15:33:30.0874 0x4d5d0  Impcd - ok
15:33:30.0969 0x4d5d0  [ C7124DA48E557D8F88D0D7F1254557F4, 300BC8ACB5CCB15F80ECAEAD27F12925EE94C84FE8110143A3E0F30E19DDA87B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:33:31.0070 0x4d5d0  IntcAzAudAddService - ok
15:33:31.0078 0x4d5d0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:33:31.0085 0x4d5d0  intelide - ok
15:33:31.0100 0x4d5d0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:33:31.0118 0x4d5d0  intelppm - ok
15:33:31.0173 0x4d5d0  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:33:31.0177 0x4d5d0  IntuitUpdateServiceV4 - ok
15:33:31.0220 0x4d5d0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:33:31.0254 0x4d5d0  IPBusEnum - ok
15:33:31.0270 0x4d5d0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:31.0301 0x4d5d0  IpFilterDriver - ok
15:33:31.0336 0x4d5d0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:33:31.0386 0x4d5d0  iphlpsvc - ok
15:33:31.0390 0x4d5d0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:33:31.0410 0x4d5d0  IPMIDRV - ok
15:33:31.0415 0x4d5d0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:33:31.0454 0x4d5d0  IPNAT - ok
15:33:31.0470 0x4d5d0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:33:31.0484 0x4d5d0  IRENUM - ok
15:33:31.0495 0x4d5d0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:33:31.0502 0x4d5d0  isapnp - ok
15:33:31.0535 0x4d5d0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:33:31.0546 0x4d5d0  iScsiPrt - ok
15:33:31.0614 0x4d5d0  [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:33:31.0625 0x4d5d0  jhi_service - ok
15:33:31.0637 0x4d5d0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:33:31.0644 0x4d5d0  kbdclass - ok
15:33:31.0657 0x4d5d0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:33:31.0673 0x4d5d0  kbdhid - ok
15:33:31.0686 0x4d5d0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
15:33:31.0693 0x4d5d0  KeyIso - ok
15:33:31.0718 0x4d5d0  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:33:31.0726 0x4d5d0  KSecDD - ok
15:33:31.0744 0x4d5d0  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:33:31.0753 0x4d5d0  KSecPkg - ok
15:33:31.0770 0x4d5d0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:33:31.0802 0x4d5d0  ksthunk - ok
15:33:31.0862 0x4d5d0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:33:31.0901 0x4d5d0  KtmRm - ok
15:33:31.0933 0x4d5d0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:33:31.0966 0x4d5d0  LanmanServer - ok
15:33:31.0986 0x4d5d0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:33:32.0020 0x4d5d0  LanmanWorkstation - ok
15:33:32.0040 0x4d5d0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:33:32.0079 0x4d5d0  lltdio - ok
15:33:32.0098 0x4d5d0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:33:32.0143 0x4d5d0  lltdsvc - ok
15:33:32.0153 0x4d5d0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:33:32.0176 0x4d5d0  lmhosts - ok
15:33:32.0227 0x4d5d0  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F, 9BB0A3BE7CCDF62CF0A67CB67019364965F6567BE29BA6D153B8E36F88058302 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:33:32.0244 0x4d5d0  LMS - ok
15:33:32.0268 0x4d5d0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:33:32.0278 0x4d5d0  LSI_FC - ok
15:33:32.0283 0x4d5d0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:33:32.0293 0x4d5d0  LSI_SAS - ok
15:33:32.0296 0x4d5d0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:33:32.0303 0x4d5d0  LSI_SAS2 - ok
15:33:32.0308 0x4d5d0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:33:32.0319 0x4d5d0  LSI_SCSI - ok
15:33:32.0339 0x4d5d0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:33:32.0374 0x4d5d0  luafv - ok
15:33:32.0419 0x4d5d0  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:33:32.0426 0x4d5d0  MBAMProtector - ok
15:33:32.0531 0x4d5d0  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
15:33:32.0590 0x4d5d0  MBAMScheduler - ok
15:33:32.0629 0x4d5d0  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
15:33:32.0651 0x4d5d0  MBAMService - ok
15:33:32.0692 0x4d5d0  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:33:32.0699 0x4d5d0  MBAMSwissArmy - ok
15:33:32.0721 0x4d5d0  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:33:32.0729 0x4d5d0  MBAMWebAccessControl - ok
15:33:32.0758 0x4d5d0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:33:32.0768 0x4d5d0  Mcx2Svc - ok
15:33:32.0787 0x4d5d0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:33:32.0796 0x4d5d0  megasas - ok
15:33:32.0806 0x4d5d0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:33:32.0821 0x4d5d0  MegaSR - ok
15:33:32.0845 0x4d5d0  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
15:33:32.0853 0x4d5d0  MEIx64 - ok
15:33:32.0874 0x4d5d0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:33:32.0903 0x4d5d0  MMCSS - ok
15:33:32.0906 0x4d5d0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:33:32.0980 0x4d5d0  Modem - ok
15:33:32.0996 0x4d5d0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:33:33.0015 0x4d5d0  monitor - ok
15:33:33.0031 0x4d5d0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:33:33.0040 0x4d5d0  mouclass - ok
15:33:33.0052 0x4d5d0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:33:33.0069 0x4d5d0  mouhid - ok
15:33:33.0077 0x4d5d0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:33:33.0087 0x4d5d0  mountmgr - ok
15:33:33.0129 0x4d5d0  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:33:33.0137 0x4d5d0  MozillaMaintenance - ok
15:33:33.0143 0x4d5d0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:33:33.0153 0x4d5d0  mpio - ok
15:33:33.0173 0x4d5d0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:33:33.0201 0x4d5d0  mpsdrv - ok
15:33:33.0307 0x4d5d0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:33:33.0358 0x4d5d0  MpsSvc - ok
15:33:33.0374 0x4d5d0  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:33:33.0387 0x4d5d0  MRxDAV - ok
15:33:33.0415 0x4d5d0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:33:33.0457 0x4d5d0  mrxsmb - ok
15:33:33.0481 0x4d5d0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:33:33.0496 0x4d5d0  mrxsmb10 - ok
15:33:33.0507 0x4d5d0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:33:33.0519 0x4d5d0  mrxsmb20 - ok
15:33:33.0538 0x4d5d0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:33:33.0544 0x4d5d0  msahci - ok
15:33:33.0549 0x4d5d0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:33:33.0559 0x4d5d0  msdsm - ok
15:33:33.0571 0x4d5d0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:33:33.0583 0x4d5d0  MSDTC - ok
15:33:33.0597 0x4d5d0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:33:33.0624 0x4d5d0  Msfs - ok
15:33:33.0633 0x4d5d0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:33:33.0657 0x4d5d0  mshidkmdf - ok
15:33:33.0673 0x4d5d0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:33:33.0681 0x4d5d0  msisadrv - ok
15:33:33.0733 0x4d5d0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:33:33.0780 0x4d5d0  MSiSCSI - ok
15:33:33.0782 0x4d5d0  msiserver - ok
15:33:33.0797 0x4d5d0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:33:33.0827 0x4d5d0  MSKSSRV - ok
15:33:33.0829 0x4d5d0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:33:33.0870 0x4d5d0  MSPCLOCK - ok
15:33:33.0873 0x4d5d0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:33:33.0900 0x4d5d0  MSPQM - ok
15:33:33.0924 0x4d5d0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:33:33.0936 0x4d5d0  MsRPC - ok
15:33:33.0952 0x4d5d0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:33:33.0961 0x4d5d0  mssmbios - ok
15:33:33.0964 0x4d5d0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:33:33.0987 0x4d5d0  MSTEE - ok
15:33:33.0990 0x4d5d0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:33:33.0999 0x4d5d0  MTConfig - ok
15:33:34.0017 0x4d5d0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:33:34.0026 0x4d5d0  Mup - ok
15:33:34.0056 0x4d5d0  [ C983834933213967B1F903535F2EA4C9, 0E6DFDD66C68780AF0D37CB52A95F592F31AA70C0AEA53F9DD476FFF61CA4B7B ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
15:33:34.0073 0x4d5d0  mvusbews - ok
15:33:34.0093 0x4d5d0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:33:34.0135 0x4d5d0  napagent - ok
15:33:34.0176 0x4d5d0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:33:34.0198 0x4d5d0  NativeWifiP - ok
15:33:34.0246 0x4d5d0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:33:34.0285 0x4d5d0  NDIS - ok
15:33:34.0312 0x4d5d0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:33:34.0337 0x4d5d0  NdisCap - ok
15:33:34.0353 0x4d5d0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:33:34.0380 0x4d5d0  NdisTapi - ok
15:33:34.0397 0x4d5d0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:33:34.0420 0x4d5d0  Ndisuio - ok
15:33:34.0430 0x4d5d0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:33:34.0458 0x4d5d0  NdisWan - ok
15:33:34.0468 0x4d5d0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:33:34.0491 0x4d5d0  NDProxy - ok
15:33:34.0507 0x4d5d0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:33:34.0546 0x4d5d0  NetBIOS - ok
15:33:34.0572 0x4d5d0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:33:34.0602 0x4d5d0  NetBT - ok
15:33:34.0605 0x4d5d0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
15:33:34.0615 0x4d5d0  Netlogon - ok
15:33:34.0652 0x4d5d0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:33:34.0686 0x4d5d0  Netman - ok
15:33:34.0719 0x4d5d0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:34.0728 0x4d5d0  NetMsmqActivator - ok
15:33:34.0731 0x4d5d0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:34.0738 0x4d5d0  NetPipeActivator - ok
15:33:34.0757 0x4d5d0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:33:34.0795 0x4d5d0  netprofm - ok
15:33:34.0867 0x4d5d0  [ 8B5D2D7CB0EF5B1967860B8AB742A46C, 65B61FF5156D0EC0F95143FFBB0099F6F8B9CBB4CA4227F455884B8F51E93FB4 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
15:33:34.0922 0x4d5d0  netr28x - ok
15:33:34.0939 0x4d5d0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:34.0946 0x4d5d0  NetTcpActivator - ok
15:33:34.0951 0x4d5d0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:34.0958 0x4d5d0  NetTcpPortSharing - ok
15:33:34.0969 0x4d5d0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:33:34.0977 0x4d5d0  nfrd960 - ok
15:33:35.0001 0x4d5d0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:33:35.0015 0x4d5d0  NlaSvc - ok
15:33:35.0028 0x4d5d0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:33:35.0055 0x4d5d0  Npfs - ok
15:33:35.0078 0x4d5d0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:33:35.0106 0x4d5d0  nsi - ok
15:33:35.0117 0x4d5d0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:33:35.0146 0x4d5d0  nsiproxy - ok
15:33:35.0214 0x4d5d0  [ E453ACF4E7D44E5530B5D5F2B9CA8563, 85EEBCBB3187A21282619A0264C10E9E52EFE4387F3425D3D279EF460DA3AD06 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:33:35.0284 0x4d5d0  Ntfs - ok
15:33:35.0297 0x4d5d0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:33:35.0319 0x4d5d0  Null - ok
15:33:35.0348 0x4d5d0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:33:35.0356 0x4d5d0  nvraid - ok
15:33:35.0399 0x4d5d0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:33:35.0408 0x4d5d0  nvstor - ok
15:33:35.0428 0x4d5d0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:33:35.0437 0x4d5d0  nv_agp - ok
15:33:35.0442 0x4d5d0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:33:35.0451 0x4d5d0  ohci1394 - ok
15:33:35.0520 0x4d5d0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:33:35.0529 0x4d5d0  ose - ok
15:33:35.0698 0x4d5d0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:33:35.0857 0x4d5d0  osppsvc - ok
15:33:35.0887 0x4d5d0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:33:35.0911 0x4d5d0  p2pimsvc - ok
15:33:35.0935 0x4d5d0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:33:35.0952 0x4d5d0  p2psvc - ok
15:33:35.0967 0x4d5d0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:33:35.0976 0x4d5d0  Parport - ok
15:33:35.0999 0x4d5d0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:33:36.0008 0x4d5d0  partmgr - ok
15:33:36.0019 0x4d5d0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:33:36.0044 0x4d5d0  PcaSvc - ok
15:33:36.0063 0x4d5d0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:33:36.0074 0x4d5d0  pci - ok
15:33:36.0077 0x4d5d0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:33:36.0085 0x4d5d0  pciide - ok
15:33:36.0091 0x4d5d0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:33:36.0103 0x4d5d0  pcmcia - ok
15:33:36.0107 0x4d5d0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:33:36.0114 0x4d5d0  pcw - ok
15:33:36.0150 0x4d5d0  pdfcDispatcher - ok
15:33:36.0180 0x4d5d0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:33:36.0222 0x4d5d0  PEAUTH - ok
15:33:36.0283 0x4d5d0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:33:36.0305 0x4d5d0  PerfHost - ok
15:33:36.0354 0x4d5d0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:33:36.0443 0x4d5d0  pla - ok
15:33:36.0491 0x4d5d0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:33:36.0527 0x4d5d0  PlugPlay - ok
15:33:36.0555 0x4d5d0  [ 0BEE791C7C7ACE453C134E73633C497D, 82B30461DBF40AC15FCE6A83B9BAD2EBD05B27DEA1B784EAA096422FE8927B7B ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
15:33:36.0564 0x4d5d0  pmxdrv - ok
15:33:36.0567 0x4d5d0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:33:36.0580 0x4d5d0  PNRPAutoReg - ok
15:33:36.0589 0x4d5d0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:33:36.0608 0x4d5d0  PNRPsvc - ok
15:33:36.0645 0x4d5d0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:33:36.0683 0x4d5d0  PolicyAgent - ok
15:33:36.0721 0x4d5d0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:33:36.0758 0x4d5d0  Power - ok
15:33:36.0776 0x4d5d0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:33:36.0805 0x4d5d0  PptpMiniport - ok
15:33:36.0834 0x4d5d0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:33:36.0858 0x4d5d0  Processor - ok
15:33:36.0891 0x4d5d0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:33:36.0922 0x4d5d0  ProfSvc - ok
15:33:36.0929 0x4d5d0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
15:33:36.0936 0x4d5d0  ProtectedStorage - ok
15:33:36.0952 0x4d5d0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:33:36.0989 0x4d5d0  Psched - ok
15:33:37.0051 0x4d5d0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:33:37.0113 0x4d5d0  ql2300 - ok
15:33:37.0135 0x4d5d0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:33:37.0143 0x4d5d0  ql40xx - ok
15:33:37.0168 0x4d5d0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:33:37.0184 0x4d5d0  QWAVE - ok
15:33:37.0198 0x4d5d0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:33:37.0214 0x4d5d0  QWAVEdrv - ok
15:33:37.0216 0x4d5d0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:33:37.0246 0x4d5d0  RasAcd - ok
15:33:37.0271 0x4d5d0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:33:37.0299 0x4d5d0  RasAgileVpn - ok
15:33:37.0310 0x4d5d0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:33:37.0350 0x4d5d0  RasAuto - ok
15:33:37.0366 0x4d5d0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:33:37.0395 0x4d5d0  Rasl2tp - ok
15:33:37.0429 0x4d5d0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:33:37.0465 0x4d5d0  RasMan - ok
15:33:37.0470 0x4d5d0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:33:37.0497 0x4d5d0  RasPppoe - ok
15:33:37.0513 0x4d5d0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:33:37.0539 0x4d5d0  RasSstp - ok
15:33:37.0560 0x4d5d0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:33:37.0593 0x4d5d0  rdbss - ok
15:33:37.0620 0x4d5d0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:33:37.0645 0x4d5d0  rdpbus - ok
15:33:37.0650 0x4d5d0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:33:37.0672 0x4d5d0  RDPCDD - ok
15:33:37.0691 0x4d5d0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:33:37.0729 0x4d5d0  RDPENCDD - ok
15:33:37.0740 0x4d5d0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:33:37.0763 0x4d5d0  RDPREFMP - ok
15:33:37.0797 0x4d5d0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:33:37.0834 0x4d5d0  RDPWD - ok
15:33:37.0851 0x4d5d0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:33:37.0861 0x4d5d0  rdyboost - ok
15:33:37.0878 0x4d5d0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:33:37.0905 0x4d5d0  RemoteAccess - ok
15:33:37.0923 0x4d5d0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:33:37.0949 0x4d5d0  RemoteRegistry - ok
15:33:38.0007 0x4d5d0  [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
15:33:38.0022 0x4d5d0  RoxioNow Service - ok
15:33:38.0053 0x4d5d0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:33:38.0087 0x4d5d0  RpcEptMapper - ok
15:33:38.0124 0x4d5d0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:33:38.0132 0x4d5d0  RpcLocator - ok
15:33:38.0153 0x4d5d0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:33:38.0191 0x4d5d0  RpcSs - ok
15:33:38.0196 0x4d5d0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:33:38.0222 0x4d5d0  rspndr - ok
15:33:38.0272 0x4d5d0  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:33:38.0288 0x4d5d0  RTL8167 - ok
15:33:38.0297 0x4d5d0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
15:33:38.0306 0x4d5d0  SamSs - ok
15:33:38.0329 0x4d5d0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:33:38.0338 0x4d5d0  sbp2port - ok
15:33:38.0371 0x4d5d0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:33:38.0405 0x4d5d0  SCardSvr - ok
15:33:38.0408 0x4d5d0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:33:38.0444 0x4d5d0  scfilter - ok
15:33:38.0489 0x4d5d0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:33:38.0552 0x4d5d0  Schedule - ok
15:33:38.0589 0x4d5d0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:33:38.0620 0x4d5d0  SCPolicySvc - ok
15:33:38.0635 0x4d5d0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:33:38.0662 0x4d5d0  SDRSVC - ok
15:33:38.0673 0x4d5d0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:33:38.0705 0x4d5d0  secdrv - ok
15:33:38.0715 0x4d5d0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:33:38.0740 0x4d5d0  seclogon - ok
15:33:38.0754 0x4d5d0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:33:38.0781 0x4d5d0  SENS - ok
15:33:38.0791 0x4d5d0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:33:38.0824 0x4d5d0  SensrSvc - ok
15:33:38.0838 0x4d5d0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:33:38.0862 0x4d5d0  Serenum - ok
15:33:38.0881 0x4d5d0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
15:33:38.0893 0x4d5d0  Serial - ok
15:33:38.0896 0x4d5d0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:33:38.0919 0x4d5d0  sermouse - ok
15:33:38.0930 0x4d5d0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:33:38.0968 0x4d5d0  SessionEnv - ok
15:33:38.0973 0x4d5d0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:33:38.0997 0x4d5d0  sffdisk - ok
15:33:39.0002 0x4d5d0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:33:39.0011 0x4d5d0  sffp_mmc - ok
15:33:39.0014 0x4d5d0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:33:39.0024 0x4d5d0  sffp_sd - ok
15:33:39.0028 0x4d5d0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:33:39.0037 0x4d5d0  sfloppy - ok
15:33:39.0080 0x4d5d0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:33:39.0116 0x4d5d0  SharedAccess - ok
15:33:39.0158 0x4d5d0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:33:39.0200 0x4d5d0  ShellHWDetection - ok
15:33:39.0203 0x4d5d0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:33:39.0212 0x4d5d0  SiSRaid2 - ok
15:33:39.0216 0x4d5d0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:33:39.0225 0x4d5d0  SiSRaid4 - ok
15:33:39.0237 0x4d5d0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:33:39.0265 0x4d5d0  Smb - ok
15:33:39.0291 0x4d5d0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:33:39.0305 0x4d5d0  SNMPTRAP - ok
15:33:39.0313 0x4d5d0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:33:39.0321 0x4d5d0  spldr - ok
15:33:39.0362 0x4d5d0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:33:39.0387 0x4d5d0  Spooler - ok
15:33:39.0492 0x4d5d0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:33:39.0654 0x4d5d0  sppsvc - ok
15:33:39.0677 0x4d5d0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:33:39.0709 0x4d5d0  sppuinotify - ok
15:33:39.0743 0x4d5d0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:33:39.0778 0x4d5d0  srv - ok
15:33:39.0810 0x4d5d0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:33:39.0845 0x4d5d0  srv2 - ok
15:33:39.0859 0x4d5d0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:33:39.0871 0x4d5d0  srvnet - ok
15:33:39.0888 0x4d5d0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:33:39.0924 0x4d5d0  SSDPSRV - ok
15:33:39.0941 0x4d5d0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:33:39.0969 0x4d5d0  SstpSvc - ok
15:33:39.0997 0x4d5d0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:33:40.0004 0x4d5d0  stexstor - ok
15:33:40.0030 0x4d5d0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:33:40.0056 0x4d5d0  stisvc - ok
15:33:40.0069 0x4d5d0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:33:40.0076 0x4d5d0  swenum - ok
15:33:40.0101 0x4d5d0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:33:40.0142 0x4d5d0  swprv - ok
15:33:40.0201 0x4d5d0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:33:40.0293 0x4d5d0  SysMain - ok
15:33:40.0310 0x4d5d0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:33:40.0332 0x4d5d0  TabletInputService - ok
15:33:40.0345 0x4d5d0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:33:40.0380 0x4d5d0  TapiSrv - ok
15:33:40.0389 0x4d5d0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:33:40.0423 0x4d5d0  TBS - ok
15:33:40.0499 0x4d5d0  [ 37608401DFDB388CAF66917F6B2D6FB0, 3E8A594CB84D94C4AFEB5B5657D2DEEECBAF64BB6AD16510BCDDFDE07F099056 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:33:40.0570 0x4d5d0  Tcpip - ok
15:33:40.0618 0x4d5d0  [ 37608401DFDB388CAF66917F6B2D6FB0, 3E8A594CB84D94C4AFEB5B5657D2DEEECBAF64BB6AD16510BCDDFDE07F099056 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:33:40.0661 0x4d5d0  TCPIP6 - ok
15:33:40.0682 0x4d5d0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:33:40.0692 0x4d5d0  tcpipreg - ok
15:33:40.0718 0x4d5d0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:33:40.0748 0x4d5d0  TDPIPE - ok
15:33:40.0770 0x4d5d0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:33:40.0791 0x4d5d0  TDTCP - ok
15:33:40.0821 0x4d5d0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:33:40.0854 0x4d5d0  tdx - ok
15:33:40.0870 0x4d5d0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:33:40.0880 0x4d5d0  TermDD - ok
15:33:40.0911 0x4d5d0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
15:33:40.0953 0x4d5d0  TermService - ok
15:33:40.0968 0x4d5d0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:33:40.0980 0x4d5d0  Themes - ok
15:33:40.0997 0x4d5d0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:33:41.0024 0x4d5d0  THREADORDER - ok
15:33:41.0032 0x4d5d0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:33:41.0072 0x4d5d0  TrkWks - ok
15:33:41.0126 0x4d5d0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:33:41.0153 0x4d5d0  TrustedInstaller - ok
15:33:41.0168 0x4d5d0  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:41.0213 0x4d5d0  tssecsrv - ok
15:33:41.0240 0x4d5d0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:33:41.0260 0x4d5d0  TsUsbFlt - ok
15:33:41.0264 0x4d5d0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:33:41.0272 0x4d5d0  TsUsbGD - ok
15:33:41.0312 0x4d5d0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:33:41.0342 0x4d5d0  tunnel - ok
15:33:41.0354 0x4d5d0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:33:41.0363 0x4d5d0  uagp35 - ok
15:33:41.0387 0x4d5d0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:33:41.0448 0x4d5d0  udfs - ok
15:33:41.0461 0x4d5d0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:33:41.0471 0x4d5d0  UI0Detect - ok
15:33:41.0475 0x4d5d0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:33:41.0484 0x4d5d0  uliagpkx - ok
15:33:41.0508 0x4d5d0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:33:41.0536 0x4d5d0  umbus - ok
15:33:41.0570 0x4d5d0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:33:41.0583 0x4d5d0  UmPass - ok
15:33:41.0736 0x4d5d0  [ 758C2CE427C343F780A205E28555C98D, E3413BA433CD26DD61D3257B08B8354478A049A972EFAC53C303690BC71DD7E1 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:33:41.0828 0x4d5d0  UNS - ok
15:33:41.0857 0x4d5d0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:33:41.0902 0x4d5d0  upnphost - ok
15:33:41.0938 0x4d5d0  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:33:41.0955 0x4d5d0  usbccgp - ok
15:33:41.0996 0x4d5d0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:33:42.0011 0x4d5d0  usbcir - ok
15:33:42.0018 0x4d5d0  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:33:42.0041 0x4d5d0  usbehci - ok
15:33:42.0060 0x4d5d0  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:33:42.0107 0x4d5d0  usbhub - ok
15:33:42.0139 0x4d5d0  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:33:42.0158 0x4d5d0  usbohci - ok
15:33:42.0176 0x4d5d0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:33:42.0199 0x4d5d0  usbprint - ok
15:33:42.0213 0x4d5d0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
15:33:42.0238 0x4d5d0  USBSTOR - ok
15:33:42.0262 0x4d5d0  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:33:42.0290 0x4d5d0  usbuhci - ok
15:33:42.0300 0x4d5d0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:33:42.0332 0x4d5d0  UxSms - ok
15:33:42.0341 0x4d5d0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
15:33:42.0348 0x4d5d0  VaultSvc - ok
15:33:42.0362 0x4d5d0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:33:42.0371 0x4d5d0  vdrvroot - ok
15:33:42.0412 0x4d5d0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:33:42.0462 0x4d5d0  vds - ok
15:33:42.0477 0x4d5d0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:42.0488 0x4d5d0  vga - ok
15:33:42.0500 0x4d5d0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:33:42.0529 0x4d5d0  VgaSave - ok
15:33:42.0535 0x4d5d0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:33:42.0544 0x4d5d0  vhdmp - ok
15:33:42.0547 0x4d5d0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:33:42.0555 0x4d5d0  viaide - ok
15:33:42.0569 0x4d5d0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:33:42.0579 0x4d5d0  volmgr - ok
15:33:42.0605 0x4d5d0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:33:42.0618 0x4d5d0  volmgrx - ok
15:33:42.0658 0x4d5d0  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:33:42.0670 0x4d5d0  volsnap - ok
15:33:42.0696 0x4d5d0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:33:42.0704 0x4d5d0  vsmraid - ok
15:33:42.0762 0x4d5d0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:33:42.0907 0x4d5d0  VSS - ok
15:33:42.0929 0x4d5d0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:33:42.0949 0x4d5d0  vwifibus - ok
15:33:42.0962 0x4d5d0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:33:42.0977 0x4d5d0  vwififlt - ok
15:33:42.0993 0x4d5d0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:33:43.0028 0x4d5d0  W32Time - ok
15:33:43.0032 0x4d5d0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:33:43.0060 0x4d5d0  WacomPen - ok
15:33:43.0090 0x4d5d0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:33:43.0129 0x4d5d0  WANARP - ok
15:33:43.0133 0x4d5d0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:33:43.0157 0x4d5d0  Wanarpv6 - ok
15:33:43.0253 0x4d5d0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:33:43.0299 0x4d5d0  WatAdminSvc - ok
15:33:43.0356 0x4d5d0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:33:43.0427 0x4d5d0  wbengine - ok
15:33:43.0441 0x4d5d0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:33:43.0456 0x4d5d0  WbioSrvc - ok
15:33:43.0480 0x4d5d0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:33:43.0500 0x4d5d0  wcncsvc - ok
15:33:43.0506 0x4d5d0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:33:43.0526 0x4d5d0  WcsPlugInService - ok
15:33:43.0530 0x4d5d0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:33:43.0536 0x4d5d0  Wd - ok
15:33:43.0581 0x4d5d0  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:33:43.0612 0x4d5d0  Wdf01000 - ok
15:33:43.0636 0x4d5d0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:33:43.0690 0x4d5d0  WdiServiceHost - ok
15:33:43.0694 0x4d5d0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:33:43.0710 0x4d5d0  WdiSystemHost - ok
15:33:43.0727 0x4d5d0  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
15:33:43.0744 0x4d5d0  WebClient - ok
15:33:43.0752 0x4d5d0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:33:43.0794 0x4d5d0  Wecsvc - ok
15:33:43.0805 0x4d5d0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:33:43.0841 0x4d5d0  wercplsupport - ok
15:33:43.0876 0x4d5d0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:33:43.0903 0x4d5d0  WerSvc - ok
15:33:43.0914 0x4d5d0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:33:43.0939 0x4d5d0  WfpLwf - ok
15:33:43.0948 0x4d5d0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:33:43.0954 0x4d5d0  WIMMount - ok
15:33:43.0974 0x4d5d0  WinDefend - ok
15:33:43.0977 0x4d5d0  WinHttpAutoProxySvc - ok
15:33:44.0036 0x4d5d0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:33:44.0065 0x4d5d0  Winmgmt - ok
15:33:44.0137 0x4d5d0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:33:44.0236 0x4d5d0  WinRM - ok
15:33:44.0284 0x4d5d0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:33:44.0328 0x4d5d0  Wlansvc - ok
15:33:44.0374 0x4d5d0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:33:44.0380 0x4d5d0  wlcrasvc - ok
15:33:44.0490 0x4d5d0  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:33:44.0567 0x4d5d0  wlidsvc - ok
15:33:44.0571 0x4d5d0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:33:44.0590 0x4d5d0  WmiAcpi - ok
15:33:44.0605 0x4d5d0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:33:44.0626 0x4d5d0  wmiApSrv - ok
15:33:44.0655 0x4d5d0  WMPNetworkSvc - ok
15:33:44.0662 0x4d5d0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:33:44.0673 0x4d5d0  WPCSvc - ok
15:33:44.0689 0x4d5d0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:33:44.0711 0x4d5d0  WPDBusEnum - ok
15:33:44.0722 0x4d5d0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:33:44.0744 0x4d5d0  ws2ifsl - ok
15:33:44.0753 0x4d5d0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:33:44.0767 0x4d5d0  wscsvc - ok
15:33:44.0770 0x4d5d0  WSearch - ok
15:33:44.0931 0x4d5d0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:33:45.0013 0x4d5d0  wuauserv - ok
15:33:45.0043 0x4d5d0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:33:45.0061 0x4d5d0  WudfPf - ok
15:33:45.0089 0x4d5d0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:45.0105 0x4d5d0  WUDFRd - ok
15:33:45.0109 0x4d5d0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:33:45.0128 0x4d5d0  wudfsvc - ok
15:33:45.0140 0x4d5d0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:33:45.0157 0x4d5d0  WwanSvc - ok
15:33:45.0174 0x4d5d0  ================ Scan global ===============================
15:33:45.0207 0x4d5d0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:33:45.0239 0x4d5d0  [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\Windows\system32\winsrv.dll
15:33:45.0250 0x4d5d0  [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\Windows\system32\winsrv.dll
15:33:45.0261 0x4d5d0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:33:45.0290 0x4d5d0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:33:45.0298 0x4d5d0  [ Global ] - ok
15:33:45.0298 0x4d5d0  ================ Scan MBR ==================================
15:33:45.0311 0x4d5d0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:33:45.0612 0x4d5d0  \Device\Harddisk0\DR0 - ok
15:33:45.0616 0x4d5d0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
15:33:46.0174 0x4d5d0  \Device\Harddisk1\DR1 - ok
15:33:46.0174 0x4d5d0  ================ Scan VBR ==================================
15:33:46.0175 0x4d5d0  [ 0EBFCC7B42D483AF2CB299E79E851A85 ] \Device\Harddisk0\DR0\Partition1
15:33:46.0258 0x4d5d0  \Device\Harddisk0\DR0\Partition1 - ok
15:33:46.0260 0x4d5d0  [ E3C91FE00C919824F3350291D45512BF ] \Device\Harddisk0\DR0\Partition2
15:33:46.0336 0x4d5d0  \Device\Harddisk0\DR0\Partition2 - ok
15:33:46.0338 0x4d5d0  [ 4B7054C6CFAAC3AFD226C7CC03335EE9 ] \Device\Harddisk0\DR0\Partition3
15:33:46.0338 0x4d5d0  \Device\Harddisk0\DR0\Partition3 - ok
15:33:46.0348 0x4d5d0  [ 9CE55960451E6D8DFD6EBEB5B9B65B9A ] \Device\Harddisk1\DR1\Partition1
15:33:46.0405 0x4d5d0  \Device\Harddisk1\DR1\Partition1 - ok
15:33:46.0406 0x4d5d0  ================ Scan generic autorun ======================
15:33:46.0453 0x4d5d0  [ CC7AB4F18C45F569CBF76E08C972A655, 8218B84A5252652329330781C496FAEA40036DA6926DF2866FF33CCD0C5753B6 ] C:\Windows\system32\igfxtray.exe
15:33:46.0461 0x4d5d0  IgfxTray - ok
15:33:46.0488 0x4d5d0  [ 7EEBF09C0905F3E56BA7BC08F84D3EB8, 5F8FD8F3B56EB4F39A1D8ACBB84E319767EB895F764B4B3EA31A47ED0D0823A0 ] C:\Windows\system32\hkcmd.exe
15:33:46.0500 0x4d5d0  HotKeysCmds - ok
15:33:46.0519 0x4d5d0  [ AE41A83B8509944404572D70903493C7, 742DB8E7668C4DC7F77BF1E4E862A423814B04E18996C2184D67E92BBBE40E3B ] C:\Windows\system32\igfxpers.exe
15:33:46.0531 0x4d5d0  Persistence - ok
15:33:46.0569 0x4d5d0  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
15:33:46.0576 0x4d5d0  hpsysdrv - ok
15:33:46.0614 0x4d5d0  [ 5516C26A6AF8EB4E2CAB48EC98A74398, 2BF161DE944090B3B3792AE8F5985FCB09744B3EE626E8253A3861D86284652D ] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
15:33:46.0619 0x4d5d0  HP Software Update - ok
15:33:46.0693 0x4d5d0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:33:46.0767 0x4d5d0  Sidebar - ok
15:33:46.0783 0x4d5d0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:33:46.0810 0x4d5d0  mctadmin - ok
15:33:46.0841 0x4d5d0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:33:46.0875 0x4d5d0  Sidebar - ok
15:33:46.0881 0x4d5d0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:33:46.0898 0x4d5d0  mctadmin - ok
15:33:46.0915 0x4d5d0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
15:33:46.0926 0x4d5d0  InterruptDisk - ok
15:33:47.0011 0x4d5d0  [ C8BC9A2DC599F1A52DC6B42FDD47B01E, F32F869EFA1E8ACECC9BDE7D0C9460EF3C85482629A22C4C7BEABE644B9C7E97 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe
15:33:47.0041 0x4d5d0  FlashPlayerUpdate - ok
15:33:47.0042 0x4d5d0  Waiting for KSN requests completion. In queue: 46
15:33:48.0042 0x4d5d0  Waiting for KSN requests completion. In queue: 46
15:33:49.0042 0x4d5d0  Waiting for KSN requests completion. In queue: 46
15:33:50.0138 0x4d5d0  Win FW state via NFP2: enabled
15:33:52.0901 0x4d5d0  ============================================================
15:33:52.0901 0x4d5d0  Scan finished
15:33:52.0901 0x4d5d0  ============================================================
15:33:52.0907 0x4e690  Detected object count: 0
15:33:52.0907 0x4e690  Actual detected object count: 0
 
 
 
 
 
*********************************
FRST log
*********************************
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Michael (administrator) on STANLEY on 18-08-2014 15:45:25
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NeatPortal.com                      ) C:\Games\Evony\NEAT\NEAT2955P.exe
(NeatPortal.com                      ) C:\Games\Evony\NEAT\NEAT2955P.exe
(NeatPortal.com                      ) C:\Games\Evony\NEAT\NEAT2955P.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
() C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] => C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe [251447 2014-06-30] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] => C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe [251447 2014-06-30] ( ())
HKU\S-1-5-21-3401309329-141017374-686467349-1001\...\Run: [InterruptDisk] => C:\Windows\system32\rundll32.exe "C:\Users\Michael\AppData\Local\InterruptDisk\InterruptDisk.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3401309329-141017374-686467349-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-19] (Adobe Systems Incorporated)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.178.162.3 24.247.15.53
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7l1dv2y5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-08-12]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-08]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-08]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-08]
CHR Extension: (Website Logon) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-08]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-07] (Marvell Semiconductor, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-09-02] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 15:45 - 2014-08-18 15:45 - 00014329 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-18 15:44 - 2014-08-18 15:45 - 00000000 ____D () C:\FRST
2014-08-18 15:44 - 2014-08-18 15:44 - 01093632 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 02101760 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 00415232 _____ (Farbar) C:\Users\Michael\Downloads\FSS.exe
2014-08-18 15:32 - 2014-08-18 15:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\tdsskiller.exe
2014-08-17 15:33 - 2014-08-17 15:33 - 00015327 _____ () C:\Users\Michael\Desktop\dds.txt
2014-08-17 15:33 - 2014-08-17 15:33 - 00010043 _____ () C:\Users\Michael\Desktop\attach.txt
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds (1).com
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.com
2014-08-16 18:01 - 2014-08-16 18:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\InterruptDisk
2014-08-12 13:25 - 2014-08-12 13:25 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (4).exe
2014-08-12 12:31 - 2014-08-12 12:31 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (3).exe
2014-08-12 12:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-12 12:22 - 2014-08-17 15:43 - 00000000 ____D () C:\AdwCleaner
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (2).exe
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (1).exe
2014-08-12 11:57 - 2014-08-12 11:58 - 29611712 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.14.exe
2014-08-12 11:33 - 2014-08-12 11:33 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-07 21:38 - 2014-08-07 21:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-05 05:28 - 2014-08-05 05:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\browser_dir
2014-08-04 23:32 - 2014-08-18 14:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 23:32 - 2014-08-04 23:32 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 23:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 23:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 23:31 - 2014-08-04 23:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:20 - 2014-08-04 23:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\3933617794
2014-08-04 23:03 - 2014-08-04 23:03 - 00000029 _____ () C:\Users\Michael\Documents\AVG_Free_License_NUMBER.txt
2014-08-04 23:01 - 2014-08-04 23:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-04 23:01 - 2014-08-04 23:01 - 04755832 _____ (AVG Technologies) C:\Users\Michael\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\MFAData
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\Avg2014
2014-08-03 16:46 - 2014-08-05 05:27 - 49308698 _____ () C:\Users\Michael\AppData\Roaming\3454439321
2014-08-03 05:06 - 2014-08-12 11:36 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\520495603
2014-08-03 05:06 - 2014-08-12 11:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\9a49b2
2014-08-03 05:06 - 2014-08-12 11:31 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3854614011
2014-08-03 05:06 - 2014-08-12 11:23 - 00000030 _____ () C:\Users\Michael\AppData\Roaming\3578279348
2014-08-03 05:06 - 2014-08-12 05:46 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3753296274
2014-08-03 05:06 - 2014-08-04 23:47 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\1782062052
2014-08-03 05:06 - 2014-08-03 05:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\9a49b2
2014-07-25 16:32 - 2014-07-25 16:32 - 01831819 _____ () C:\Users\Michael\Downloads\skylar2.wmv
2014-07-22 02:00 - 2014-07-22 02:00 - 00781824 _____ () C:\Users\Michael\Downloads\DOLPHIN.AVI
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 15:45 - 2014-08-18 15:45 - 00014329 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-18 15:45 - 2014-08-18 15:44 - 00000000 ____D () C:\FRST
2014-08-18 15:44 - 2014-08-18 15:44 - 01093632 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 02101760 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 00415232 _____ (Farbar) C:\Users\Michael\Downloads\FSS.exe
2014-08-18 15:32 - 2014-08-18 15:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\tdsskiller.exe
2014-08-18 14:45 - 2013-01-09 14:44 - 01706249 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 14:24 - 2014-08-04 23:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 11:16 - 2011-09-02 18:21 - 00000000 ____D () C:\ProgramData\truesuite
2014-08-18 10:50 - 2013-01-09 14:49 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{356DDD8A-8824-4B12-9E6A-E1A879240B73}
2014-08-17 15:43 - 2014-08-12 12:22 - 00000000 ____D () C:\AdwCleaner
2014-08-17 15:33 - 2014-08-17 15:33 - 00015327 _____ () C:\Users\Michael\Desktop\dds.txt
2014-08-17 15:33 - 2014-08-17 15:33 - 00010043 _____ () C:\Users\Michael\Desktop\attach.txt
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds (1).com
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.com
2014-08-17 12:13 - 2013-01-09 17:22 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-16 18:01 - 2014-08-16 18:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\InterruptDisk
2014-08-14 14:49 - 2013-01-10 15:37 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-14 02:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-13 13:28 - 2011-09-02 18:17 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-12 13:25 - 2014-08-12 13:25 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (4).exe
2014-08-12 12:36 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 12:36 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 12:31 - 2014-08-12 12:31 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (3).exe
2014-08-12 12:27 - 2010-11-20 23:47 - 00775636 _____ () C:\Windows\PFRO.log
2014-08-12 12:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 12:27 - 2009-07-14 00:51 - 00041711 _____ () C:\Windows\setupact.log
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (2).exe
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (1).exe
2014-08-12 11:58 - 2014-08-12 11:57 - 29611712 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.14.exe
2014-08-12 11:47 - 2014-06-03 12:03 - 00003826 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1393787718
2014-08-12 11:47 - 2014-03-02 15:15 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-12 11:37 - 2013-01-09 15:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-12 11:36 - 2014-08-03 05:06 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\520495603
2014-08-12 11:36 - 2014-08-03 05:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\9a49b2
2014-08-12 11:33 - 2014-08-12 11:33 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-12 11:31 - 2014-08-03 05:06 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3854614011
2014-08-12 11:23 - 2014-08-03 05:06 - 00000030 _____ () C:\Users\Michael\AppData\Roaming\3578279348
2014-08-12 05:46 - 2014-08-03 05:06 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3753296274
2014-08-07 21:38 - 2014-08-07 21:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-05 23:04 - 2014-03-30 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 12:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-05 05:28 - 2014-08-05 05:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\browser_dir
2014-08-05 05:27 - 2014-08-03 16:46 - 49308698 _____ () C:\Users\Michael\AppData\Roaming\3454439321
2014-08-04 23:47 - 2014-08-03 05:06 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\1782062052
2014-08-04 23:32 - 2014-08-04 23:32 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-08-04 23:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:20 - 2014-08-04 23:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\3933617794
2014-08-04 23:16 - 2013-02-08 14:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-08-04 23:04 - 2014-08-04 23:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-04 23:03 - 2014-08-04 23:03 - 00000029 _____ () C:\Users\Michael\Documents\AVG_Free_License_NUMBER.txt
2014-08-04 23:01 - 2014-08-04 23:01 - 04755832 _____ (AVG Technologies) C:\Users\Michael\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\MFAData
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\Avg2014
2014-08-03 05:06 - 2014-08-03 05:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\9a49b2
2014-08-02 13:07 - 2013-01-23 18:39 - 00000000 ____D () C:\business
2014-07-25 16:32 - 2014-07-25 16:32 - 01831819 _____ () C:\Users\Michael\Downloads\skylar2.wmv
2014-07-22 02:00 - 2014-07-22 02:00 - 00781824 _____ () C:\Users\Michael\Downloads\DOLPHIN.AVI
2014-07-19 23:50 - 2013-01-09 16:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-19 23:50 - 2011-09-02 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\AskSLib.dll
C:\Users\Michael\AppData\Local\Temp\bnrubkb.dll
C:\Users\Michael\AppData\Local\Temp\byriumz.dll
C:\Users\Michael\AppData\Local\Temp\dczaewv.dll
C:\Users\Michael\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Michael\AppData\Local\Temp\gwbgvrn.dll
C:\Users\Michael\AppData\Local\Temp\imcqxrc.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\satw.dll
C:\Users\Michael\AppData\Local\Temp\siinst.exe
C:\Users\Michael\AppData\Local\Temp\strings.dll
C:\Users\Michael\AppData\Local\Temp\US_en_Avery_AW40.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-12 16:47
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
*************************
Addition.txt log
*************************
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Michael at 2014-08-18 15:45:54
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version:  - Microsoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{34681D92-5958-406A-A654-1B57E7A7B3DC}) (Version: 6.0.4.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wmaiper (x32 Version: 012.000.1456 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wmaiper (x32 Version: 013.000.1433 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-08-2014 23:00:29 Windows Backup
10-08-2014 23:00:31 Windows Backup
17-08-2014 23:00:28 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1B9ECA9C-6567-4FDD-9A43-395C064C3AD7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {217670BF-600A-45CF-89EE-5FE1CC2F9669} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-08] (Hewlett-Packard)
Task: {984C00E1-6E23-41CE-A501-90A0AC57269A} - System32\Tasks\Opera scheduled Autoupdate 1393787718 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: {A36FD2DF-37F6-4604-930C-53B4EF39CBB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-09] (Hewlett-Packard Company)
Task: {A4F4CDAD-26FC-479F-8706-3CCFB25189CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-09] (Hewlett-Packard Company)
Task: {C1AA2E0E-0F1C-4EEE-8F51-C3FD5344A9EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FA4CA98A-C82A-47F4-A5B3-5BA6B7F9D5CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-09] (Hewlett-Packard Company)
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-09 23:02 - 2012-08-31 16:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2013-01-09 23:02 - 2012-08-31 16:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-09-02 18:00 - 2011-01-27 13:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-09 23:02 - 2012-08-31 16:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2013-01-09 23:02 - 2012-08-31 16:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-01-09 23:02 - 2012-08-31 16:03 - 00373760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2014-08-12 11:47 - 2014-08-12 11:46 - 01401464 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
2014-08-14 17:20 - 2014-08-14 17:20 - 00135168 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-286d4-286d8-b593c36.~lk\0.mdd
2014-08-14 17:20 - 2014-08-14 17:20 - 00196608 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-286d4-286d8-b593c36.~lk\1.mdd
2014-08-14 17:20 - 2014-08-14 17:20 - 00135168 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-286d4-286d8-b593c36.~lk\2.mdd
2014-08-14 17:20 - 2014-08-14 17:20 - 00086016 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-286d4-286d8-b593c36.~lk\3.mdd
2014-08-14 17:20 - 2014-08-14 17:20 - 00253952 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-286d4-286d8-b593c36.~lk\4.mdd
2014-08-15 16:49 - 2014-08-15 16:49 - 00135168 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3ba14-3c3d0-10634fe2.~lk\0.mdd
2014-08-15 16:49 - 2014-08-15 16:49 - 00196608 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3ba14-3c3d0-10634fe2.~lk\1.mdd
2014-08-15 16:49 - 2014-08-15 16:49 - 00135168 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3ba14-3c3d0-10634fe2.~lk\2.mdd
2014-08-15 16:49 - 2014-08-15 16:49 - 00086016 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3ba14-3c3d0-10634fe2.~lk\3.mdd
2014-08-15 16:49 - 2014-08-15 16:49 - 00253952 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3ba14-3c3d0-10634fe2.~lk\4.mdd
2014-08-15 16:50 - 2014-08-15 16:50 - 00135168 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3b9a0-3c244-106391f4.~lk\0.mdd
2014-08-15 16:50 - 2014-08-15 16:50 - 00196608 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3b9a0-3c244-106391f4.~lk\1.mdd
2014-08-15 16:50 - 2014-08-15 16:50 - 00135168 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3b9a0-3c244-106391f4.~lk\2.mdd
2014-08-15 16:50 - 2014-08-15 16:50 - 00086016 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3b9a0-3c244-106391f4.~lk\3.mdd
2014-08-15 16:50 - 2014-08-15 16:50 - 00253952 _____ () C:\Users\Michael\AppData\Local\Temp\wrd-3b9a0-3c244-106391f4.~lk\4.mdd
2014-07-08 14:32 - 2014-07-08 14:32 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-07-08 14:32 - 2014-07-08 14:32 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-07-08 14:32 - 2014-07-08 14:32 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-08-16 18:00 - 2014-08-16 18:00 - 00294912 _____ () C:\Users\Michael\AppData\Local\Temp\bnrubkb.dll
2014-08-12 11:47 - 2014-08-12 11:46 - 00880248 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\libglesv2.dll
2014-08-12 11:47 - 2014-08-12 11:46 - 00135800 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\libegl.dll
2014-08-12 11:47 - 2014-08-12 11:46 - 00957048 _____ () C:\Program Files (x86)\Opera\23.0.1522.75\ffmpegsumo.dll
2014-07-19 23:50 - 2014-07-19 23:50 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2014 11:32:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 423a4
 
Start Time: 01cfba3061bd4768
 
Termination Time: 3
 
Application Path: C:\Windows\system32\NOTEPAD.EXE
 
Report Id: ab47035b-2623-11e4-b358-38607777880f
 
Error: (08/15/2014 02:27:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: STANLEY)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/04/2014 11:16:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome_browser.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00033ab3
Faulting process id: 0x48814
Faulting application start time: 0xchrome_browser.exe0
Faulting application path: chrome_browser.exe1
Faulting module path: chrome_browser.exe2
Report Id: chrome_browser.exe3
 
Error: (08/04/2014 10:40:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x28fb8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (08/04/2014 03:36:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome_browser.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00033ab3
Faulting process id: 0x73ffc
Faulting application start time: 0xchrome_browser.exe0
Faulting application path: chrome_browser.exe1
Faulting module path: chrome_browser.exe2
Report Id: chrome_browser.exe3
 
Error: (08/04/2014 09:01:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome_browser.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x66838
Faulting application start time: 0xchrome_browser.exe0
Faulting application path: chrome_browser.exe1
Faulting module path: chrome_browser.exe2
Report Id: chrome_browser.exe3
 
Error: (08/03/2014 04:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome_browser.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0x80000003
Fault offset: 0x004aa883
Faulting process id: 0x4a6d8
Faulting application start time: 0xchrome_browser.exe0
Faulting application path: chrome_browser.exe1
Faulting module path: chrome_browser.exe2
Report Id: chrome_browser.exe3
 
Error: (07/26/2014 10:23:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 47d18
 
Start Time: 01cfa941abcce204
 
Termination Time: 14
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (07/26/2014 09:19:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7ac
 
Start Time: 01cfa3ce956cef34
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (07/25/2014 02:16:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3
Faulting module name: Flash32_14_0_0_125.ocx, version: 14.0.0.125, time stamp: 0x53862324
Exception code: 0xc0000005
Fault offset: 0x00235dd9
Faulting process id: 0xf68
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (08/17/2014 09:01:34 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/17/2014 08:29:34 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/17/2014 06:27:42 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/17/2014 09:47:47 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/17/2014 05:19:15 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/17/2014 04:47:15 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/16/2014 05:00:01 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/16/2014 04:28:01 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/16/2014 06:53:53 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (08/15/2014 05:54:13 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
 
Microsoft Office Sessions:
=========================
Error: (08/17/2014 11:32:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.16385423a401cfba3061bd47683C:\Windows\system32\NOTEPAD.EXEab47035b-2623-11e4-b358-38607777880f
 
Error: (08/15/2014 02:27:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: STANLEY)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
Error: (08/04/2014 11:16:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome_browser.exe36.0.1985.12553c4dbeentdll.dll6.1.7601.177254ec49b8fc000000500033ab34881401cfb05bac20e8dbC:\Users\Michael\AppData\Local\3933617794\chrome_browser.exeC:\Windows\SysWOW64\ntdll.dllebe19e1f-1c4e-11e4-b436-38607777880f
 
Error: (08/04/2014 10:40:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeentdll.dll6.1.7601.177254ec49b8fc0000374000ce6c328fb801cfb056ac701461C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dlleba6b010-1c49-11e4-b436-38607777880f
 
Error: (08/04/2014 03:36:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome_browser.exe36.0.1985.12553c4dbeentdll.dll6.1.7601.177254ec49b8fc000000500033ab373ffc01cfb01b5202a9d9C:\Users\Michael\AppData\Local\3933617794\chrome_browser.exeC:\Windows\SysWOW64\ntdll.dll9262aeb1-1c0e-11e4-b436-38607777880f
 
Error: (08/04/2014 09:01:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome_browser.exe36.0.1985.12553c4dbeentdll.dll6.1.7601.177254ec49b8fc0000374000ce6c36683801cfafe42d4a8f7bC:\Users\Michael\AppData\Local\3933617794\chrome_browser.exeC:\Windows\SysWOW64\ntdll.dll6dc76b90-1bd7-11e4-b436-38607777880f
 
Error: (08/03/2014 04:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome_browser.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8ad80000003004aa8834a6d801cfaf5650bb3b5cC:\Users\Michael\AppData\Local\3933617794\chrome_browser.exeC:\Users\Michael\AppData\Local\3933617794\36.0.1985.125\chrome.dll94beda69-1b49-11e4-b436-38607777880f
 
Error: (07/26/2014 10:23:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1645747d1801cfa941abcce20414C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Error: (07/26/2014 09:19:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.164577ac01cfa3ce956cef340C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Error: (07/25/2014 02:16:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1645750a2f9e3Flash32_14_0_0_125.ocx14.0.0.12553862324c000000500235dd9f6801cfa3ce96298b37C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_125.ocx4883bc6d-13c3-11e4-b483-38607777880f
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2130 CPU @ 3.40GHz
Percentage of memory in use: 67%
Total physical RAM: 8098.52 MB
Available physical RAM: 2634.2 MB
Total Pagefile: 16195.22 MB
Available Pagefile: 10108.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1385.49 GB) (Free:1231.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:510.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8D579A26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1385.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 609756FA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by 337stat, 18 August 2014 - 03:37 PM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 18 August 2014 - 03:22 PM

Alright. How is the situation after the following fix?


Step 1

Please download this attached Attached File  fixlist.txt   2.33KB   23 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button and allow the reboot.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 18 August 2014 - 06:11 PM

For the moment, I can't execute all instructions, and am updating with what I have to ask for direction.

 

FRST was started, and I pressed the Fix button.

 

The log (Fixlog.txt) SO FAR is what I'll copy below.

 

For more than an hour, it's said it was still fixing, but seems not to be adding to the existing log.  No reboot has happened.  I don't know if I should continue to just let it run (which I'm still doing, at the moment), or if something might need to be stopped and retried, or if there's some other alternative.

 

At the moment, I can't recall any of the malwarebytes windows popping up in the last hour saying it's blocking outbound messages or data, so I have to believe something is changed.

 

Since there's no reboot, and FRST is still seemingly running, I'll assume it's possible Step 1 is incomplete, and I haven't yet tried to start Step 2 at this point.

 

(Obviously hoping I'm not just being impatient at this point, too...so thanks for bearing with this.)

 

Please advise.

 

 

 

*************

Fixlog.txt

*************

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Michael at 2014-08-18 17:53:16 Run:1
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
HKLM-x32\...\Run: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] => C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe [251447 2014-06-30] ()
C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}
HKLM\...\Policies\Explorer\Run: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] => C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe [251447 2014-06-30] ( ())
HKU\S-1-5-21-3401309329-141017374-686467349-1001\...\Run: [InterruptDisk] => C:\Windows\system32\rundll32.exe "C:\Users\Michael\AppData\Local\InterruptDisk\InterruptDisk.dll",DllRegisterServer <===== ATTENTION
2014-08-16 18:01 - 2014-08-16 18:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\InterruptDisk
2014-08-12 11:33 - 2014-08-12 11:33 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-04 23:20 - 2014-08-04 23:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\3933617794
2014-08-03 16:46 - 2014-08-05 05:27 - 49308698 _____ () C:\Users\Michael\AppData\Roaming\3454439321
2014-08-03 05:06 - 2014-08-12 11:36 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\520495603
2014-08-03 05:06 - 2014-08-12 11:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\9a49b2
2014-08-03 05:06 - 2014-08-12 11:31 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3854614011
2014-08-03 05:06 - 2014-08-12 11:23 - 00000030 _____ () C:\Users\Michael\AppData\Roaming\3578279348
2014-08-03 05:06 - 2014-08-12 05:46 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3753296274
2014-08-03 05:06 - 2014-08-04 23:47 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\1782062052
2014-08-03 05:06 - 2014-08-03 05:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\9a49b2
EmptyTemp:
Reboot:
 
*****************
 
[2576] C:\Windows\System32\rundll32.exe => Process closed successfully.
[2292] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
[3564] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
[312568] C:\Windows\SysWOW64\rundll32.exe => Process closed successfully.
[312568] C:\Windows\SysWOW64\rundll32.exe => Process closed successfully.
[305828] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
[267660] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
[302756] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
[293116] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
[301628] C:\Windows\SysWOW64\svchost.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb} => value deleted successfully.
C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb} => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb} => value deleted successfully.
HKU\S-1-5-21-3401309329-141017374-686467349-1001\Software\Microsoft\Windows\CurrentVersion\Run\\InterruptDisk => value deleted successfully.
C:\Users\Michael\AppData\Local\InterruptDisk => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
C:\Users\Michael\AppData\Local\3933617794 => Moved successfully.
C:\Users\Michael\AppData\Roaming\3454439321 => Moved successfully.
C:\Users\Michael\AppData\Roaming\520495603 => Moved successfully.
C:\Users\Michael\AppData\Local\9a49b2 => Moved successfully.
C:\Users\Michael\AppData\Roaming\3854614011 => Moved successfully.
C:\Users\Michael\AppData\Roaming\3578279348 => Moved successfully.
C:\Users\Michael\AppData\Roaming\3753296274 => Moved successfully.
C:\Users\Michael\AppData\Roaming\1782062052 => Moved successfully.
C:\Users\Michael\AppData\Roaming\9a49b2 => Moved successfully.

Edited by 337stat, 18 August 2014 - 06:12 PM.


#6 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 18 August 2014 - 08:56 PM

The issue of what to do was mooted by the tool window showing "Not Responding," a Malwarebytes block message showing for flyclick.biz again, then everything locking.  I was able to reboot the machine, but subsequent runs of the FRST tool (which didn't show in the Task Manager as chewing up much in CPU cycles at all) had it basically lock up at the same place, and hang the computer.

 

The new logs are only different in not finding some of the moved directories/files.

 

Again, awaiting instructions, and have not attempted to use the tool for Step 2 (to scan) yet.

 

The most recent Fixlog.txt copied here:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Michael at 2014-08-18 20:51:19 Run:4
Running from C:\AdwCleaner
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
HKLM-x32\...\Run: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] => C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe [251447 2014-06-30] ()
C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}
HKLM\...\Policies\Explorer\Run: [{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}] => C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe [251447 2014-06-30] ( ())
HKU\S-1-5-21-3401309329-141017374-686467349-1001\...\Run: [InterruptDisk] => C:\Windows\system32\rundll32.exe "C:\Users\Michael\AppData\Local\InterruptDisk\InterruptDisk.dll",DllRegisterServer <===== ATTENTION
2014-08-16 18:01 - 2014-08-16 18:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\InterruptDisk
2014-08-12 11:33 - 2014-08-12 11:33 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-04 23:20 - 2014-08-04 23:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\3933617794
2014-08-03 16:46 - 2014-08-05 05:27 - 49308698 _____ () C:\Users\Michael\AppData\Roaming\3454439321
2014-08-03 05:06 - 2014-08-12 11:36 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\520495603
2014-08-03 05:06 - 2014-08-12 11:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\9a49b2
2014-08-03 05:06 - 2014-08-12 11:31 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3854614011
2014-08-03 05:06 - 2014-08-12 11:23 - 00000030 _____ () C:\Users\Michael\AppData\Roaming\3578279348
2014-08-03 05:06 - 2014-08-12 05:46 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\3753296274
2014-08-03 05:06 - 2014-08-04 23:47 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\1782062052
2014-08-03 05:06 - 2014-08-03 05:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\9a49b2
EmptyTemp:
Reboot:
 
*****************
 
C:\Windows\System32\rundll32.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
C:\Windows\SysWOW64\rundll32.exe => No running process found
C:\Windows\SysWOW64\rundll32.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
C:\Windows\SysWOW64\svchost.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb} => Value not found.
"C:\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb} => Value not found.
HKU\S-1-5-21-3401309329-141017374-686467349-1001\Software\Microsoft\Windows\CurrentVersion\Run\\InterruptDisk => Value not found.
"C:\Users\Michael\AppData\Local\InterruptDisk" => File/Directory not found.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => File/Directory not found.
"C:\Users\Michael\AppData\Local\3933617794" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\3454439321" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\520495603" => File/Directory not found.
"C:\Users\Michael\AppData\Local\9a49b2" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\3854614011" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\3578279348" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\3753296274" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\1782062052" => File/Directory not found.
"C:\Users\Michael\AppData\Roaming\9a49b2" => File/Directory not found.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 19 August 2014 - 03:05 AM

Hello,

and have not attempted to use the tool for Step 2 (to scan) yet.

You can run the FRST scan (step 2) now and post up the log.

#8 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 19 August 2014 - 10:16 AM

Here's the log file from that scan:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Michael (administrator) on STANLEY on 19-08-2014 11:13:16
Running from C:\AdwCleaner
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
() C:\Program Files (x86)\Opera\23.0.1522.75\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.75\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(NeatPortal.com                      ) C:\Games\Evony\NEAT\NEAT2955P.exe
(NeatPortal.com                      ) C:\Games\Evony\NEAT\NEAT2955P.exe
(NeatPortal.com                      ) C:\Games\Evony\NEAT\NEAT2955P.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.178.162.3 24.247.15.53
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7l1dv2y5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-08-12]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-08]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-08]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-08]
CHR Extension: (Website Logon) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2014-02-08]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-08]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-18] (Malwarebytes Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-07] (Marvell Semiconductor, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-09-02] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 20:51 - 2014-08-18 15:42 - 02101760 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-08-18 17:51 - 2014-08-18 17:51 - 00002382 _____ () C:\Users\Michael\Downloads\fixlist (1).txt
2014-08-18 15:45 - 2014-08-18 15:50 - 00027747 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-18 15:45 - 2014-08-18 15:46 - 00041362 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-08-18 15:44 - 2014-08-19 11:13 - 00000000 ____D () C:\FRST
2014-08-18 15:44 - 2014-08-18 15:44 - 01093632 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 02101760 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 00415232 _____ (Farbar) C:\Users\Michael\Downloads\FSS.exe
2014-08-18 15:32 - 2014-08-18 15:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\tdsskiller.exe
2014-08-17 15:33 - 2014-08-17 15:33 - 00015327 _____ () C:\Users\Michael\Desktop\dds.txt
2014-08-17 15:33 - 2014-08-17 15:33 - 00010043 _____ () C:\Users\Michael\Desktop\attach.txt
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds (1).com
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.com
2014-08-12 12:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-12 12:22 - 2014-08-19 11:13 - 00000000 ____D () C:\AdwCleaner
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (1).exe
2014-08-12 11:57 - 2014-08-12 11:58 - 29611712 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.14.exe
2014-08-07 21:38 - 2014-08-07 21:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-05 05:28 - 2014-08-05 05:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\browser_dir
2014-08-04 23:32 - 2014-08-18 22:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 23:32 - 2014-08-04 23:32 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 23:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 23:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 23:31 - 2014-08-04 23:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:03 - 2014-08-04 23:03 - 00000029 _____ () C:\Users\Michael\Documents\AVG_Free_License_NUMBER.txt
2014-08-04 23:01 - 2014-08-04 23:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-04 23:01 - 2014-08-04 23:01 - 04755832 _____ (AVG Technologies) C:\Users\Michael\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\MFAData
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\Avg2014
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-19 11:13 - 2014-08-18 15:44 - 00000000 ____D () C:\FRST
2014-08-19 11:13 - 2014-08-12 12:22 - 00000000 ____D () C:\AdwCleaner
2014-08-19 08:56 - 2013-01-09 14:49 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{356DDD8A-8824-4B12-9E6A-E1A879240B73}
2014-08-18 22:29 - 2014-08-04 23:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 20:59 - 2014-03-17 17:42 - 00007621 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2014-08-18 20:14 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 20:14 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 20:06 - 2011-09-02 18:17 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-18 20:06 - 2010-11-20 23:47 - 00777974 _____ () C:\Windows\PFRO.log
2014-08-18 20:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 20:06 - 2009-07-14 00:51 - 00041767 _____ () C:\Windows\setupact.log
2014-08-18 20:03 - 2013-01-09 14:44 - 01709620 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 18:51 - 2013-01-23 18:39 - 00000000 ____D () C:\business
2014-08-18 17:51 - 2014-08-18 17:51 - 00002382 _____ () C:\Users\Michael\Downloads\fixlist (1).txt
2014-08-18 15:50 - 2014-08-18 15:45 - 00027747 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-08-18 15:46 - 2014-08-18 15:45 - 00041362 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-08-18 15:44 - 2014-08-18 15:44 - 01093632 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-08-18 15:42 - 2014-08-18 20:51 - 02101760 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 02101760 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-08-18 15:42 - 2014-08-18 15:42 - 00415232 _____ (Farbar) C:\Users\Michael\Downloads\FSS.exe
2014-08-18 15:32 - 2014-08-18 15:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\tdsskiller.exe
2014-08-18 11:16 - 2011-09-02 18:21 - 00000000 ____D () C:\ProgramData\truesuite
2014-08-17 15:33 - 2014-08-17 15:33 - 00015327 _____ () C:\Users\Michael\Desktop\dds.txt
2014-08-17 15:33 - 2014-08-17 15:33 - 00010043 _____ () C:\Users\Michael\Desktop\attach.txt
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds (1).com
2014-08-17 15:29 - 2014-08-17 15:29 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.com
2014-08-17 12:13 - 2013-01-09 17:22 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-14 14:49 - 2013-01-10 15:37 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-14 02:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-08-12 12:20 - 2014-08-12 12:20 - 01366203 _____ () C:\Users\Michael\Downloads\AdwCleaner (1).exe
2014-08-12 11:58 - 2014-08-12 11:57 - 29611712 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.14.exe
2014-08-12 11:47 - 2014-06-03 12:03 - 00003826 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1393787718
2014-08-12 11:47 - 2014-03-02 15:15 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-12 11:37 - 2013-01-09 15:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 21:38 - 2014-08-07 21:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-05 23:04 - 2014-03-30 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 12:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-05 05:28 - 2014-08-05 05:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\browser_dir
2014-08-04 23:32 - 2014-08-04 23:32 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 23:32 - 2014-08-04 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-04 23:32 - 2014-08-04 23:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:16 - 2013-02-08 14:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-08-04 23:04 - 2014-08-04 23:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-04 23:03 - 2014-08-04 23:03 - 00000029 _____ () C:\Users\Michael\Documents\AVG_Free_License_NUMBER.txt
2014-08-04 23:01 - 2014-08-04 23:01 - 04755832 _____ (AVG Technologies) C:\Users\Michael\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\MFAData
2014-08-04 23:01 - 2014-08-04 23:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\Avg2014
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-12 16:47
 
==================== End Of Log ============================


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 19 August 2014 - 02:56 PM

Does Malwarebytes still detect and block those outbound connections now? And does a scan with Malwarebytes still detect any threats? If so then please post the log.
Let's do a check up with ESET:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 19 August 2014 - 11:35 PM

Upgraded to Malwarebytes Premium, it ran clean so no log posted here.

 

Running ESET, taking some time as you seem to have expected, will update that here next.



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 20 August 2014 - 05:32 AM

Great.
Yes, the ESET scan can take quite some time, this is normal.

#12 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 20 August 2014 - 02:03 PM

(Happy to take time for thorough results.)

The first line is an Avery company label template, to print out labels, I believe.

The J: Drive stuff is for an external drive used for backups.

I'm as sure as I can be everything that's ever connected on this machine has been reviewed by ESET.

 

I haven't seen a malwarebytes pop-up showing a blocking warning since the one that closed (or seemed to close) the FRST session on me, several FRST runs back.  Prior to that, it had been most of a day since I'd seen one.  I haven't had a clean finish to FRST, but it seems to have made a big difference.

 

There was no c:\ProgramFiles\ESET directory created, but the tool seems to allow an export of the log file, so I'll hope that file is the one you're after...which isn't showing a clean run.  That ESET log file follows.

 

 

**********************

 

C:\Annie's\OffercastInstaller_AVR_U-0250-02-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\FRST\Quarantine\C\ProgramData\Microsoft\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}\{79df1e60-8a2a-6b5c-fd39-cfadf58052eb}.exe a variant of Win32/Kryptik.CFOI trojan
C:\FRST\Quarantine\C\Users\Michael\AppData\Local\InterruptDisk\InterruptDisk.dll Win32/TrojanDownloader.Tracur.AK trojan
C:\FRST\Quarantine\C\Users\Michael\AppData\Local\InterruptDisk\InterruptDisk\InterruptDisk.dll Win32/TrojanDownloader.Tracur.AK trojan
C:\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_2\OLD_PROD\PMAIL\TRUMPING.EX_ Win16/Flooder.ICMP.ICMPBomb.A trojan
C:\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_2\WINSOCK\TRUMPING.EXE Win16/Flooder.ICMP.ICMPBomb.A trojan
C:\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_2\WINSOCK3\TRUMPING.EX_ Win16/Flooder.ICMP.ICMPBomb.A trojan
C:\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_4\BC45\BIN\PRODIGY\PMAIL\TRUMPING.EX_ Win16/Flooder.ICMP.ICMPBomb.A trojan
C:\J_DRIVE_20120711\Local Disk\Library PC\Small Drive\MS-DOS_5\CPS\VSAFE.COM probably unknown TSR.COM virus
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HQ0J2OR\hello_shiraztshirts_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HQ0J2OR\hello_shiraztshirts_com[2].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HQ0J2OR\independ_michellesamuelsdesign_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HQ0J2OR\independ_michellesamuelsdesign_com[2].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HQ0J2OR\welcome_shiraztshirts_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HQ0J2OR\welcome_shopsthatgivea_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\175SW0Z4\6nnqmcp5ag[1].htm JS/Exploit.Agent.NHC trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DB8WD1O\index2[1].htm JS/Kryptik.ARD trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EAOV9H0\independ_michellesamuelsdesign_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EAOV9H0\index2[1].htm JS/Kryptik.ARD trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\8pidftzmiy[1].htm JS/Exploit.Agent.NHG trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\ddgfn2s6ad[1].htm JS/Exploit.Agent.NHE trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\hello_shiraztshirts_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\hello_shiraztshirts_com[2].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\hello_shiraztshirts_com[3].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\hello_shiraztshirts_com[4].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\index2[1].htm JS/Kryptik.ARD trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\welcome_shiraztshirts_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z8GVMFP\world_divinetasty_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62FE3HIX\finish_shopsthatgivea_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62FE3HIX\finish_shopsthatgivea_com[2].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ABKPEI4\e56e3x3eik[1].htm JS/Exploit.Agent.NHC trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83KV8YLA\petworldinsider_com[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\finish_shopsthatgivea_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\hello_shiraztshirts_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\welcome_shiraztshirts_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\welcome_shopsthatgivea_com[1].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\welcome_shopsthatgivea_com[2].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\welcome_shopsthatgivea_com[3].htm JS/Kryptik.ARL trojan
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8F3NOMC0\welcome_shopsthatgivea_com[4].htm JS/Kryptik.ARL trojan
C:\Users\Michael\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\E-Drive\Local Disk (G)\Downloads\ONTRACK_RECOVERY_DATA\DIR23.HTM\FIL132.HTM JS/KakWorm.A worm
J:\E-Drive\Local Disk (G)\Downloads\ONTRACK_RECOVERY_DATA\DIR23.HTM\FIL133.HTM JS/KakWorm.A worm
J:\E-Drive\Local Disk (G)\Downloads\ONTRACK_RECOVERY_DATA\DIR23.HTM\FIL252.HTM JS/KakWorm.A worm
J:\E-Drive\Local Disk (G)\Downloads\ONTRACK_RECOVERY_DATA\DIR38.DLL\FIL3533.DLL multiple threats
J:\STANLEY\Backup Set 2013-03-10 190014\Backup Files 2013-04-07 190020\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2013-04-21 190015\Backup Files 2013-04-21 190015\Backup files 24.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2013-05-05 190017\Backup Files 2013-05-05 190017\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2013-06-02 190016\Backup Files 2013-06-02 190016\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2013-09-29 190022\Backup Files 2013-09-29 190022\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2013-11-03 190017\Backup Files 2013-11-03 190017\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2013-12-08 190015\Backup Files 2013-12-08 190015\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-01-05 190020\Backup Files 2014-01-05 190020\Backup files 6.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-01-19 190016\Backup Files 2014-01-19 190016\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-02-23 190011\Backup Files 2014-02-23 190011\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-04-13 190019\Backup Files 2014-04-13 190019\Backup files 45.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-05-18 190019\Backup Files 2014-05-18 190019\Backup files 48.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-06-22 190022\Backup Files 2014-06-22 190022\Backup files 48.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-07-27 190013\Backup Files 2014-07-27 190013\Backup files 52.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\STANLEY\Backup Set 2014-07-27 190013\Backup Files 2014-08-03 190014\Backup files 1.zip a variant of Win32/Kryptik.CIGK trojan
J:\STANLEY\Backup Set 2014-07-27 190013\Backup Files 2014-08-17 190014\Backup files 1.zip Win32/TrojanDownloader.Tracur.AK trojan
J:\STANLEY - C DRIVE 20130105\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_2\OLD_PROD\PMAIL\TRUMPING.EX_ Win16/Flooder.ICMP.ICMPBomb.A trojan
J:\STANLEY - C DRIVE 20130105\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_2\WINSOCK\TRUMPING.EXE Win16/Flooder.ICMP.ICMPBomb.A trojan
J:\STANLEY - C DRIVE 20130105\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_2\WINSOCK3\TRUMPING.EX_ Win16/Flooder.ICMP.ICMPBomb.A trojan
J:\STANLEY - C DRIVE 20130105\J_DRIVE_20120711\Local Disk\Library PC\Big Drive\Vol_4\BC45\BIN\PRODIGY\PMAIL\TRUMPING.EX_ Win16/Flooder.ICMP.ICMPBomb.A trojan
J:\STANLEY - C DRIVE 20130105\J_DRIVE_20120711\Local Disk\Library PC\Small Drive\MS-DOS_5\CPS\VSAFE.COM probably unknown TSR.COM virus
J:\STANLEY - C DRIVE 20140817\Annie's\OffercastInstaller_AVR_U-0250-02-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 20 August 2014 - 02:50 PM

This is looking good. No more active malware has been found. Just sume files that are already quarantined by our tools, some temporary files and some stuff in old backups. You can replace these old backups with a clean one now.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Internet Explorer Version 9
Opera 12.17
Mozilla Firefox 30.0 (x86 en-US)
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#14 337stat

337stat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 AM

Posted 23 August 2014 - 03:35 PM

Many thanks for helping me with this entire situation!  I couldn't have done it without your help!  With the estimate of time being something like five days before being able to get a helping hand, (with good reason!) I also really do appreciate how quickly and well you were able to pull me out of trouble!

 

DelFix was run, and certain tools removed...and a registry backup made.

 

For Opera, there are compatibility issues keeping me from using newer versions...I'm running the newest my system and certain software will handle.

 

Yes, I have to update FireFox...I just haven't opened it in a couple of months, but the upgrade needs doing.  As does Flash Player...though, I think, the virus caught me this time with a window saying it was a Flash Player update, as I was about to go looking to be sure I had the current version.  Timing is everything, sometimes.

 

IE9?  From Windows to MS software, as the OS that brought us generations of viruses to begin with, I'm not eager to be "cutting edge" with their tools.  It's proved too much a time sink over time, and I gave that parade over a decade of my time before coming to that sad conclusion.  That said, I'm using the earlier version of IE only in emergencies...I avoid it for anything from browsing to actual work unless there's a major problem like a virus shutting down Opera & FireFox.  With a machine that's currently older, too, I'm fairly sure my machine won't handle IE9 at this point, and I'm not ready to purchase a newer machine.  Still, even if we're forced to use them, nothing MS makes seems to me to be worth the price of admission...but I still respect where you're coming from in making the recommendation.

 

I read through the linked article on keeping computers safe, and aside from deciding not to upgrade a couple of select pieces of software, I'd say I was pretty much in line with all 16 items.  I'm still pretty amazed something happened here, but that probably means I need to stop and think a little more, because I obviously missed a trick.

 

Again, thanks for all this help, assistance, advice, and all in extremely timely fashion!



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 24 August 2014 - 02:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users