Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

**INFECTED** Win32:Zbot-TTP [Trj]


  • This topic is locked This topic is locked
35 replies to this topic

#1 chrisb10a

chrisb10a

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 21 August 2014 - 08:36 PM

I noticed a number of unexpected taskeng.exe processes running in Windows Task Manager and realized something was up. The aswMBR output is below. The line:

 

21:15:31.345    File: C:\Users\Chris\AppData\Roaming\netObjUsb64\{028147ec-183e-35d6-1abf-723a1abf7dc2}.exe  **INFECTED** Win32:Zbot-TTP [Trj]

 

is very troubling. I have made several unsuccessful attempts to fix the issue. Nothing has worked so I figured it was time to call in the big guns. Any help would be greatly appreciated.

 

 

Thank you,

Chris B.
 

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-08-21 21:12:26
-----------------------------
21:12:26.610    OS Version: Windows x64 6.1.7601 Service Pack 1
21:12:26.610    Number of processors: 4 586 0x2A07
21:12:26.610    ComputerName: HOME-PC  UserName: Chris
21:12:27.109    Initialize success
21:12:43.130    AVAST engine defs: 14082100
21:13:23.019    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
21:13:23.019    Disk 0 Vendor: ST1000DM003-9YN162 CC46 Size: 953869MB BusType: 11
21:13:23.019    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
21:13:23.019    Disk 1 Vendor: M4-CT128M4SSD2 040H Size: 122104MB BusType: 11
21:13:23.175    Disk 1 MBR read successfully
21:13:23.175    Disk 1 MBR scan
21:13:23.191    Disk 1 Windows 7 default MBR code
21:13:23.207    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:13:23.238    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
21:13:23.378    Disk 1 scanning C:\Windows\system32\drivers
21:13:42.738    Service scanning
21:13:47.933    Modules scanning
21:13:47.933    Disk 1 trace - called modules:
21:13:47.933    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:13:47.933    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007d2b060]
21:13:47.933    3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> [0xfffffa8007b019b0]
21:13:47.933    5 ACPI.sys[fffff88000ef47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007afe060]
21:13:48.370    AVAST engine scan C:\Windows
21:13:54.376    AVAST engine scan C:\Windows\system32
21:14:43.828    AVAST engine scan C:\Windows\system32\drivers
21:14:46.448    AVAST engine scan C:\Users\Chris
21:15:31.345    File: C:\Users\Chris\AppData\Roaming\netObjUsb64\{028147ec-183e-35d6-1abf-723a1abf7dc2}.exe  **INFECTED** Win32:Zbot-TTP [Trj]
21:15:55.681    AVAST engine scan C:\ProgramData
21:16:01.048    Scan finished successfully
21:16:20.891    Disk 1 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
21:16:20.907    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 22 August 2014 - 01:39 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 August 2014 - 07:16 PM

Thank you for your help. Here is the FRST.txt log. I have run this program already so it did not generate the Addition.txt log. If there is a way to generate the Addition.txt log please let me know. Thank you again.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
Ran by Chris (administrator) on HOME-PC on 22-08-2014 20:07:37
Running from C:\Users\Chris\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-207386558-4275052178-3415983149-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe [535216 2014-05-14] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6AA84BC19DCACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 191.167.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-01-10]

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Chris\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-13]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-13]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-01-10]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-13]
CHR Extension: (Extension) - C:\Users\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\ebgkhbkkmlkjbfkcciphpagdhbomejee [2013-10-14]
CHR Extension: (Connect To The Internet Diagnostics Hook Page Class) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\oefaflpagbpphlldnmemopmmjokedilm\1.0.8 [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2011-08-05] () [File not signed]
S4 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\C:\Users\Chris\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 20:00 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 20:00 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 20:00 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 20:00 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 20:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 20:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 20:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 20:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 14:12 - 2014-08-22 14:12 - 02101760 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe
2014-08-22 14:10 - 2014-08-22 14:10 - 00012361 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-22 14:10 - 2014-08-22 14:10 - 00009575 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-21 21:16 - 2014-08-21 21:16 - 00002240 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-08-21 21:16 - 2014-08-21 21:16 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-08-21 15:02 - 2014-08-22 20:07 - 00012049 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-08-21 15:01 - 2014-08-21 15:01 - 02101760 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-08-21 14:55 - 2014-08-21 14:55 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\zbotkiller.exe
2014-08-21 14:53 - 2014-08-21 14:53 - 01931088 _____ (Symantec Corporation) C:\Users\Chris\Downloads\FixTDSS.exe
2014-08-21 14:42 - 2014-08-21 14:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:42 - 2014-08-21 14:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 14:42 - 2014-08-21 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 14:42 - 2014-08-21 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 14:42 - 2014-08-21 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 14:42 - 2014-05-12 07:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 14:42 - 2014-05-12 07:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 14:42 - 2014-05-12 07:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 14:41 - 2014-08-21 14:41 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-08-21 14:39 - 2014-08-21 14:40 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Chris\Downloads\rkill.scr
2014-08-21 14:25 - 2014-08-21 14:25 - 01402880 _____ () C:\Users\Chris\Downloads\HiJackThis (1).msi
2014-08-21 14:25 - 2014-08-21 14:25 - 00002975 _____ () C:\Users\Chris\Desktop\HiJackThis.lnk
2014-08-21 14:25 - 2014-08-21 14:25 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-21 14:25 - 2014-08-21 14:25 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-08-20 18:29 - 2014-08-20 18:32 - 00000000 ____D () C:\Users\Chris\Desktop\RK_Quarantine
2014-08-20 18:25 - 2014-08-22 20:07 - 00000000 ____D () C:\FRST
2014-08-20 18:12 - 2014-08-20 18:15 - 00000000 ____D () C:\AdwCleaner
2014-08-18 22:00 - 2014-08-18 22:00 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-18 21:57 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 21:57 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 21:57 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 21:57 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 21:57 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 21:57 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 21:57 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 21:57 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 21:57 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 21:57 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 21:57 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 21:57 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 21:57 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 21:57 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 21:57 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 21:57 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 21:57 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 21:57 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 21:57 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:57 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 21:57 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 21:57 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 21:57 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 21:57 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 21:57 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 21:57 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:57 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 21:57 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 21:57 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 21:57 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 21:57 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 21:57 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 21:57 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 21:57 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 21:57 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 21:57 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 21:57 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 21:57 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 21:57 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 21:57 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 21:57 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 21:57 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 21:57 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 21:57 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 21:57 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 21:57 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 21:57 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 21:57 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 21:57 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 21:57 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 21:57 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 21:57 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 21:57 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 21:57 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 21:57 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 21:57 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 21:57 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-18 21:57 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-18 21:57 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 21:57 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 21:57 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-18 21:57 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-18 21:57 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-18 21:57 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 21:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-18 21:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-18 21:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-18 21:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-18 21:56 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-18 21:56 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-18 21:56 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 21:56 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-18 21:56 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-18 21:56 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-18 21:56 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-18 21:56 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-18 21:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-18 21:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-18 21:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 21:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-18 21:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 21:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 21:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 21:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 21:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 21:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-18 21:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 21:50 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 21:49 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-18 21:49 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-18 21:49 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-18 21:40 - 2014-08-18 21:40 - 00010764 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-18 21:39 - 2014-08-18 21:39 - 00009852 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-17 22:54 - 2014-08-17 22:55 - 05155342 _____ () C:\Users\Chris\Downloads\<xxx private xxx>.wmv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 20:07 - 2014-08-21 15:02 - 00012049 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-08-22 20:07 - 2014-08-20 18:25 - 00000000 ____D () C:\FRST
2014-08-22 20:07 - 2012-08-13 20:56 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207386558-4275052178-3415983149-1000UA.job
2014-08-22 20:00 - 2012-01-03 23:53 - 01120978 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 19:52 - 2014-04-24 14:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 16:51 - 2014-04-24 14:29 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 14:12 - 2014-08-22 14:12 - 02101760 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe
2014-08-22 14:10 - 2014-08-22 14:10 - 00012361 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-22 14:10 - 2014-08-22 14:10 - 00009575 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-21 22:09 - 2012-03-04 16:17 - 00000000 ____D () C:\Users\Chris\Documents\Outlook Files
2014-08-21 22:09 - 2012-01-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-21 22:09 - 2012-01-04 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 21:24 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 21:24 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 21:16 - 2014-08-21 21:16 - 00002240 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-08-21 21:16 - 2014-08-21 21:16 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-08-21 21:06 - 2012-08-13 20:56 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207386558-4275052178-3415983149-1000Core.job
2014-08-21 15:01 - 2014-08-21 15:01 - 02101760 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-08-21 15:00 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 14:55 - 2014-08-21 14:55 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\zbotkiller.exe
2014-08-21 14:54 - 2010-11-20 23:47 - 00292608 _____ () C:\Windows\PFRO.log
2014-08-21 14:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 14:54 - 2009-07-14 00:51 - 00070849 _____ () C:\Windows\setupact.log
2014-08-21 14:53 - 2014-08-21 14:53 - 01931088 _____ (Symantec Corporation) C:\Users\Chris\Downloads\FixTDSS.exe
2014-08-21 14:46 - 2014-08-21 14:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:42 - 2014-08-21 14:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 14:42 - 2014-08-21 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 14:42 - 2014-08-21 14:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 14:42 - 2014-08-21 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 14:41 - 2014-08-21 14:41 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-08-21 14:40 - 2014-08-21 14:39 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Chris\Downloads\rkill.scr
2014-08-21 14:25 - 2014-08-21 14:25 - 01402880 _____ () C:\Users\Chris\Downloads\HiJackThis (1).msi
2014-08-21 14:25 - 2014-08-21 14:25 - 00002975 _____ () C:\Users\Chris\Desktop\HiJackThis.lnk
2014-08-21 14:25 - 2014-08-21 14:25 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-21 14:25 - 2014-08-21 14:25 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-08-20 18:32 - 2014-08-20 18:29 - 00000000 ____D () C:\Users\Chris\Desktop\RK_Quarantine
2014-08-20 18:15 - 2014-08-20 18:12 - 00000000 ____D () C:\AdwCleaner
2014-08-19 16:38 - 2012-12-05 18:26 - 00000000 ____D () C:\temp
2014-08-18 23:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-18 22:04 - 2013-03-13 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-18 22:04 - 2013-03-13 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-18 22:04 - 2009-07-14 00:45 - 00345936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 22:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-18 22:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-18 22:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 22:00 - 2014-08-18 22:00 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-18 22:00 - 2014-02-15 22:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-18 22:00 - 2014-02-15 22:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-18 22:00 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-18 21:58 - 2013-03-13 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-18 21:57 - 2014-05-11 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-18 21:40 - 2014-08-18 21:40 - 00010764 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-18 21:39 - 2014-08-18 21:39 - 00009852 _____ () C:\Users\Chris\Desktop\<xxx private xxx>.xlsx
2014-08-17 22:55 - 2014-08-17 22:54 - 05155342 _____ () C:\Users\Chris\Downloads\<xxx private xxx>.wmv
2014-08-14 03:08 - 2012-08-13 20:56 - 00002385 _____ () C:\Users\Chris\Desktop\Google Chrome.lnk
2014-08-10 22:31 - 2012-05-27 11:09 - 00000000 ____D () C:\Users\Chris\Documents\<xxx private xxx>
2014-08-06 22:06 - 2014-08-18 21:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-18 21:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 23:41 - 2012-01-04 00:11 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-31 19:41 - 2014-08-18 21:57 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-18 21:57 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 22:11 - 2012-01-05 18:22 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\<xxx private xxx>
2014-07-28 20:04 - 2013-06-22 01:10 - 00131584 ___SH () C:\Users\Chris\Downloads\Thumbs.db
2014-07-25 12:55 - 2014-02-15 22:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-02-15 22:08 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-02-15 22:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-02-15 22:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 10:52 - 2014-08-18 21:57 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-18 21:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-18 21:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-18 21:57 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-18 21:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-18 21:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-18 21:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-18 21:57 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-18 21:57 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-18 21:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-18 21:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-18 21:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-18 21:57 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-18 21:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-18 21:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-18 21:57 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-18 21:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-18 21:57 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-18 21:57 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-18 21:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-18 21:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-18 21:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-18 21:57 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-18 21:57 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-18 21:57 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-18 21:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-18 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-18 21:57 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-18 21:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-18 21:57 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-18 21:57 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-18 21:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-18 21:57 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-18 21:57 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-18 21:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-18 21:57 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-18 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-18 21:57 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-18 21:57 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-18 21:57 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-18 21:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-18 21:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-18 21:57 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-18 21:57 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-18 21:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-18 21:57 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-18 21:57 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-18 21:57 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-18 21:57 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-18 21:57 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-18 21:57 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-18 21:57 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-18 21:57 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-18 21:57 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:45

==================== End Of Log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 24 August 2014 - 06:50 AM

Hello,

 

I have run this program already so it did not generate the Addition.txt log. If there is a way to generate the Addition.txt log please let me know. Thank you again.

 

You have been using FRST before and that's why now Addition.txt is not checked anymore. To generate such a log you need to run FRST again but make sure that Addition.txt is checked before you press the Scan button.

 

Also I didn't notice any malware loading points in the log file. Maybe this is just a leftover from a past infection or new version of Zbot.

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 24 August 2014 - 08:38 AM

Done:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2014
Ran by Chris at 2014-08-24 09:33:23 Run:1
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR Extension: (Extension) - C:\Users\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\ebgkhbkkmlkjbfkcciphpagdhbomejee [2013-10-14]
CHR Extension: (Connect To The Internet Diagnostics Hook Page Class) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\oefaflpagbpphlldnmemopmmjokedilm\1.0.8 [2013-10-15]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\C:\Users\Chris\AppData\Local\Temp\aswMBR.sys [X]
Folder: C:\Users\Chris\AppData\Roaming\netObjUsb64
ListPermissions: C:\Users\Chris\AppData\Roaming\netObjUsb64
C:\Users\Chris\AppData\Roaming\netObjUsb64
EmptyTemp:
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\ebgkhbkkmlkjbfkcciphpagdhbomejee => Moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\oefaflpagbpphlldnmemopmmjokedilm\1.0.8 => Moved successfully.
catchme => Service deleted successfully.
aswMBR => Service deleted successfully.

========================= Folder: C:\Users\Chris\AppData\Roaming\netObjUsb64 ========================

2013-10-15 10:51 - 2013-10-15 10:51 - 0058249 _____ () C:\Users\Chris\AppData\Roaming\netObjUsb64\{028147ec-183e-35d6-1abf-723a1abf7dc2}.b
2013-10-15 10:51 - 2013-10-15 10:51 - 0027702 _____ () C:\Users\Chris\AppData\Roaming\netObjUsb64\{028147ec-183e-35d6-1abf-723a1abf7dc2}.dat
2013-10-15 10:51 - 2013-10-15 10:51 - 0089600 _____ () C:\Users\Chris\AppData\Roaming\netObjUsb64\{028147ec-183e-35d6-1abf-723a1abf7dc2}.exe
2013-10-15 10:51 - 2013-10-15 10:51 - 0029696 _____ () C:\Users\Chris\AppData\Roaming\netObjUsb64\netObjUsb64.dll

====== End of Folder: ======

===================================
Permissions for "C:\Users\Chris\AppData\Roaming\netObjUsb64":

Owner: home-PC\Chris

DACL(NP):

NT AUTHORITY\SYSTEM	ALLOW	FULL	(OI-CI-I)
BUILTIN\Administrators	ALLOW	FULL	(OI-CI-I)
home-PC\Chris	ALLOW	FULL	(OI-CI-I)

===================================
C:\Users\Chris\AppData\Roaming\netObjUsb64 => Moved successfully.
EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 25 August 2014 - 02:46 PM

Hi,

 

Good work. Any chagnes to the current situation?

 

Let me take a deeper look into the system:

 

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quote"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    %USERPROFILE%\*.*
    %USERPROFILE%\*.
    %USERPROFILE%\*.exe /s
    %USERPROFILE%\Documents\*.*
    %USERPROFILE%\Documents\*.
    %USERPROFILE%\Downloads\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.*
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Local\temp\*.dll
    %USERPROFILE%\AppData\Local\temp\*.tlb
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %ProgramData%\*.*
    %ProgramData%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %programdata%\temp\*.exe
    %programdata%\temp\*.dll
    %programdata%\temp\*.tlb
    C:\Users\All Users\*.exe /s
    C:\Users\Default\*.exe /s
    C:\Users\Public\*.exe /s
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\*.
    %CommonProgramFiles%\ComObjects\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %Public%\Documents\*.*
    %Public%\Documents\*.
    %systemroot%\System32\config\systemprofile\*.exe /s
    %systemroot%\System32\config\systemprofile\*.*
    %systemroot%\System32\config\systemprofile\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.
    %systemroot%\SysWow64\config\systemprofile\*.exe /s
    %systemroot%\SysWow64\config\systemprofile\*.*
    %systemroot%\SysWow64\config\systemprofile\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.
    %windir%\temp\*.exe /s
    %windir%\temp\*.*
    %windir%\temp\*.
    %windir%\*.
    %windir%\AppPatch\*.exe /s
    %windir%\ShellNew\*.*
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /verifysig
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /verifysig
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} /s
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s
    HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s
    HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
    HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    type C:\WINDOWS\system.ini >> test.txt /c
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    smss.exe
    fastfat.sys
    atapi.sys
    serial.sys
    volsnap.sys
    disk.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    kbdclass.sys
    kbdhid.sys
    mouclass.sys
    mouhid.sys
    spldr.sys
    dfsc.sys
    hlp.dat
    str.sys
    cerxvx.ocx
    crexv.ocx
    msseedir.dll
    msdr.dll
    lmbd.dll
    wsse.dll
    intel.exe
    WService.dll
    /md5stop

  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 26 August 2014 - 09:25 PM

Thank you for your help. I am still seeing unexpected taskeng.exe processes although there are less than before. I was not able to post the log because it was too long. Instead I have attached the logs in multiple posts because they were too large for one post.

 

Thanks again,

Chris


OTL Extras logfile created on: 8/26/2014 9:56:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 68.80% Memory free
15.95 Gb Paging File | 13.50 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 4.27 Gb Free Space | 3.58% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 267.14 Gb Free Space | 28.68% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0403872F-E648-41F7-99E4-368FF6F6AAD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0DC7E0B9-C8FA-4B95-BC6C-ED9DAD000576}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11B6F554-56E2-47EA-9F5B-D9D6945854ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{17CFE6B5-06AB-418B-922A-0CF6EB3B15BE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1BFD9E76-BDB6-459F-A4DC-0C48A2DE22A4}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe | 
"{223C2BCA-B594-4F1E-A094-6F9486DBF524}" = lport=139 | protocol=6 | dir=in | app=system | 
"{27B441E1-5C75-4438-94C9-8407735B3BF5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3001172B-95F5-42F5-A17D-E73124FD8304}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{30C47472-1807-4732-B9F9-C0F79499CBED}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{351ACB2C-CAC1-4AFD-900B-E2A687A2531B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{362D3126-7FDD-436B-8DD2-158BD148C412}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{372A569A-F534-49C8-8648-1F1397C3F191}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | 
"{38B3E8E1-A66C-4EE9-A92D-A0D284CBD124}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{398BC16C-3538-494D-A7B1-80D1E4FA0C12}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{3A650F01-C62A-4544-8F95-EAEBACAE6164}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3B807931-6BC2-42CD-8738-702433DA399A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DF62E76-F76C-4A36-A8B5-A1739EC2C4B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40000511-9AE3-44EC-B6AC-65F5E70CB61A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4046B0FB-9EB2-4C8A-A29F-D8BB7029CABD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{40AC5443-628B-43B9-989E-BFC626FE78C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4D6AD0DB-E1B5-4F9F-A010-9045BD52D308}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5BA13581-E7DA-49A2-8EB8-8B1A1BFD861B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68EFF588-53E0-4459-9C80-8FE91C157DEB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73DEC3C6-D27F-4094-B0FA-17935874A326}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp | 
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system | 
"{74EF92F7-E30E-461B-90F1-57497D1AE98C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7C407EE3-E5D8-46D5-BAA8-893D3442D3E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8516B240-CB50-44C8-8599-5085CCF03900}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{855B4C6B-5298-4CC2-B45B-BFD5DDD34F7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97424D34-87EE-456F-99D2-79B77D345673}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{97CA7614-4FCE-491F-A771-CBDF6A875D89}" = rport=139 | protocol=6 | dir=out | app=system | 
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4AC1BCE-912D-4656-A8DF-A46E9E26541A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A6A7EA33-CC44-4AB5-81EC-F3C49C7BC255}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AABD6724-B3EB-4941-A548-63F9A92ACEDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1106BF1-3B8F-4075-8ED7-67831E8E18BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B5730F2A-C636-4D3E-B4E3-7BDB7F2E24E8}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{B862226E-DD70-45C4-8830-84553B425ABF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC10F90D-9843-4866-BC05-FB0D339B2D3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BCB6365C-7FCD-4A02-9929-6DE669AFC8C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C4B856E7-2E1E-41B1-B81C-FBF4E2681CB0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C74CA609-F685-468C-B5D4-BC32F96900F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7B6537E-211D-4E79-88D5-F881D2C1BB30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D937609F-46F4-41E3-A3FE-75C0CB23CC49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB81C086-750F-488F-B000-712DE1E9C546}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DC70441D-999C-4986-B28F-B8056E4EE8CD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E10A7C50-A799-452E-85D0-ED7E080DB623}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E1CC4313-1F42-4877-BD34-BC0E54B2BA9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E92BF3D5-8A88-4F57-BBEC-B03DE427A36E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{EE3887F2-8EFF-492D-B03F-7D8A350DF263}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF22E72D-64A6-4BD7-84E6-EE834AA4B8E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F1553083-BD28-4473-BFFB-0F7643192D45}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F219B39A-694A-4577-9F1E-460DA110E2AC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCBBC553-1EF0-4FE7-B069-4201F5DA3228}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCE1DB17-963A-4BD1-ADFF-4A686A8FBFE3}" = lport=10244 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0022E49F-984F-4037-9184-050D848CD188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{009D3463-2B2C-4F88-B40B-ACFDC4860722}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe | 
"{10877E8C-2368-44A2-8843-2D205113F05E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1829FA88-6EC3-40E8-AD05-DFC136CA2A33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2347FB33-7535-49C2-81A3-2FD486E5A4A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26FA398B-3A8C-4A1F-81E6-0A335721CB17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{296BB8EB-CC0C-48D9-A1FE-9851F3875F66}" = protocol=6 | dir=out | app=system | 
"{37575B4E-2936-4339-ABEB-8140D9B314D1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3CCBE2C7-C7F2-4154-B6A5-26EB40B7393B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3D475531-4274-4C02-BB5F-BA6BDD5AA618}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41575224-F76F-4739-97A4-5814803BDC45}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{465FF041-CA40-42D7-A647-5FB69CA2AACE}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe | 
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C74D5D7-4A4C-4893-BC71-A46173756576}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\digitalwizards.exe | 
"{4D448DCF-63BF-4185-BD91-E951C7AAC512}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe | 
"{5034035D-AC3A-4664-9313-496FE667C324}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52E8C070-4197-4692-B7E1-8F2F6B9226DE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61CA5BAB-56B7-4718-94A8-B684FC872BDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6441CFAF-2742-437C-BBD0-8603372393F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{7485E4CD-E55C-4FD2-876D-60955E4E89AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{75BBBD95-DD83-4C37-BC2D-4A79A1148553}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{75D9D932-287F-4DB9-868B-D849146647FD}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\sendafax.exe | 
"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe | 
"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe | 
"{7BE1942E-9B8C-4B9C-8F60-A7C23E0B5A90}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicatorcom.exe | 
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{845D9867-00F8-45DE-BEB3-F3B9BB180BFF}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\faxapplications.exe | 
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C3AF023-47BC-4D49-A1BC-DE2ABD97FF87}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{9204B77F-0AD1-4F8F-A5BC-0FA50ADA898F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe | 
"{A73364C4-D690-48FA-A39C-B89784DE6283}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{A7BF773A-2067-474C-AC42-5D37D25E9A47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system | 
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AD693102-CCE5-452E-BDC4-E8C6005BD452}" = protocol=6 | dir=in | app=c:\program files (x86)\edimax\11n usb wireless lan utility\rtwlan.exe | 
"{AF0AF05F-670B-455A-8822-81F5942056E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B15A646B-8763-4B54-A16F-1F336C8E31A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B8504D7B-CA7B-4909-B712-1867C1B648C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{BC7958AA-6042-4CC9-AC69-D00B9FE668B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C22B79BB-8860-4431-9785-EB4A08F8485A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3059197-45EE-4996-9D85-333132E25199}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD8CAE0F-8141-4194-A265-C3187B2946CF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{CFC0CB2A-CC9B-4074-9913-6B3C35F813C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4272B32-F904-4B4F-88A3-773242D28EBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D87F0683-ADD1-440B-82F7-CD28E0992E92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D978F207-0A43-4A2B-9F42-1D8E2E0711F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9C81278-225A-4B7C-842B-B4D29EE38BF4}" = protocol=17 | dir=in | app=c:\program files (x86)\edimax\11n usb wireless lan utility\rtwlan.exe | 
"{E7442A52-7F68-419A-BCEA-061E9D796061}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{E7A32C68-7F2D-4086-87DD-2216BF518C9C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E84DF51C-88C3-4D5E-96C7-77AD0382DE3C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F597FF03-241F-407B-9867-BE1C2A5AFB68}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F86423F9-1496-454D-86A6-01EE4C6B92E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA2C33B8-FED9-4E1E-BF7A-2BB4A9528A14}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"TCP Query User{05DE41D9-BD79-4983-B269-E287DE51B583}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{4513E49E-0B23-4E5F-942A-9E4D7930C7D4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{5200FB19-52AB-4D84-92FE-8209F1D234CC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe | 
"TCP Query User{C5B74599-BD93-449B-9157-003963984C44}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{CFB556C0-D52F-4063-88AC-488FAE6F3AC0}C:\program files\java\jdk1.7.0_40\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_40\bin\javaw.exe | 
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | 
"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{1B0AA33B-5046-484F-A64B-5409D1ABAF96}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe | 
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | 
"UDP Query User{79BE27DF-602B-401E-9C36-C052AE6BE6D5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{86FA83DA-ECB0-479F-BB04-F59CE5B89D39}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{E34BA2A8-3922-460A-A12D-B440CAE714B3}C:\program files\java\jdk1.7.0_40\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_40\bin\javaw.exe | 
"UDP Query User{F490C4A7-2363-4A56-BF2C-81954CEBA308}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170400}" = Java SE Development Kit 7 Update 40 (64-bit)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B407F586-D027-45C3-9109-CC2943E839FA}" = HP Officejet 6600 Basic Device Software
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{179324FF-7B16-4BA8-9836-055CAAEE4F08}" = SDFormatter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 67
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{42267A4D-9BDD-4B06-9FB7-2A7D7D5D6D6F}" = Windows Driver Frameworks Update Packages
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = Edimax Wireless LAN Driver and Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5F756A-F9DA-4FCF-A9B3-86965BAA8805}" = OpenVPN Connect
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = Amped Wireless USB Wireless-N Driver
"{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1" = ePub Reader for Windows version 5.2
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F060FB53-71DA-41B6-A536-EFA88A092B8F}" = Leisure Suit Larry Collection(TM)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F21369D1-DEB9-4724-8747-B56602F14F86}" = Business Plan Pro
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"BeerSmith 2" = BeerSmith 2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dia" = Dia (remove only)
"Google Calendar Sync" = Google Calendar Sync
"HandBrake" = HandBrake 0.9.9.1
"ImgBurn" = ImgBurn
"Magic DVD Ripper_is1" = Magic DVD Ripper V8.0.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PS3 Media Server" = PS3 Media Server
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.0.5 beta
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-207386558-4275052178-3415983149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 6/18/2014 10:51:27 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 7/8/2014 8:25:16 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/18/2014 9:44:51 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/18/2014 9:56:07 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/18/2014 10:05:56 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/20/2014 6:19:37 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/20/2014 6:23:04 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/21/2014 2:48:08 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/21/2014 2:56:00 PM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 8/24/2014 9:36:37 AM | Computer Name = home-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
[ System Events ]
Error - 8/23/2014 3:04:09 PM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/24/2014 2:03:34 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/24/2014 9:34:45 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the Remote Desktop
 Services service which failed to start because of the following error:   %%1058
 
Error - 8/24/2014 9:44:46 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/25/2014 1:31:10 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/25/2014 9:44:45 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/25/2014 9:44:46 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/26/2014 1:31:10 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/26/2014 9:44:45 AM | Computer Name = home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.181.314.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10903.0

	Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 8/26/2014 10:01:11 PM | Computer Name = home-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >

Attached Files

  • Attached File  OTL.Txt   432.21KB   2 downloads


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 30 August 2014 - 07:37 PM

Hi,

 

Somehow I missed your reply. I adjusted my notification settings, so this will not happen again

 

 

STEP 1

 

 

We need to run an OTL Fix

  • Double click on the otlDesktopIcon.png icon on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Don't copy the word "Quote".

    :OTL
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
    SafeBootMin:64bit: 66500862.sys - Driver
    SafeBootMin: 66500862.sys - Driver
    SafeBootNet:64bit: 66500862.sys - Driver
    SafeBootNet: 66500862.sys - Driver
    [2013/10/14 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\{4AE64867-D401-4789-A5CC-70A7986C3B4C}
    [2014/08/24 09:33:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\oefaflpagbpphlldnmemopmmjokedilm
    :files
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg /s
    type C:\TDSSKiller.3.0.0.40_21.08.2014_14.22.12_log.txt >> test.txt /c
    :commands
    [emptytemp]

  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.

 

 

STEP 2

 

 

Also please download SystemLook from the link below and save it to your Desktop.
SystemLook_x64.exe

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *netObjUsb64*
    :folderfind
    *netObjUsb64*
    :regfind
    *netObjUsb64*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 01 September 2014 - 05:11 PM

Hello and thank you for the reply. I am currently on vacation with my family and do not have access to the computer. I can follow the latest steps and post a response this coming Sunday if that is okay.


Thanks,
Chris

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 02 September 2014 - 03:16 AM

Not a problem Chris and thanks for letting me know.

Enjoy your vacation. ;)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 08 September 2014 - 09:26 PM

Thanks! Here is the output:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 66500862.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66500862.sys\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 66500862.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66500862.sys\ deleted successfully.
C:\Users\Chris\AppData\Local\{4AE64867-D401-4789-A5CC-70A7986C3B4C}\{BF6B6310-E66F-4384-9F8A-584F81D9ADDC} folder moved successfully.
C:\Users\Chris\AppData\Local\{4AE64867-D401-4789-A5CC-70A7986C3B4C} folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\oefaflpagbpphlldnmemopmmjokedilm folder moved successfully.
========== FILES ==========
File\Folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg not found.
[color=#A23BEC]< type C:\TDSSKiller.3.0.0.40_21.08.2014_14.22.12_log.txt >> test.txt /c >[/color]
14:22:12.0010 0x0c2c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:22:14.0241 0x0c2c  ============================================================
14:22:14.0241 0x0c2c  Current date / time: 2014/08/21 14:22:14.0241
14:22:14.0241 0x0c2c  SystemInfo:
14:22:14.0241 0x0c2c  
14:22:14.0241 0x0c2c  OS Version: 6.1.7601 ServicePack: 1.0
14:22:14.0241 0x0c2c  Product type: Workstation
14:22:14.0241 0x0c2c  ComputerName: HOME-PC
14:22:14.0241 0x0c2c  UserName: Chris
14:22:14.0241 0x0c2c  Windows directory: C:\Windows
14:22:14.0241 0x0c2c  System windows directory: C:\Windows
14:22:14.0241 0x0c2c  Running under WOW64
14:22:14.0241 0x0c2c  Processor architecture: Intel x64
14:22:14.0241 0x0c2c  Number of processors: 4
14:22:14.0241 0x0c2c  Page size: 0x1000
14:22:14.0241 0x0c2c  Boot type: Normal boot
14:22:14.0241 0x0c2c  ============================================================
14:22:14.0241 0x0c2c  BG loaded
14:22:14.0272 0x0c2c  System UUID: {94900588-CF5F-3DF2-DE6D-A52BA37B6D8C}
14:22:14.0459 0x0c2c  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:22:14.0459 0x0c2c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:22:14.0709 0x0c2c  ============================================================
14:22:14.0709 0x0c2c  \Device\Harddisk1\DR1:
14:22:14.0709 0x0c2c  MBR partitions:
14:22:14.0709 0x0c2c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:22:14.0709 0x0c2c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
14:22:14.0709 0x0c2c  \Device\Harddisk0\DR0:
14:22:14.0709 0x0c2c  MBR partitions:
14:22:14.0709 0x0c2c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:22:14.0709 0x0c2c  ============================================================
14:22:14.0709 0x0c2c  C: <-> \Device\Harddisk1\DR1\Partition2
14:22:14.0725 0x0c2c  E: <-> \Device\Harddisk0\DR0\Partition1
14:22:14.0725 0x0c2c  ============================================================
14:22:14.0725 0x0c2c  Initialize success
14:22:14.0725 0x0c2c  ============================================================
14:22:15.0723 0x0a78  ============================================================
14:22:15.0723 0x0a78  Scan started
14:22:15.0723 0x0a78  Mode: Manual; 
14:22:15.0723 0x0a78  ============================================================
14:22:15.0723 0x0a78  KSN ping started
14:22:15.0754 0x0a78  KSN ping finished: false
14:22:16.0253 0x0a78  ================ Scan system memory ========================
14:22:16.0253 0x0a78  System memory - ok
14:22:16.0253 0x0a78  ================ Scan services =============================
14:22:16.0269 0x0a78  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
14:22:16.0285 0x0a78  1394ohci - ok
14:22:16.0285 0x0a78  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:22:16.0300 0x0a78  ACPI - ok
14:22:16.0300 0x0a78  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:22:16.0300 0x0a78  AcpiPmi - ok
14:22:16.0300 0x0a78  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:22:16.0300 0x0a78  AdobeARMservice - ok
14:22:16.0316 0x0a78  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:22:16.0316 0x0a78  adp94xx - ok
14:22:16.0331 0x0a78  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:22:16.0331 0x0a78  adpahci - ok
14:22:16.0331 0x0a78  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:22:16.0331 0x0a78  adpu320 - ok
14:22:16.0347 0x0a78  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:22:16.0347 0x0a78  AeLookupSvc - ok
14:22:16.0347 0x0a78  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:22:16.0363 0x0a78  AFD - ok
14:22:16.0363 0x0a78  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:22:16.0363 0x0a78  agp440 - ok
14:22:16.0363 0x0a78  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:22:16.0363 0x0a78  ALG - ok
14:22:16.0378 0x0a78  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:22:16.0378 0x0a78  aliide - ok
14:22:16.0378 0x0a78  [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:22:16.0378 0x0a78  AMD External Events Utility - ok
14:22:16.0378 0x0a78  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:22:16.0378 0x0a78  amdide - ok
14:22:16.0394 0x0a78  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:22:16.0394 0x0a78  AmdK8 - ok
14:22:16.0534 0x0a78  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:16.0659 0x0a78  amdkmdag - ok
14:22:16.0659 0x0a78  [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:22:16.0675 0x0a78  amdkmdap - ok
14:22:16.0675 0x0a78  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:22:16.0675 0x0a78  AmdPPM - ok
14:22:16.0675 0x0a78  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:22:16.0675 0x0a78  amdsata - ok
14:22:16.0690 0x0a78  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:22:16.0690 0x0a78  amdsbs - ok
14:22:16.0690 0x0a78  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:22:16.0690 0x0a78  amdxata - ok
14:22:16.0690 0x0a78  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
14:22:16.0690 0x0a78  AppID - ok
14:22:16.0690 0x0a78  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:22:16.0690 0x0a78  AppIDSvc - ok
14:22:16.0706 0x0a78  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:22:16.0706 0x0a78  Appinfo - ok
14:22:16.0706 0x0a78  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:22:16.0706 0x0a78  arc - ok
14:22:16.0706 0x0a78  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:22:16.0706 0x0a78  arcsas - ok
14:22:16.0721 0x0a78  [ 0D721BEDC99072972A1C09C9FE549B07, 1FAECF6BE04A8AA9B31AD155CECAE097E3FBF3AD90D3895CC8AAA12410966CF0 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:22:16.0721 0x0a78  asmthub3 - ok
14:22:16.0721 0x0a78  [ C401B8F26490DC3E5E47D3A91F87CD00, 6B0EF7097C0644CD0D7BD254729E3C43027F8A02FE6A368382E44077AE5D2085 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:22:16.0737 0x0a78  asmtxhci - ok
14:22:16.0737 0x0a78  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:22:16.0737 0x0a78  aspnet_state - ok
14:22:16.0737 0x0a78  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:16.0737 0x0a78  AsyncMac - ok
14:22:16.0753 0x0a78  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:22:16.0753 0x0a78  atapi - ok
14:22:16.0768 0x0a78  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:22:16.0768 0x0a78  AudioEndpointBuilder - ok
14:22:16.0784 0x0a78  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:22:16.0799 0x0a78  AudioSrv - ok
14:22:16.0799 0x0a78  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:22:16.0799 0x0a78  AxInstSV - ok
14:22:16.0815 0x0a78  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:22:16.0815 0x0a78  b06bdrv - ok
14:22:16.0831 0x0a78  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:16.0831 0x0a78  b57nd60a - ok
14:22:16.0831 0x0a78  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:22:16.0846 0x0a78  BDESVC - ok
14:22:16.0846 0x0a78  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:22:16.0846 0x0a78  Beep - ok
14:22:16.0862 0x0a78  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:22:16.0862 0x0a78  BFE - ok
14:22:16.0877 0x0a78  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:22:16.0893 0x0a78  BITS - ok
14:22:16.0909 0x0a78  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:16.0909 0x0a78  blbdrive - ok
14:22:16.0909 0x0a78  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:22:16.0909 0x0a78  bowser - ok
14:22:16.0909 0x0a78  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:22:16.0909 0x0a78  BrFiltLo - ok
14:22:16.0909 0x0a78  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:22:16.0909 0x0a78  BrFiltUp - ok
14:22:16.0909 0x0a78  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:22:16.0924 0x0a78  BridgeMP - ok
14:22:16.0924 0x0a78  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:22:16.0924 0x0a78  Browser - ok
14:22:16.0924 0x0a78  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:22:16.0940 0x0a78  Brserid - ok
14:22:16.0940 0x0a78  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:16.0940 0x0a78  BrSerWdm - ok
14:22:16.0940 0x0a78  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:16.0940 0x0a78  BrUsbMdm - ok
14:22:16.0940 0x0a78  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:16.0940 0x0a78  BrUsbSer - ok
14:22:16.0940 0x0a78  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:22:16.0940 0x0a78  BthEnum - ok
14:22:16.0955 0x0a78  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:22:16.0955 0x0a78  BTHMODEM - ok
14:22:16.0955 0x0a78  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:22:16.0955 0x0a78  BthPan - ok
14:22:16.0971 0x0a78  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:22:16.0971 0x0a78  BTHPORT - ok
14:22:16.0971 0x0a78  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:22:16.0987 0x0a78  bthserv - ok
14:22:16.0987 0x0a78  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:22:16.0987 0x0a78  BTHUSB - ok
14:22:16.0987 0x0a78  catchme - ok
14:22:16.0987 0x0a78  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:22:17.0002 0x0a78  cdfs - ok
14:22:17.0002 0x0a78  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:22:17.0002 0x0a78  cdrom - ok
14:22:17.0002 0x0a78  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:22:17.0002 0x0a78  CertPropSvc - ok
14:22:17.0002 0x0a78  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:22:17.0018 0x0a78  circlass - ok
14:22:17.0018 0x0a78  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:22:17.0018 0x0a78  CLFS - ok
14:22:17.0033 0x0a78  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:17.0033 0x0a78  clr_optimization_v2.0.50727_32 - ok
14:22:17.0033 0x0a78  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:17.0033 0x0a78  clr_optimization_v2.0.50727_64 - ok
14:22:17.0049 0x0a78  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:17.0049 0x0a78  clr_optimization_v4.0.30319_32 - ok
14:22:17.0049 0x0a78  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:17.0049 0x0a78  clr_optimization_v4.0.30319_64 - ok
14:22:17.0049 0x0a78  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:22:17.0049 0x0a78  CmBatt - ok
14:22:17.0049 0x0a78  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:22:17.0049 0x0a78  cmdide - ok
14:22:17.0065 0x0a78  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:22:17.0065 0x0a78  CNG - ok
14:22:17.0080 0x0a78  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:22:17.0080 0x0a78  Compbatt - ok
14:22:17.0080 0x0a78  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:22:17.0080 0x0a78  CompositeBus - ok
14:22:17.0080 0x0a78  COMSysApp - ok
14:22:17.0080 0x0a78  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:22:17.0080 0x0a78  crcdisk - ok
14:22:17.0096 0x0a78  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:22:17.0096 0x0a78  CryptSvc - ok
14:22:17.0096 0x0a78  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:22:17.0111 0x0a78  DcomLaunch - ok
14:22:17.0111 0x0a78  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:22:17.0127 0x0a78  defragsvc - ok
14:22:17.0127 0x0a78  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:22:17.0127 0x0a78  DfsC - ok
14:22:17.0127 0x0a78  [ E428DFFA96FAD07D8CA3C9082563A225, F3D2E94A9FF2CF68CC99A8B42B8DEA5E57D46000D1845DC0908224493480C79F ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:22:17.0127 0x0a78  dg_ssudbus - ok
14:22:17.0143 0x0a78  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:22:17.0143 0x0a78  Dhcp - ok
14:22:17.0158 0x0a78  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:22:17.0158 0x0a78  discache - ok
14:22:17.0158 0x0a78  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:22:17.0158 0x0a78  Disk - ok
14:22:17.0158 0x0a78  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:22:17.0158 0x0a78  Dnscache - ok
14:22:17.0174 0x0a78  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:22:17.0174 0x0a78  dot3svc - ok
14:22:17.0174 0x0a78  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:22:17.0189 0x0a78  DPS - ok
14:22:17.0189 0x0a78  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:22:17.0189 0x0a78  drmkaud - ok
14:22:17.0205 0x0a78  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:22:17.0221 0x0a78  DXGKrnl - ok
14:22:17.0221 0x0a78  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:22:17.0221 0x0a78  EapHost - ok
14:22:17.0283 0x0a78  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:22:17.0330 0x0a78  ebdrv - ok
14:22:17.0330 0x0a78  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:22:17.0330 0x0a78  EFS - ok
14:22:17.0346 0x0a78  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:22:17.0346 0x0a78  ehRecvr - ok
14:22:17.0361 0x0a78  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:22:17.0361 0x0a78  ehSched - ok
14:22:17.0361 0x0a78  [ A05FC7ECA0966EBB70E4D17B855A853B, 16A0C8138A3BBD8BE2658261131F9777940CFB1431018A10710E5C1A88AB70EA ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
14:22:17.0361 0x0a78  ElbyCDIO - ok
14:22:17.0377 0x0a78  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:22:17.0377 0x0a78  elxstor - ok
14:22:17.0377 0x0a78  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:22:17.0377 0x0a78  ErrDev - ok
14:22:17.0392 0x0a78  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:22:17.0392 0x0a78  EventSystem - ok
14:22:17.0408 0x0a78  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:22:17.0408 0x0a78  exfat - ok
14:22:17.0408 0x0a78  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:22:17.0408 0x0a78  fastfat - ok
14:22:17.0424 0x0a78  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:22:17.0439 0x0a78  Fax - ok
14:22:17.0439 0x0a78  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:22:17.0439 0x0a78  fdc - ok
14:22:17.0439 0x0a78  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:22:17.0439 0x0a78  fdPHost - ok
14:22:17.0439 0x0a78  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:22:17.0439 0x0a78  FDResPub - ok
14:22:17.0455 0x0a78  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:22:17.0455 0x0a78  FileInfo - ok
14:22:17.0455 0x0a78  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:22:17.0455 0x0a78  Filetrace - ok
14:22:17.0455 0x0a78  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:22:17.0455 0x0a78  flpydisk - ok
14:22:17.0470 0x0a78  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:22:17.0470 0x0a78  FltMgr - ok
14:22:17.0486 0x0a78  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:22:17.0502 0x0a78  FontCache - ok
14:22:17.0517 0x0a78  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:17.0517 0x0a78  FontCache3.0.0.0 - ok
14:22:17.0517 0x0a78  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:22:17.0517 0x0a78  FsDepends - ok
14:22:17.0517 0x0a78  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:22:17.0517 0x0a78  Fs_Rec - ok
14:22:17.0517 0x0a78  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:22:17.0533 0x0a78  fvevol - ok
14:22:17.0533 0x0a78  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:22:17.0533 0x0a78  gagp30kx - ok
14:22:17.0548 0x0a78  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:22:17.0564 0x0a78  gpsvc - ok
14:22:17.0564 0x0a78  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:22:17.0564 0x0a78  gupdate - ok
14:22:17.0580 0x0a78  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:22:17.0580 0x0a78  gupdatem - ok
14:22:17.0580 0x0a78  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:22:17.0580 0x0a78  gusvc - ok
14:22:17.0580 0x0a78  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:22:17.0580 0x0a78  hcw85cir - ok
14:22:17.0595 0x0a78  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:22:17.0595 0x0a78  HdAudAddService - ok
14:22:17.0595 0x0a78  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:22:17.0611 0x0a78  HDAudBus - ok
14:22:17.0611 0x0a78  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:22:17.0611 0x0a78  HidBatt - ok
14:22:17.0611 0x0a78  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:22:17.0611 0x0a78  HidBth - ok
14:22:17.0611 0x0a78  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:22:17.0611 0x0a78  HidIr - ok
14:22:17.0611 0x0a78  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
14:22:17.0626 0x0a78  hidserv - ok
14:22:17.0626 0x0a78  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:22:17.0626 0x0a78  HidUsb - ok
14:22:17.0626 0x0a78  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:22:17.0626 0x0a78  hkmsvc - ok
14:22:17.0642 0x0a78  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:22:17.0642 0x0a78  HomeGroupListener - ok
14:22:17.0642 0x0a78  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:22:17.0642 0x0a78  HomeGroupProvider - ok
14:22:17.0658 0x0a78  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:22:17.0658 0x0a78  HpSAMD - ok
14:22:17.0673 0x0a78  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:22:17.0673 0x0a78  HTTP - ok
14:22:17.0673 0x0a78  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:22:17.0673 0x0a78  hwpolicy - ok
14:22:17.0689 0x0a78  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:22:17.0689 0x0a78  i8042prt - ok
14:22:17.0689 0x0a78  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:22:17.0704 0x0a78  iaStorV - ok
14:22:17.0720 0x0a78  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:17.0736 0x0a78  idsvc - ok
14:22:17.0736 0x0a78  IEEtwCollectorService - ok
14:22:17.0736 0x0a78  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:22:17.0736 0x0a78  iirsp - ok
14:22:17.0751 0x0a78  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:22:17.0767 0x0a78  IKEEXT - ok
14:22:17.0767 0x0a78  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:22:17.0767 0x0a78  intelide - ok
14:22:17.0767 0x0a78  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:22:17.0767 0x0a78  intelppm - ok
14:22:17.0782 0x0a78  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:22:17.0782 0x0a78  IPBusEnum - ok
14:22:17.0782 0x0a78  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:17.0782 0x0a78  IpFilterDriver - ok
14:22:17.0798 0x0a78  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:22:17.0814 0x0a78  iphlpsvc - ok
14:22:17.0814 0x0a78  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:22:17.0814 0x0a78  IPMIDRV - ok
14:22:17.0829 0x0a78  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:22:17.0829 0x0a78  IPNAT - ok
14:22:17.0829 0x0a78  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:22:17.0829 0x0a78  IRENUM - ok
14:22:17.0829 0x0a78  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:22:17.0829 0x0a78  isapnp - ok
14:22:17.0845 0x0a78  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:22:17.0845 0x0a78  iScsiPrt - ok
14:22:17.0845 0x0a78  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:17.0845 0x0a78  kbdclass - ok
14:22:17.0845 0x0a78  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:22:17.0845 0x0a78  kbdhid - ok
14:22:17.0845 0x0a78  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:22:17.0845 0x0a78  KeyIso - ok
14:22:17.0860 0x0a78  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:22:17.0860 0x0a78  KSecDD - ok
14:22:17.0860 0x0a78  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:22:17.0860 0x0a78  KSecPkg - ok
14:22:17.0860 0x0a78  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:22:17.0860 0x0a78  ksthunk - ok
14:22:17.0876 0x0a78  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:22:17.0876 0x0a78  KtmRm - ok
14:22:17.0892 0x0a78  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:22:17.0892 0x0a78  LanmanServer - ok
14:22:17.0892 0x0a78  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:22:17.0907 0x0a78  LanmanWorkstation - ok
14:22:17.0907 0x0a78  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:22:17.0907 0x0a78  lltdio - ok
14:22:17.0907 0x0a78  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:22:17.0923 0x0a78  lltdsvc - ok
14:22:17.0923 0x0a78  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:22:17.0923 0x0a78  lmhosts - ok
14:22:17.0923 0x0a78  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:22:17.0923 0x0a78  LSI_FC - ok
14:22:17.0938 0x0a78  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:22:17.0938 0x0a78  LSI_SAS - ok
14:22:17.0938 0x0a78  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:22:17.0938 0x0a78  LSI_SAS2 - ok
14:22:17.0938 0x0a78  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:22:17.0938 0x0a78  LSI_SCSI - ok
14:22:17.0954 0x0a78  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:22:17.0954 0x0a78  luafv - ok
14:22:17.0954 0x0a78  [ A832517901EEF41C206D70FCEC89B275, 33D42BFDD88F4BD8B1639CC5105E814FF7167750566F5057555FFED6D5DD7754 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:22:17.0954 0x0a78  LVRS64 - ok
14:22:18.0048 0x0a78  [ 644E919936A8017B5F205E7FE7EDD19F, AE0BE09DF7192B2E8504DA8D65928C59C62635E0C8D08C6A4EB2A15D512E3E52 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
14:22:18.0110 0x0a78  LVUVC64 - ok
14:22:18.0110 0x0a78  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:22:18.0110 0x0a78  Mcx2Svc - ok
14:22:18.0110 0x0a78  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:22:18.0110 0x0a78  megasas - ok
14:22:18.0126 0x0a78  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:22:18.0126 0x0a78  MegaSR - ok
14:22:18.0126 0x0a78  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:22:18.0126 0x0a78  MEIx64 - ok
14:22:18.0141 0x0a78  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:22:18.0141 0x0a78  MMCSS - ok
14:22:18.0141 0x0a78  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:22:18.0141 0x0a78  Modem - ok
14:22:18.0141 0x0a78  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:22:18.0141 0x0a78  monitor - ok
14:22:18.0141 0x0a78  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:22:18.0141 0x0a78  mouclass - ok
14:22:18.0141 0x0a78  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:22:18.0141 0x0a78  mouhid - ok
14:22:18.0157 0x0a78  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:22:18.0157 0x0a78  mountmgr - ok
14:22:18.0157 0x0a78  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:22:18.0157 0x0a78  MpFilter - ok
14:22:18.0172 0x0a78  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:22:18.0172 0x0a78  mpio - ok
14:22:18.0172 0x0a78  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:22:18.0172 0x0a78  mpsdrv - ok
14:22:18.0188 0x0a78  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:22:18.0204 0x0a78  MpsSvc - ok
14:22:18.0219 0x0a78  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:22:18.0219 0x0a78  MRxDAV - ok
14:22:18.0219 0x0a78  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:18.0219 0x0a78  mrxsmb - ok
14:22:18.0235 0x0a78  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:18.0235 0x0a78  mrxsmb10 - ok
14:22:18.0235 0x0a78  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:18.0235 0x0a78  mrxsmb20 - ok
14:22:18.0235 0x0a78  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:22:18.0235 0x0a78  msahci - ok
14:22:18.0250 0x0a78  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:22:18.0250 0x0a78  msdsm - ok
14:22:18.0250 0x0a78  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:22:18.0250 0x0a78  MSDTC - ok
14:22:18.0266 0x0a78  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:22:18.0266 0x0a78  Msfs - ok
14:22:18.0266 0x0a78  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:22:18.0266 0x0a78  mshidkmdf - ok
14:22:18.0266 0x0a78  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:22:18.0266 0x0a78  msisadrv - ok
14:22:18.0266 0x0a78  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:22:18.0266 0x0a78  MSiSCSI - ok
14:22:18.0282 0x0a78  msiserver - ok
14:22:18.0282 0x0a78  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:22:18.0282 0x0a78  MSKSSRV - ok
14:22:18.0282 0x0a78  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:22:18.0282 0x0a78  MsMpSvc - ok
14:22:18.0282 0x0a78  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:18.0282 0x0a78  MSPCLOCK - ok
14:22:18.0282 0x0a78  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:22:18.0282 0x0a78  MSPQM - ok
14:22:18.0297 0x0a78  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:22:18.0297 0x0a78  MsRPC - ok
14:22:18.0297 0x0a78  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:22:18.0297 0x0a78  mssmbios - ok
14:22:18.0313 0x0a78  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:22:18.0313 0x0a78  MSTEE - ok
14:22:18.0313 0x0a78  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:22:18.0313 0x0a78  MTConfig - ok
14:22:18.0313 0x0a78  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:22:18.0313 0x0a78  Mup - ok
14:22:18.0328 0x0a78  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:22:18.0328 0x0a78  napagent - ok
14:22:18.0344 0x0a78  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:22:18.0344 0x0a78  NativeWifiP - ok
14:22:18.0360 0x0a78  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:22:18.0375 0x0a78  NDIS - ok
14:22:18.0375 0x0a78  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:18.0375 0x0a78  NdisCap - ok
14:22:18.0375 0x0a78  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:18.0375 0x0a78  NdisTapi - ok
14:22:18.0391 0x0a78  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:18.0391 0x0a78  Ndisuio - ok
14:22:18.0391 0x0a78  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:18.0391 0x0a78  NdisWan - ok
14:22:18.0391 0x0a78  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:22:18.0391 0x0a78  NDProxy - ok
14:22:18.0406 0x0a78  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:22:18.0406 0x0a78  NetBIOS - ok
14:22:18.0406 0x0a78  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:22:18.0406 0x0a78  NetBT - ok
14:22:18.0406 0x0a78  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:22:18.0406 0x0a78  Netlogon - ok
14:22:18.0422 0x0a78  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:22:18.0422 0x0a78  Netman - ok
14:22:18.0438 0x0a78  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:18.0438 0x0a78  NetMsmqActivator - ok
14:22:18.0438 0x0a78  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:18.0438 0x0a78  NetPipeActivator - ok
14:22:18.0453 0x0a78  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:22:18.0469 0x0a78  netprofm - ok
14:22:18.0469 0x0a78  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:18.0469 0x0a78  NetTcpActivator - ok
14:22:18.0469 0x0a78  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:18.0469 0x0a78  NetTcpPortSharing - ok
14:22:18.0484 0x0a78  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:22:18.0484 0x0a78  nfrd960 - ok
14:22:18.0484 0x0a78  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:22:18.0484 0x0a78  NisDrv - ok
14:22:18.0500 0x0a78  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:22:18.0500 0x0a78  NisSrv - ok
14:22:18.0500 0x0a78  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:22:18.0516 0x0a78  NlaSvc - ok
14:22:18.0516 0x0a78  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:22:18.0516 0x0a78  Npfs - ok
14:22:18.0516 0x0a78  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:22:18.0516 0x0a78  nsi - ok
14:22:18.0516 0x0a78  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:22:18.0516 0x0a78  nsiproxy - ok
14:22:18.0547 0x0a78  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:22:18.0578 0x0a78  Ntfs - ok
14:22:18.0578 0x0a78  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:22:18.0578 0x0a78  Null - ok
14:22:18.0578 0x0a78  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:22:18.0578 0x0a78  nvraid - ok
14:22:18.0594 0x0a78  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:22:18.0594 0x0a78  nvstor - ok
14:22:18.0594 0x0a78  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:22:18.0594 0x0a78  nv_agp - ok
14:22:18.0594 0x0a78  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:22:18.0609 0x0a78  ohci1394 - ok
14:22:18.0609 0x0a78  [ 6FF6EF1CC25E558CF0335928B658D11E, F056AD4168198A07978EE68C10B30F3E067CDD9DC06011EF330A6F36AB9964D4 ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
14:22:18.0609 0x0a78  OpenVPNAccessClient - ok
14:22:18.0609 0x0a78  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:22:18.0609 0x0a78  ose - ok
14:22:18.0687 0x0a78  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:22:18.0750 0x0a78  osppsvc - ok
14:22:18.0765 0x0a78  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:22:18.0781 0x0a78  p2pimsvc - ok
14:22:18.0781 0x0a78  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:22:18.0796 0x0a78  p2psvc - ok
14:22:18.0796 0x0a78  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:22:18.0796 0x0a78  Parport - ok
14:22:18.0796 0x0a78  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:22:18.0796 0x0a78  partmgr - ok
14:22:18.0812 0x0a78  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:22:18.0812 0x0a78  PcaSvc - ok
14:22:18.0812 0x0a78  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:22:18.0828 0x0a78  pci - ok
14:22:18.0828 0x0a78  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:22:18.0828 0x0a78  pciide - ok
14:22:18.0828 0x0a78  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:22:18.0828 0x0a78  pcmcia - ok
14:22:18.0843 0x0a78  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:22:18.0843 0x0a78  pcw - ok
14:22:18.0843 0x0a78  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:22:18.0859 0x0a78  PEAUTH - ok
14:22:18.0874 0x0a78  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:22:18.0874 0x0a78  PerfHost - ok
14:22:18.0906 0x0a78  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:22:18.0921 0x0a78  pla - ok
14:22:18.0937 0x0a78  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:22:18.0937 0x0a78  PlugPlay - ok
14:22:18.0937 0x0a78  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:22:18.0952 0x0a78  PNRPAutoReg - ok
14:22:18.0952 0x0a78  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:22:18.0952 0x0a78  PNRPsvc - ok
14:22:18.0968 0x0a78  [ 4F0878FD62D5F7444C5F1C4C66D9D293, B381217D6202C06EE992EBDE061FA20376FF71F698022D0A80168CCD1059453C ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:22:18.0968 0x0a78  Point64 - ok
14:22:18.0968 0x0a78  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:22:18.0984 0x0a78  PolicyAgent - ok
14:22:18.0984 0x0a78  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:22:18.0984 0x0a78  Power - ok
14:22:18.0999 0x0a78  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:22:18.0999 0x0a78  PptpMiniport - ok
14:22:18.0999 0x0a78  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:22:18.0999 0x0a78  Processor - ok
14:22:18.0999 0x0a78  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:22:19.0015 0x0a78  ProfSvc - ok
14:22:19.0015 0x0a78  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:22:19.0015 0x0a78  ProtectedStorage - ok
14:22:19.0015 0x0a78  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:22:19.0015 0x0a78  Psched - ok
14:22:19.0046 0x0a78  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:22:19.0077 0x0a78  ql2300 - ok
14:22:19.0077 0x0a78  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:22:19.0077 0x0a78  ql40xx - ok
14:22:19.0077 0x0a78  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:22:19.0093 0x0a78  QWAVE - ok
14:22:19.0093 0x0a78  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:22:19.0093 0x0a78  QWAVEdrv - ok
14:22:19.0093 0x0a78  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:22:19.0093 0x0a78  RasAcd - ok
14:22:19.0093 0x0a78  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:19.0093 0x0a78  RasAgileVpn - ok
14:22:19.0108 0x0a78  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:22:19.0108 0x0a78  RasAuto - ok
14:22:19.0108 0x0a78  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:19.0108 0x0a78  Rasl2tp - ok
14:22:19.0124 0x0a78  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:22:19.0124 0x0a78  RasMan - ok
14:22:19.0124 0x0a78  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:19.0124 0x0a78  RasPppoe - ok
14:22:19.0124 0x0a78  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:22:19.0140 0x0a78  RasSstp - ok
14:22:19.0140 0x0a78  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:22:19.0140 0x0a78  rdbss - ok
14:22:19.0140 0x0a78  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:22:19.0140 0x0a78  rdpbus - ok
14:22:19.0155 0x0a78  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:19.0155 0x0a78  RDPCDD - ok
14:22:19.0155 0x0a78  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:22:19.0155 0x0a78  RDPENCDD - ok
14:22:19.0155 0x0a78  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:22:19.0155 0x0a78  RDPREFMP - ok
14:22:19.0155 0x0a78  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:22:19.0155 0x0a78  RdpVideoMiniport - ok
14:22:19.0171 0x0a78  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:22:19.0171 0x0a78  RDPWD - ok
14:22:19.0171 0x0a78  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:22:19.0171 0x0a78  rdyboost - ok
14:22:19.0186 0x0a78  [ EA569D48B2E755AF6D96F03F3335D98A, EED2DCDF187A69F36A38129C8A1E0D6FE0EBF9232DEAF68A116E9A26E40AB636 ] Realtek11nCU    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
14:22:19.0186 0x0a78  Realtek11nCU - ok
14:22:19.0186 0x0a78  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:22:19.0186 0x0a78  RemoteAccess - ok
14:22:19.0186 0x0a78  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:22:19.0202 0x0a78  RemoteRegistry - ok
14:22:19.0202 0x0a78  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:22:19.0202 0x0a78  RFCOMM - ok
14:22:19.0202 0x0a78  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:22:19.0202 0x0a78  RpcEptMapper - ok
14:22:19.0202 0x0a78  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:22:19.0202 0x0a78  RpcLocator - ok
14:22:19.0218 0x0a78  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:22:19.0233 0x0a78  RpcSs - ok
14:22:19.0233 0x0a78  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:22:19.0233 0x0a78  rspndr - ok
14:22:19.0249 0x0a78  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:22:19.0249 0x0a78  RTL8167 - ok
14:22:19.0264 0x0a78  [ A4F7F9BB5576BF1D3A57F785C5DBEDB7, 5CE149DB0E418EBE63414E6353C26428B6853C4E5624DBE70057492BE075707C ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
14:22:19.0280 0x0a78  RTL8192cu - ok
14:22:19.0296 0x0a78  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
14:22:19.0296 0x0a78  RTL8192su - ok
14:22:19.0296 0x0a78  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:22:19.0296 0x0a78  SamSs - ok
14:22:19.0311 0x0a78  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:22:19.0311 0x0a78  sbp2port - ok
14:22:19.0311 0x0a78  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:22:19.0311 0x0a78  SCardSvr - ok
14:22:19.0311 0x0a78  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:22:19.0327 0x0a78  scfilter - ok
14:22:19.0342 0x0a78  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:22:19.0358 0x0a78  Schedule - ok
14:22:19.0358 0x0a78  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:22:19.0358 0x0a78  SCPolicySvc - ok
14:22:19.0374 0x0a78  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:22:19.0374 0x0a78  SDRSVC - ok
14:22:19.0374 0x0a78  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:22:19.0374 0x0a78  secdrv - ok
14:22:19.0374 0x0a78  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:22:19.0374 0x0a78  seclogon - ok
14:22:19.0374 0x0a78  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
14:22:19.0389 0x0a78  SENS - ok
14:22:19.0389 0x0a78  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:22:19.0389 0x0a78  SensrSvc - ok
14:22:19.0389 0x0a78  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:22:19.0389 0x0a78  Serenum - ok
14:22:19.0389 0x0a78  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:22:19.0389 0x0a78  Serial - ok
14:22:19.0389 0x0a78  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:22:19.0405 0x0a78  sermouse - ok
14:22:19.0405 0x0a78  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:22:19.0405 0x0a78  SessionEnv - ok
14:22:19.0405 0x0a78  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:22:19.0405 0x0a78  sffdisk - ok
14:22:19.0405 0x0a78  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:22:19.0405 0x0a78  sffp_mmc - ok
14:22:19.0420 0x0a78  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:22:19.0420 0x0a78  sffp_sd - ok
14:22:19.0420 0x0a78  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:22:19.0420 0x0a78  sfloppy - ok
14:22:19.0420 0x0a78  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:22:19.0436 0x0a78  SharedAccess - ok
14:22:19.0436 0x0a78  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:22:19.0452 0x0a78  ShellHWDetection - ok
14:22:19.0452 0x0a78  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:22:19.0452 0x0a78  SiSRaid2 - ok
14:22:19.0452 0x0a78  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:22:19.0452 0x0a78  SiSRaid4 - ok
14:22:19.0467 0x0a78  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:22:19.0467 0x0a78  SkypeUpdate - ok
14:22:19.0467 0x0a78  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:22:19.0467 0x0a78  Smb - ok
14:22:19.0467 0x0a78  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:22:19.0467 0x0a78  SNMPTRAP - ok
14:22:19.0483 0x0a78  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:22:19.0483 0x0a78  spldr - ok
14:22:19.0483 0x0a78  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:22:19.0498 0x0a78  Spooler - ok
14:22:19.0545 0x0a78  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:22:19.0592 0x0a78  sppsvc - ok
14:22:19.0608 0x0a78  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:22:19.0608 0x0a78  sppuinotify - ok
14:22:19.0608 0x0a78  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:22:19.0623 0x0a78  srv - ok
14:22:19.0623 0x0a78  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:22:19.0639 0x0a78  srv2 - ok
14:22:19.0639 0x0a78  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:22:19.0639 0x0a78  srvnet - ok
14:22:19.0654 0x0a78  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:22:19.0654 0x0a78  SSDPSRV - ok
14:22:19.0654 0x0a78  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:22:19.0654 0x0a78  SstpSvc - ok
14:22:19.0670 0x0a78  [ AAF6F247F1DC370C593B4430974EAD9C, 232D0D62EC83A5537ADB28B5DC01074BA812FE6C70C54F70CD7A5EF1BC19D3E1 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
14:22:19.0670 0x0a78  ssudmdm - ok
14:22:19.0670 0x0a78  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:22:19.0670 0x0a78  stexstor - ok
14:22:19.0670 0x0a78  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
14:22:19.0670 0x0a78  StillCam - ok
14:22:19.0686 0x0a78  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:22:19.0701 0x0a78  stisvc - ok
14:22:19.0701 0x0a78  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:22:19.0701 0x0a78  swenum - ok
14:22:19.0701 0x0a78  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:22:19.0717 0x0a78  swprv - ok
14:22:19.0748 0x0a78  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:22:19.0779 0x0a78  SysMain - ok
14:22:19.0779 0x0a78  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:22:19.0779 0x0a78  TabletInputService - ok
14:22:19.0795 0x0a78  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:22:19.0795 0x0a78  TapiSrv - ok
14:22:19.0795 0x0a78  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
14:22:19.0795 0x0a78  tapoas - ok
14:22:19.0795 0x0a78  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:22:19.0810 0x0a78  TBS - ok
14:22:19.0842 0x0a78  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:22:19.0857 0x0a78  Tcpip - ok
14:22:19.0888 0x0a78  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:22:19.0920 0x0a78  TCPIP6 - ok
14:22:19.0920 0x0a78  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:22:19.0920 0x0a78  tcpipreg - ok
14:22:19.0935 0x0a78  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:22:19.0935 0x0a78  TDPIPE - ok
14:22:19.0935 0x0a78  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:22:19.0935 0x0a78  TDTCP - ok
14:22:19.0935 0x0a78  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:22:19.0935 0x0a78  tdx - ok
14:22:19.0951 0x0a78  [ BB676D2C7AD5E7131D12417E4691F9B9, C6DE7D8C08C2F059C696E9D63FC55692C8CB37FECF92F5A863D7D2C5AF3B425F ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
14:22:19.0951 0x0a78  Te.Service - ok
14:22:19.0951 0x0a78  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:22:19.0951 0x0a78  TermDD - ok
14:22:19.0966 0x0a78  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
14:22:19.0982 0x0a78  TermService - ok
14:22:19.0982 0x0a78  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:22:19.0982 0x0a78  Themes - ok
14:22:19.0982 0x0a78  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:22:19.0982 0x0a78  THREADORDER - ok
14:22:19.0982 0x0a78  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:22:19.0998 0x0a78  TrkWks - ok
14:22:19.0998 0x0a78  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:22:19.0998 0x0a78  TrustedInstaller - ok
14:22:19.0998 0x0a78  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:19.0998 0x0a78  tssecsrv - ok
14:22:20.0013 0x0a78  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:22:20.0013 0x0a78  TsUsbFlt - ok
14:22:20.0013 0x0a78  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:22:20.0013 0x0a78  TsUsbGD - ok
14:22:20.0013 0x0a78  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:22:20.0013 0x0a78  tunnel - ok
14:22:20.0013 0x0a78  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:22:20.0013 0x0a78  uagp35 - ok
14:22:20.0029 0x0a78  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:22:20.0029 0x0a78  udfs - ok
14:22:20.0044 0x0a78  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:22:20.0044 0x0a78  UI0Detect - ok
14:22:20.0044 0x0a78  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:22:20.0044 0x0a78  uliagpkx - ok
14:22:20.0044 0x0a78  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:22:20.0044 0x0a78  umbus - ok
14:22:20.0044 0x0a78  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:22:20.0044 0x0a78  UmPass - ok
14:22:20.0060 0x0a78  [ AEBE8F338432F9DE5AE0CAE4D4BAED76, A11DE1BAEF6E0D30B8801C0AEC589F0DA6FEC5E010BD6A18584D96E0AF9243B8 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:22:20.0060 0x0a78  UMVPFSrv - ok
14:22:20.0076 0x0a78  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:22:20.0076 0x0a78  upnphost - ok
14:22:20.0076 0x0a78  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:22:20.0091 0x0a78  usbaudio - ok
14:22:20.0091 0x0a78  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:20.0091 0x0a78  usbccgp - ok
14:22:20.0091 0x0a78  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:22:20.0091 0x0a78  usbcir - ok
14:22:20.0091 0x0a78  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:22:20.0091 0x0a78  usbehci - ok
14:22:20.0107 0x0a78  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:22:20.0107 0x0a78  usbhub - ok
14:22:20.0107 0x0a78  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:22:20.0107 0x0a78  usbohci - ok
14:22:20.0122 0x0a78  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:22:20.0122 0x0a78  usbprint - ok
14:22:20.0122 0x0a78  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:22:20.0122 0x0a78  usbscan - ok
14:22:20.0122 0x0a78  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:20.0122 0x0a78  USBSTOR - ok
14:22:20.0122 0x0a78  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:22:20.0122 0x0a78  usbuhci - ok
14:22:20.0138 0x0a78  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:22:20.0138 0x0a78  UxSms - ok
14:22:20.0138 0x0a78  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:22:20.0138 0x0a78  VaultSvc - ok
14:22:20.0138 0x0a78  [ FD911873C0BB6945FA38C16E9A2B58F9, EF8C833321449A6E8B671890F2EBC82ABC276B890D274AADDB626D763EE98964 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
14:22:20.0138 0x0a78  VClone - ok
14:22:20.0138 0x0a78  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:22:20.0138 0x0a78  vdrvroot - ok
14:22:20.0154 0x0a78  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:22:20.0154 0x0a78  vds - ok
14:22:20.0169 0x0a78  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:20.0169 0x0a78  vga - ok
14:22:20.0169 0x0a78  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:22:20.0169 0x0a78  VgaSave - ok
14:22:20.0169 0x0a78  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:22:20.0169 0x0a78  vhdmp - ok
14:22:20.0185 0x0a78  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:22:20.0185 0x0a78  viaide - ok
14:22:20.0185 0x0a78  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:22:20.0185 0x0a78  volmgr - ok
14:22:20.0185 0x0a78  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:22:20.0200 0x0a78  volmgrx - ok
14:22:20.0200 0x0a78  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:22:20.0200 0x0a78  volsnap - ok
14:22:20.0216 0x0a78  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:22:20.0216 0x0a78  vsmraid - ok
14:22:20.0247 0x0a78  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:22:20.0263 0x0a78  VSS - ok
14:22:20.0263 0x0a78  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:22:20.0263 0x0a78  vwifibus - ok
14:22:20.0263 0x0a78  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:22:20.0278 0x0a78  vwififlt - ok
14:22:20.0278 0x0a78  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:22:20.0278 0x0a78  vwifimp - ok
14:22:20.0278 0x0a78  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:22:20.0294 0x0a78  W32Time - ok
14:22:20.0294 0x0a78  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:22:20.0294 0x0a78  WacomPen - ok
14:22:20.0294 0x0a78  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:22:20.0294 0x0a78  WANARP - ok
14:22:20.0294 0x0a78  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:22:20.0310 0x0a78  Wanarpv6 - ok
14:22:20.0325 0x0a78  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:22:20.0341 0x0a78  WatAdminSvc - ok
14:22:20.0372 0x0a78  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:22:20.0388 0x0a78  wbengine - ok
14:22:20.0388 0x0a78  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:22:20.0403 0x0a78  WbioSrvc - ok
14:22:20.0403 0x0a78  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:22:20.0419 0x0a78  wcncsvc - ok
14:22:20.0419 0x0a78  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:22:20.0419 0x0a78  WcsPlugInService - ok
14:22:20.0419 0x0a78  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:22:20.0419 0x0a78  Wd - ok
14:22:20.0419 0x0a78  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:22:20.0419 0x0a78  WDC_SAM - ok
14:22:20.0434 0x0a78  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:22:20.0450 0x0a78  Wdf01000 - ok
14:22:20.0450 0x0a78  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:22:20.0450 0x0a78  WdiServiceHost - ok
14:22:20.0466 0x0a78  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:22:20.0466 0x0a78  WdiSystemHost - ok
14:22:20.0466 0x0a78  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:22:20.0481 0x0a78  WebClient - ok
14:22:20.0481 0x0a78  [ D5BA7D43FA2EF656BF7E98A188391E40, 56CF132B7C43A0F9C7C4D070730315FE7AFD2E87E94014DFC3D7107BB52B9C64 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:22:20.0481 0x0a78  Wecsvc - ok
14:22:20.0481 0x0a78  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:22:20.0497 0x0a78  wercplsupport - ok
14:22:20.0497 0x0a78  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:22:20.0497 0x0a78  WerSvc - ok
14:22:20.0497 0x0a78  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:20.0497 0x0a78  WfpLwf - ok
14:22:20.0497 0x0a78  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:22:20.0497 0x0a78  WIMMount - ok
14:22:20.0497 0x0a78  WinDefend - ok
14:22:20.0512 0x0a78  WinHttpAutoProxySvc - ok
14:22:20.0512 0x0a78  [ 136760C1E9697BAF4ECDEAE5590A0806, 12E80D0923D794F4C520FEA7CB98EF581231B996FB1876EB20995E6E457EFF56 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:22:20.0512 0x0a78  Winmgmt - ok
14:22:20.0559 0x0a78  [ 3BB6B401A780BF434C8F58137DE10BF7, 1A377C39B78B92A1A1FED699EE5E5ED0271A6FFAC143F1D29FC1FDF4D726A522 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:22:20.0606 0x0a78  WinRM - ok
14:22:20.0622 0x0a78  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:22:20.0622 0x0a78  WinUsb - ok
14:22:20.0637 0x0a78  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:22:20.0653 0x0a78  Wlansvc - ok
14:22:20.0684 0x0a78  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:22:20.0715 0x0a78  wlidsvc - ok
14:22:20.0731 0x0a78  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
14:22:20.0731 0x0a78  WmBEnum - ok
14:22:20.0731 0x0a78  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
14:22:20.0731 0x0a78  WmFilter - ok
14:22:20.0731 0x0a78  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:22:20.0731 0x0a78  WmiAcpi - ok
14:22:20.0731 0x0a78  [ 4DF841632B62A7CF19A79A05046A8AB1, D80F28FD7FEB95DB83976EAFECB2E9AE1423DA4D34EC5D820FC39A33444B82DA ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:22:20.0746 0x0a78  wmiApSrv - ok
14:22:20.0746 0x0a78  WMPNetworkSvc - ok
14:22:20.0746 0x0a78  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
14:22:20.0746 0x0a78  WmVirHid - ok
14:22:20.0746 0x0a78  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
14:22:20.0746 0x0a78  WmXlCore - ok
14:22:20.0746 0x0a78  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:22:20.0746 0x0a78  WPCSvc - ok
14:22:20.0762 0x0a78  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:22:20.0762 0x0a78  WPDBusEnum - ok
14:22:20.0762 0x0a78  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:22:20.0762 0x0a78  ws2ifsl - ok
14:22:20.0762 0x0a78  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
14:22:20.0778 0x0a78  wscsvc - ok
14:22:20.0778 0x0a78  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:22:20.0778 0x0a78  WSDPrintDevice - ok
14:22:20.0778 0x0a78  WSearch - ok
14:22:20.0824 0x0a78  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:22:20.0856 0x0a78  wuauserv - ok
14:22:20.0856 0x0a78  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:22:20.0856 0x0a78  WudfPf - ok
14:22:20.0871 0x0a78  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:20.0871 0x0a78  WUDFRd - ok
14:22:20.0871 0x0a78  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:22:20.0871 0x0a78  wudfsvc - ok
14:22:20.0887 0x0a78  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:22:20.0887 0x0a78  WwanSvc - ok
14:22:20.0902 0x0a78  ================ Scan global ===============================
14:22:20.0902 0x0a78  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:22:20.0902 0x0a78  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:22:20.0918 0x0a78  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:22:20.0918 0x0a78  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:22:20.0934 0x0a78  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:22:20.0934 0x0a78  [ Global ] - ok
14:22:20.0934 0x0a78  ================ Scan MBR ==================================
14:22:20.0934 0x0a78  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:22:20.0996 0x0a78  \Device\Harddisk1\DR1 - ok
14:22:20.0996 0x0a78  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:22:21.0012 0x0a78  \Device\Harddisk0\DR0 - ok
14:22:21.0012 0x0a78  ================ Scan VBR ==================================
14:22:21.0012 0x0a78  [ 18A5560DFAFDD36FB690074F066DF277 ] \Device\Harddisk1\DR1\Partition1
14:22:21.0012 0x0a78  \Device\Harddisk1\DR1\Partition1 - ok
14:22:21.0012 0x0a78  [ 2BA4D0529D589083DA9E132E30FEAA70 ] \Device\Harddisk1\DR1\Partition2
14:22:21.0012 0x0a78  \Device\Harddisk1\DR1\Partition2 - ok
14:22:21.0027 0x0a78  [ C4C1C5CE5899D8496782992ECB91830F ] \Device\Harddisk0\DR0\Partition1
14:22:21.0074 0x0a78  \Device\Harddisk0\DR0\Partition1 - ok
14:22:21.0074 0x0a78  ================ Scan generic autorun ======================
14:22:21.0105 0x0a78  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
14:22:21.0105 0x0a78  Win FW state via NFP2: enabled
14:22:21.0105 0x0a78  ============================================================
14:22:21.0105 0x0a78  Scan finished
14:22:21.0105 0x0a78  ============================================================
14:22:21.0105 0x0e78  Detected object count: 0
14:22:21.0105 0x0e78  Actual detected object count: 0
14:22:22.0572 0x0e64  Deinitialize success
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chris
->Temp folder emptied: 57132866 bytes
->Temporary Internet Files folder emptied: 113214472 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 57260 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mcx1-HOME-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 163.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09082014_221005

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\BIT6D78.tmp moved successfully.
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SystemLook 30.07.11 by jpshortstuff
Log created at 22:14 on 08/09/2014 by Chris
Administrator - Elevation successful

========== filefind ==========

Searching for "*netObjUsb64*"
C:\FRST\Quarantine\C\Users\Chris\AppData\Roaming\netObjUsb64\netObjUsb64.dll	--a---- 29696 bytes	[14:51 15/10/2013]	[14:51 15/10/2013] 674AF6B05B24D93AA05D4FEAD2A4335E

========== folderfind ==========

Searching for "*netObjUsb64*"
C:\FRST\Quarantine\C\Users\Chris\AppData\Roaming\netObjUsb64	d------	[14:51 15/10/2013]

========== regfind ==========

Searching for "*netObjUsb64*"
No data found.

-= EOF =-


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 09 September 2014 - 04:12 AM

Hi,

 

The logs are clean.

 

However I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 chrisb10a

chrisb10a
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 09 September 2014 - 06:31 PM

Thanks. The logs are below. It looks like HitmanPro found some malware. Also, in step 2, the log was not auto-generated. I had to click the Report button.

 

 

Thanks again,

Chris

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/09/2014 06:50:08 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 09/09/2014 06:50:17 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s) 

RogeKiller log: http://pastebin.com/GvYhNjfb

 

TDSSKiller log: http://pastebin.com/GZtJVEV8

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/9/2014
Scan Time: 7:09:57 PM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.09.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357282
Time Elapsed: 3 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
[code]
HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : HOME-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : home-PC\Chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-09-09 19:19:40
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 9

   Objects scanned . . . : 1,637,174
   Files scanned . . . . : 41,968
   Remnants scanned  . . : 426,966 files / 1,168,240 keys

Malware _____________________________________________________________________

   C:\Users\Chris\AppData\Local\OpenVPN Technologies\iTunes.dll
      Size . . . . . . . : 803,328 bytes
      Age  . . . . . . . : 208.3 days (2014-02-13 11:33:59)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : D2A0A0C343ACAFD8682FEB5B45A3FEF37F89A794882228200E2878F549ED590E
    > Bitdefender  . . . : Gen:Variant.Symmi.38436
      Fuzzy  . . . . . . : 114.0


Suspicious files ____________________________________________________________

   C:\Users\Chris\Desktop\antivirus_programs\FRST64.exe
      Size . . . . . . . : 2,101,760 bytes
      Age  . . . . . . . : 20.0 days (2014-08-20 18:25:21)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9F1800B31D22595C5CC7853BE2BF6ACC824059774CB83B1DB161BCB8CD6A0063
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-207386558-4275052178-3415983149-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Chris\Desktop\antivirus_programs\FRST64.exe
      Forensic Cluster
          0.0s C:\Users\Chris\Desktop\antivirus_programs\FRST64.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\FRST64.exe

   C:\Users\Chris\Desktop\antivirus_programs\FSS.exe
      Size . . . . . . . : 409,600 bytes
      Age  . . . . . . . : 20.0 days (2014-08-20 18:18:59)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : E08909D4632936207B696C8E3C823FD89B6018967DD2D2C8B35E35FD9932DE27
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\adwcleaner.exe
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\aswMBR.exe
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\aswMBR.exe
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix.exe
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix.exe
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix.exe
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\ComboFix_README.txt
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
         -0.0s C:\Users\Chris\Desktop\antivirus_programs\dds.com
          0.0s C:\Users\Chris\Desktop\antivirus_programs\FSS.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\FSS.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\FSS.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\FSS.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\JRT.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\JRT.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\JRT.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\JRT.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\JRT.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\RogueKillerX64.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\RogueKillerX64.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\RogueKillerX64.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\SecurityCheck.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\SystemLook_x64.exe
          0.0s C:\Users\Chris\Desktop\antivirus_programs\TDSSKiller.exe

   C:\Users\Chris\Desktop\FRST64 (1).exe
      Size . . . . . . . : 2,101,760 bytes
      Age  . . . . . . . : 18.2 days (2014-08-22 14:12:41)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 29CD3AEB5D17365F2E077EC9544D13A62D70A58205C7E5914DC3E0D4814265B7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -25.1s C:\Users\Chris\Desktop\bleeping.docx
         -24.8s C:\Users\Chris\AppData\Roaming\Microsoft\Office\Recent\bleeping.LNK
          0.0s C:\Users\Chris\Desktop\FRST64 (1).exe

   C:\Users\Chris\Downloads\FRST64.exe
      Size . . . . . . . : 2,101,760 bytes
      Age  . . . . . . . : 19.2 days (2014-08-21 15:01:44)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 29CD3AEB5D17365F2E077EC9544D13A62D70A58205C7E5914DC3E0D4814265B7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Chris\Downloads\FRST64.exe
         15.4s C:\Users\Chris\Downloads\FRST.txt

   C:\Users\Chris\random_stuff\antivirus_programs\FRST64.exe
      Size . . . . . . . : 2,155,008 bytes
      Age  . . . . . . . : 198.2 days (2014-02-23 14:11:31)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 1D010F12D89CB9BFC8F609FB6DA70D24CBF91385D9C130F9CB752DC7E7BAFD6B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Chris\random_stuff\antivirus_programs\FSS.exe
      Size . . . . . . . : 409,600 bytes
      Age  . . . . . . . : 196.4 days (2014-02-25 09:47:25)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : E08909D4632936207B696C8E3C823FD89B6018967DD2D2C8B35E35FD9932DE27
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Cookies _____________________________________________________________________

   C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\28SOGX43.txt


[/code]



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 10 September 2014 - 03:03 AM

Hello Chris,

 

Let's get rid of the leftover:

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Also I'd like us to scan your machine with ESET OnlineScan:


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

 

And finally let's check for outdated and vulnerable software on your pc:

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:28 AM

Posted 12 September 2014 - 03:10 AM

Hi Chris,

 

Are you still there? :)

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users