Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome is opening many pop-up windows.


  • This topic is locked This topic is locked
18 replies to this topic

#1 videot

videot

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 30 August 2014 - 09:13 PM

Google Chrome is opening many pop-up windows.  They are of various ads, but many seem to claim to be from Yahoo Technical Support.  This is my wife's computer.  I am sending this from my computer because there are way too many pop-ups to attempt this from hers.  There is a storm alert app, that I am wondering about.

 

Thanks so much for your help.Attached File  Attach.txt   2.59KB   1 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Crystal at 20:58:12 on 2014-08-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4004.2383 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe
C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=55&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&SSPV=
mWinlogon: Userinit = userinit.exe
BHO: Realdeal: {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} - C:\ProgramData\Realdeal\1mcd9K.dll
BHO: SmaRtComparie: {B02AC5AA-82B8-2951-E9ED-9DA75197286A} - C:\ProgramData\SmaRtComparie\SXn1vzlX7.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Crystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Crystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Crystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~2.LNK - C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe
StartupFolder: C:\Users\Crystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~1.LNK - C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F7F48BDA-3EF0-43B6-A62D-946988A75FE0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F7F48BDA-3EF0-43B6-A62D-946988A75FE0}\34F6D666F6274794E6E6 : DHCPNameServer = 172.17.0.1
TCP: Interfaces\{F7F48BDA-3EF0-43B6-A62D-946988A75FE0}\742716E6460234F657E6472797 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{F7F48BDA-3EF0-43B6-A62D-946988A75FE0}\7713D264E4 : DHCPNameServer = 10.10.0.7 10.10.0.9
AppInit_DLLs= c:\progra~3\browse~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Realdeal: {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} - C:\ProgramData\Realdeal\1mcd9K.x64.dll
x64-BHO: SmaRtComparie: {B02AC5AA-82B8-2951-E9ED-9DA75197286A} - C:\ProgramData\SmaRtComparie\SXn1vzlX7.x64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [DLCDCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLCDtime.dll,_RunDLLEntry@16
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-6-10 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dlcd_device;dlcd_device;C:\Windows\System32\dlcdcoms.exe -service --> C:\Windows\System32\dlcdcoms.exe -service [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-24 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-08-30 08:28:54    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05620F1E-9E44-48F8-8BD3-472EA7712409}\mpengine.dll
2014-08-29 02:38:32    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-29 01:05:51    1169712    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19AE5344-5871-40AC-81D0-97BAE50B0CB1}\gapaengine.dll
2014-08-28 18:33:42    --------    d-----w-    C:\Users\Crystal\AppData\Roaming\ooVoo Details
2014-08-28 18:33:14    --------    d-----w-    C:\Program Files (x86)\ooVoo
2014-08-28 18:30:13    --------    d-----w-    C:\ProgramData\SmaRtComparie
2014-08-28 13:17:51    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 13:17:51    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 13:17:51    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-25 04:53:14    2620928    ----a-w-    C:\Windows\System32\wucltux.dll
2014-08-25 04:52:54    97792    ----a-w-    C:\Windows\System32\wudriver.dll
2014-08-25 04:52:54    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-08-25 04:52:30    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2014-08-25 04:52:30    198600    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-08-25 04:52:30    179656    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2014-08-25 04:52:28    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-08-14 08:03:01    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-14 08:03:00    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-14 08:03:00    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-14 08:02:59    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-14 08:02:54    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-14 08:02:54    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-14 08:02:09    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 08:02:09    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-14 07:24:59    4204032    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-14 07:19:30    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 07:19:30    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 07:19:29    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-08-14 07:19:28    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-08-14 07:15:06    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-08-14 07:15:06    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-08-14 07:14:47    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-08-14 07:14:46    2363392    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-08-14 07:14:45    1941504    ----a-w-    C:\Windows\System32\authui.dll
2014-08-14 07:14:45    1805824    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-08-14 07:14:43    504320    ----a-w-    C:\Windows\System32\msihnd.dll
2014-08-14 07:14:43    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2014-08-14 07:14:43    112064    ----a-w-    C:\Windows\System32\consent.exe
2014-08-14 07:14:28    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-14 07:09:59    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-08-14 07:09:57    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 07:09:52    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-14 07:09:50    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-08-11 13:47:51    --------    d-----w-    C:\ProgramData\d83cd75a646c764
2014-08-11 13:47:44    --------    d-----w-    C:\Users\Crystal\AppData\Local\Packages
2014-08-11 13:47:35    --------    d-----w-    C:\ProgramData\Realdeal
2014-08-11 13:27:25    --------    d-----w-    C:\ProgramData\Browser System Enahncer
2014-08-03 03:59:01    --------    d-----w-    C:\SUPERDelete
2014-08-03 03:57:42    --------    d-----w-    C:\Users\Crystal\AppData\Roaming\SUPERAntiSpyware.com
2014-08-03 03:57:22    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-08-03 03:57:22    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
.
==================== Find3M  ====================
.
2014-07-25 14:02:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 05:11:48    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 08:31:41    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-06-16 08:31:41    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:59:36.17 ===============
 



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 31 August 2014 - 06:43 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.


aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 01 September 2014 - 03:55 PM

Hi Pystryker,

It's nice to meet you and thank you for your help with my wife's computer!

 

One note before I paste in the text of the logs you have requested.  I didn't know if my wife's computer supported virtualization, nor did I realize that the software would scan for that capability.  So I ran the "Intel" utility to scan for that.  It can directly from the Intel website.  The Farbar and aswMBR logs that I uploaded came after I ran the Intel utility.  But I also have Farbar logs from before I ran it, if you would like to see those.

 

Now for the logs!

 

FRST.txt follows  ===================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Crystal (administrator) on CRYSTAL-PC on 01-09-2014 09:26:23
Running from C:\Users\Crystal\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Weather Warnings LLC) C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [DLCDCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCDtime.dll,_RunDLLEntry@16                                                                                                                            (the data entry has 59 more characters).
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-16] (Microsoft Corporation)
HKU\S-1-5-21-461702851-272330320-812187809-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware)
HKU\S-1-5-21-461702851-272330320-812187809-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll [4302848 2014-08-11] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=55&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1FEAE6675486CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=58&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=58&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&q={searchTerms}&SSPV=
BHO: Realdeal -> {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} -> C:\ProgramData\Realdeal\1mcd9K.x64.dll ()
BHO: SmaRtComparie -> {B02AC5AA-82B8-2951-E9ED-9DA75197286A} -> C:\ProgramData\SmaRtComparie\SXn1vzlX7.x64.dll ()
BHO-x32: Realdeal -> {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} -> C:\ProgramData\Realdeal\1mcd9K.dll ()
BHO-x32: SmaRtComparie -> {B02AC5AA-82B8-2951-E9ED-9DA75197286A} -> C:\ProgramData\SmaRtComparie\SXn1vzlX7.dll ()
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mah Jong Connect) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk [2014-08-11]
CHR Extension: (Google Docs) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12]
CHR Extension: (Google Drive) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google Search) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (G Links) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbfcdbhbobookobjhdnkgcgoiajlebn [2014-08-28]
CHR Extension: (Google Wallet) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Gmail) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 dlcd_device; C:\Windows\system32\dlcdcoms.exe [451584 2005-06-21] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 ssnfd; system32\drivers\ssnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:24 - 2014-09-01 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor Identification Utility
2014-09-01 09:24 - 2014-09-01 09:24 - 00000000 ____D () C:\Program Files (x86)\Intel Corporation
2014-09-01 09:23 - 2014-09-01 09:23 - 03397632 _____ () C:\Users\Crystal\Downloads\pidenu38.msi
2014-09-01 09:04 - 2014-09-01 09:05 - 05185536 _____ (AVAST Software) C:\Users\Crystal\Desktop\aswmbr.exe
2014-09-01 09:01 - 2014-09-01 09:26 - 00011990 _____ () C:\Users\Crystal\Desktop\FRST.txt
2014-09-01 09:00 - 2014-09-01 09:26 - 00000000 ____D () C:\FRST
2014-09-01 08:58 - 2014-09-01 08:58 - 02104832 _____ (Farbar) C:\Users\Crystal\Desktop\FRST64.exe
2014-09-01 07:47 - 2014-09-01 07:47 - 00000016 ____H () C:\Users\Crystal\Downloads\SyncToy_413cb70e-8130-43eb-850f-f66e12811912.dat
2014-09-01 07:46 - 2014-09-01 07:46 - 00000016 ____H () C:\Users\Crystal\Desktop\SyncToy_4a628cb1-1d2b-4d04-962f-9c95d5dd5834.dat
2014-09-01 01:05 - 2014-09-01 01:05 - 00000016 ____H () C:\Users\Crystal\Documents\SyncToy_5474d566-bfbf-404d-83f5-da731e4ee3fd.dat
2014-08-31 22:06 - 2014-08-31 22:06 - 00000016 ____H () C:\Users\Crystal\SyncToy_d41a697f-c874-4ac5-9fa5-3df49b3afaf5.dat
2014-08-30 20:59 - 2014-08-30 20:59 - 00014289 _____ () C:\Users\Crystal\Desktop\dds.txt
2014-08-30 20:59 - 2014-08-30 20:59 - 00002648 _____ () C:\Users\Crystal\Desktop\attach.txt
2014-08-30 20:54 - 2014-08-30 20:54 - 00688992 ____R (Swearware) C:\Users\Crystal\Downloads\dds.com
2014-08-30 00:09 - 2014-08-30 00:09 - 00003144 _____ () C:\Windows\System32\Tasks\{FD9572F5-26EA-449F-A2C3-6F35B8B3707A}
2014-08-30 00:04 - 2014-08-30 00:04 - 00007519 _____ () C:\Users\Crystal\Downloads\hijackthis.log
2014-08-30 00:02 - 2014-08-30 00:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis (1).exe
2014-08-30 00:01 - 2014-08-30 00:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis.exe
2014-08-28 13:33 - 2014-08-28 13:33 - 00001857 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\ooVoo Details
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-08-28 13:30 - 2014-08-28 13:30 - 00126328 _____ (Premium Installer ) C:\Users\Crystal\Downloads\Setup (1).exe
2014-08-28 13:30 - 2014-08-28 13:30 - 00000000 ____D () C:\ProgramData\SmaRtComparie
2014-08-28 13:28 - 2014-08-28 13:29 - 02387520 _____ (ooVoo LLC) C:\Users\Crystal\Downloads\ooVooSetup.exe
2014-08-28 08:17 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:17 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:17 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 23:53 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 23:53 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 23:53 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 23:53 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-24 23:52 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 23:52 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-24 23:52 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 23:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-24 23:52 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 23:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-14 03:03 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:03 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:03 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 03:02 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:02 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 03:02 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 02:25 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 02:25 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 02:25 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 02:25 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 02:25 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 02:25 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 02:25 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 02:25 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 02:25 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 02:25 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 02:25 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 02:25 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 02:25 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 02:25 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 02:25 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 02:25 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 02:25 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 02:25 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 02:25 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 02:25 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 02:25 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 02:25 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 02:25 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 02:25 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 02:25 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 02:25 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 02:25 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 02:25 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 02:25 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 02:25 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 02:24 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 02:24 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 02:24 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 02:24 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 02:24 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 02:24 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 02:24 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 02:24 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 02:24 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 02:24 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 02:24 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 02:24 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 02:24 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 02:24 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 02:24 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 02:24 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 02:24 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 02:24 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 02:24 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 02:24 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 02:24 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 02:24 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 02:24 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 02:24 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 02:24 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 02:24 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 02:19 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 02:19 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 02:15 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 02:15 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 02:14 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 02:14 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 02:14 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 02:14 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 02:14 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 02:14 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 02:14 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 02:14 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 02:14 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 02:14 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 02:09 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 02:09 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 02:09 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 02:09 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 08:47 - 2014-08-28 13:30 - 00000000 ____D () C:\ProgramData\d83cd75a646c764
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Packages
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\ProgramData\Realdeal
2014-08-11 08:27 - 2014-08-15 05:57 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-08-07 09:34 - 2014-08-07 09:34 - 00271360 _____ () C:\Users\Crystal\Documents\Awards banquet sign up.pub
2014-08-02 22:59 - 2014-08-02 22:59 - 00000000 ____D () C:\SUPERDelete
2014-08-02 22:57 - 2014-08-31 19:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-02 22:57 - 2014-08-17 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-02 22:57 - 2014-08-02 22:57 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\SUPERAntiSpyware.com
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-02 22:43 - 2014-08-02 22:45 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Crystal\Downloads\SUPERAntiSpyware.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:26 - 2014-09-01 09:01 - 00011990 _____ () C:\Users\Crystal\Desktop\FRST.txt
2014-09-01 09:26 - 2014-09-01 09:00 - 00000000 ____D () C:\FRST
2014-09-01 09:24 - 2014-09-01 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor Identification Utility
2014-09-01 09:24 - 2014-09-01 09:24 - 00000000 ____D () C:\Program Files (x86)\Intel Corporation
2014-09-01 09:23 - 2014-09-01 09:23 - 03397632 _____ () C:\Users\Crystal\Downloads\pidenu38.msi
2014-09-01 09:23 - 2014-07-19 08:56 - 00000000 ____D () C:\Users\Crystal\AppData\Local\StormAlerts
2014-09-01 09:05 - 2014-09-01 09:04 - 05185536 _____ (AVAST Software) C:\Users\Crystal\Desktop\aswmbr.exe
2014-09-01 09:03 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 09:03 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 08:59 - 2014-06-12 20:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 08:58 - 2014-09-01 08:58 - 02104832 _____ (Farbar) C:\Users\Crystal\Desktop\FRST64.exe
2014-09-01 08:53 - 2014-06-10 01:17 - 01189419 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 08:53 - 2009-07-13 23:51 - 00023920 _____ () C:\Windows\setupact.log
2014-09-01 07:50 - 2014-05-21 18:32 - 00000000 ____D () C:\Users\Crystal\My Backup Files
2014-09-01 07:47 - 2014-09-01 07:47 - 00000016 ____H () C:\Users\Crystal\Downloads\SyncToy_413cb70e-8130-43eb-850f-f66e12811912.dat
2014-09-01 07:46 - 2014-09-01 07:46 - 00000016 ____H () C:\Users\Crystal\Desktop\SyncToy_4a628cb1-1d2b-4d04-962f-9c95d5dd5834.dat
2014-09-01 07:46 - 2014-06-12 09:33 - 00000000 ____D () C:\Users\Crystal
2014-09-01 07:36 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 01:05 - 2014-09-01 01:05 - 00000016 ____H () C:\Users\Crystal\Documents\SyncToy_5474d566-bfbf-404d-83f5-da731e4ee3fd.dat
2014-08-31 22:06 - 2014-08-31 22:06 - 00000016 ____H () C:\Users\Crystal\SyncToy_d41a697f-c874-4ac5-9fa5-3df49b3afaf5.dat
2014-08-31 19:34 - 2014-08-02 22:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-31 11:59 - 2014-06-12 20:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 20:59 - 2014-08-30 20:59 - 00014289 _____ () C:\Users\Crystal\Desktop\dds.txt
2014-08-30 20:59 - 2014-08-30 20:59 - 00002648 _____ () C:\Users\Crystal\Desktop\attach.txt
2014-08-30 20:54 - 2014-08-30 20:54 - 00688992 ____R (Swearware) C:\Users\Crystal\Downloads\dds.com
2014-08-30 11:45 - 2014-06-12 10:04 - 00000000 ___RD () C:\Users\Crystal\Dropbox
2014-08-30 11:34 - 2014-06-12 10:03 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Dropbox
2014-08-30 03:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-30 03:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 03:17 - 2009-07-13 23:45 - 00404256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 03:16 - 2014-06-12 21:57 - 00044958 _____ () C:\Windows\PFRO.log
2014-08-30 00:09 - 2014-08-30 00:09 - 00003144 _____ () C:\Windows\System32\Tasks\{FD9572F5-26EA-449F-A2C3-6F35B8B3707A}
2014-08-30 00:07 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Crystal\Documents\Crystal-Transfer
2014-08-30 00:04 - 2014-08-30 00:04 - 00007519 _____ () C:\Users\Crystal\Downloads\hijackthis.log
2014-08-30 00:02 - 2014-08-30 00:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis (1).exe
2014-08-30 00:02 - 2014-08-30 00:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis.exe
2014-08-30 00:02 - 2014-06-12 09:33 - 00000000 ____D () C:\Users\Crystal\AppData\Local\VirtualStore
2014-08-28 21:40 - 2014-06-22 00:06 - 00000000 ____D () C:\Program Files\Dl_cats
2014-08-28 13:33 - 2014-08-28 13:33 - 00001857 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\ooVoo Details
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-08-28 13:30 - 2014-08-28 13:30 - 00126328 _____ (Premium Installer ) C:\Users\Crystal\Downloads\Setup (1).exe
2014-08-28 13:30 - 2014-08-28 13:30 - 00000000 ____D () C:\ProgramData\SmaRtComparie
2014-08-28 13:30 - 2014-08-11 08:47 - 00000000 ____D () C:\ProgramData\d83cd75a646c764
2014-08-28 13:29 - 2014-08-28 13:28 - 02387520 _____ (ooVoo LLC) C:\Users\Crystal\Downloads\ooVooSetup.exe
2014-08-22 21:07 - 2014-08-28 08:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 08:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 08:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 07:27 - 2014-08-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-15 05:57 - 2014-08-11 08:27 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-08-14 06:01 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 06:01 - 2014-05-21 12:28 - 00001025 _____ () C:\Users\Crystal\Desktop\Dropbox.lnk
2014-08-14 03:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 03:14 - 2014-07-24 22:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:11 - 2014-07-24 22:39 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 03:01 - 2014-06-18 08:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Packages
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\ProgramData\Realdeal
2014-08-11 08:27 - 2014-07-24 22:17 - 00000000 ____D () C:\ProgramData\374311380
2014-08-07 09:34 - 2014-08-07 09:34 - 00271360 _____ () C:\Users\Crystal\Documents\Awards banquet sign up.pub
2014-08-06 21:06 - 2014-08-14 02:09 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-14 02:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 22:59 - 2014-08-02 22:59 - 00000000 ____D () C:\SUPERDelete
2014-08-02 22:57 - 2014-08-02 22:57 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\SUPERAntiSpyware.com
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-02 22:45 - 2014-08-02 22:43 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Crystal\Downloads\SUPERAntiSpyware.exe

Files to move or delete:
====================
C:\Users\Crystal\SyncToy_7601d310-bde6-4e88-95b2-7c960c8e572d.dat
C:\Users\Crystal\SyncToy_d41a697f-c874-4ac5-9fa5-3df49b3afaf5.dat


Some content of TEMP:
====================
C:\Users\Crystal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsypzaz.dll
C:\Users\Crystal\AppData\Local\Temp\ochelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 00:48

==================== End Of Log ============================

 

Addition.txt follows next===========================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Crystal at 2014-09-01 09:26:58
Running from C:\Users\Crystal\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser System Enahncer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0}) (Version:  - WorldLoad) <==== ATTENTION
Dell Photo AIO Printer 944 (HKLM\...\Dell Photo AIO Printer 944) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
GimpShop 2.8 (HKLM-x32\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realdeal (HKLM-x32\...\{730C1F02-ABB6-7601-60ED-659A59700742}) (Version:  - reaLDeal) <==== ATTENTION
SmaRtComparie (HKLM-x32\...\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}) (Version:  - SmartCompauRe) <==== ATTENTION
StormAlerts (HKCU\...\StormAlerts) (Version: 1.0.14.0 - Weather Warnings LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1108 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-461702851-272330320-812187809-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

17-08-2014 12:59:02 Windows Update
21-08-2014 04:52:43 Windows Update
24-08-2014 06:30:48 Windows Update
25-08-2014 04:52:08 Windows Update
27-08-2014 15:28:41 Windows Update
30-08-2014 08:00:12 Windows Update
01-09-2014 14:24:17 Installed Intel® Processor Identification Utility

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09A3598E-E179-4162-9B5D-118A5BD650FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {21F80C99-D87D-465D-A416-12FD9965B499} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A79E5C4-10C8-4C27-93CE-58AEE7285841} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => F:\Files\Utilities\HDSentinel\HDSentinel.exe
Task: {7ACDA3FA-28AC-4E04-8426-4F21A2841F08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {B2DA1D13-5E2F-45ED-BFE4-BA7C6E5D7A0D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2005-06-21 17:23 - 2005-06-21 17:23 - 00339968 _____ () C:\Windows\System32\dlcdlmpm.DLL
2014-06-10 01:33 - 2011-03-25 09:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-25 12:47 - 2014-02-25 12:47 - 00612464 _____ () C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 11:34 - 2014-08-30 11:34 - 00043008 _____ () c:\users\crystal\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsypzaz.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Crystal\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-11 08:27 - 2014-08-11 08:27 - 04124160 _____ () c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll
2014-07-17 12:02 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 12:02 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 12:02 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 12:02 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 12:02 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-17 12:02 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Crystal\Downloads\Message 37.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 09:24:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/30/2014 08:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19219

Error: (08/30/2014 08:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19219

Error: (08/30/2014 08:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2014 08:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1060

Error: (08/30/2014 08:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1060

Error: (08/30/2014 08:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2014 11:34:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/30/2014 11:34:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2014 09:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dlcdcoms.exe, version: 1.154.18.0, time stamp: 0x42b882ce
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xe2c
Faulting application start time: 0xdlcdcoms.exe0
Faulting application path: dlcdcoms.exe1
Faulting module path: dlcdcoms.exe2
Report Id: dlcdcoms.exe3


System errors:
=============
Error: (09/01/2014 06:48:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.183.1128.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/01/2014 06:38:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.183.1128.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (08/30/2014 03:18:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd

Error: (08/30/2014 00:50:45 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/29/2014 11:24:59 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/29/2014 11:23:39 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/29/2014 11:23:19 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/29/2014 11:06:57 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/29/2014 11:06:37 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (08/29/2014 11:02:17 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.


Microsoft Office Sessions:
=========================
Error: (09/01/2014 09:24:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Crystal\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe

Error: (08/30/2014 08:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19219

Error: (08/30/2014 08:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19219

Error: (08/30/2014 08:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2014 08:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1060

Error: (08/30/2014 08:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1060

Error: (08/30/2014 08:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2014 11:34:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Crystal\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe

Error: (08/30/2014 11:34:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Crystal\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe

Error: (08/28/2014 09:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dlcdcoms.exe1.154.18.042b882centdll.dll6.1.7601.18247521eaf24c000037400000000000c4102e2c01cfbc98a750263eC:\Windows\system32\dlcdcoms.exeC:\Windows\SYSTEM32\ntdll.dlleaed8789-2f25-11e4-8213-24b6fd169b28


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 62%
Total physical RAM: 4004.27 MB
Available physical RAM: 1501.43 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 5487.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:298.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 614A255B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

And lastly, aswMBR.txt follows==============================================

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-01 09:29:32
-----------------------------
09:29:32.789    OS Version: Windows x64 6.1.7601 Service Pack 1
09:29:32.790    Number of processors: 4 586 0x2A07
09:29:32.791    ComputerName: CRYSTAL-PC  UserName: Crystal
09:29:34.618    Initialize success
09:29:34.703    VM: initialized successfully
09:29:34.718    VM: Intel CPU supported
09:29:39.926    VM: supported disk I/O ataport.SYS
09:42:13.786    AVAST engine defs: 14090100
09:56:20.143    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:56:20.146    Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA50A Size: 476940MB BusType: 11
09:56:20.277    VM: Disk 0 MBR read successfully
09:56:20.280    Disk 0 MBR scan
09:56:20.331    Disk 0 Windows 7 default MBR code
09:56:20.345    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:56:20.373    Disk 0 default boot code
09:56:20.428    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
09:56:20.620    Disk 0 scanning C:\Windows\system32\drivers
09:56:37.004    Service scanning
09:57:11.902    Modules scanning
09:57:11.911    Disk 0 trace - called modules:
09:57:11.956    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:57:11.961    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800438d060]
09:57:11.966    3 CLASSPNP.SYS[fffff8800197943f] -> nt!IofCallDriver -> [0xfffffa80040c09b0]
09:57:11.970    5 ACPI.sys[fffff880010e57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040bd060]
09:57:13.206    AVAST engine scan C:\Windows
09:57:15.951    AVAST engine scan C:\Windows\system32
10:02:08.727    AVAST engine scan C:\Windows\system32\drivers
10:02:40.194    AVAST engine scan C:\Users\Crystal
10:48:12.381    File: C:\Users\Crystal\Downloads\Setup (1).exe  **INFECTED** Win32:Adware-gen [Adw]
11:12:20.287    AVAST engine scan C:\ProgramData
11:12:51.457    File: C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll  **INFECTED** Win32:Malware-gen
11:14:29.750    File: C:\ProgramData\Realdeal\1mcd9K.dll  **INFECTED** Win32:Adware-gen [Adw]
11:14:30.813    File: C:\ProgramData\Realdeal\1mcd9K.exe  **INFECTED** Win32:Adware-gen [Adw]
11:14:32.204    File: C:\ProgramData\SmaRtComparie\SXn1vzlX7.dll  **INFECTED** Win32:Dropper-gen [Drp]
11:14:33.041    File: C:\ProgramData\SmaRtComparie\SXn1vzlX7.exe  **INFECTED** Win32:Adware-gen [Adw]
11:14:33.214    File: C:\ProgramData\SmaRtComparie\SXn1vzlX7.x64.dll  **INFECTED** Win32:Adware-gen [Adw]
11:14:34.551    Scan finished successfully
14:55:34.784    Disk 0 MBR has been saved successfully to "C:\Users\Crystal\Dropbox\4Crystal\MBR.dat"
14:55:34.872    The log file has been saved successfully to "C:\Users\Crystal\Dropbox\4Crystal\aswMBR.txt"


End of aswMBR.txt
=======================================================

 

Thank you so much, I look forward to hearing from you.

 

Videot



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 01 September 2014 - 05:35 PM

Hi Pystryker,

It's nice to meet you and thank you for your help with my wife's computer!


Hello :) Nice to meet you as well, and you're quite welcome. :thumbsup:
 

One note before I paste in the text of the logs you have requested. I didn't know if my wife's computer supported virtualization, nor did I realize that the software would scan for that capability. So I ran the "Intel" utility to scan for that. It can directly from the Intel website. The Farbar and aswMBR logs that I uploaded came after I ran the Intel utility. But I also have Farbar logs from before I ran it, if you would like to see those.



No worries, I plan on running some further scans to make sure nothing more nefarious is on the machine. :)


Let's get to work, and start clearing away the junk.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs from your machine as they are all adware/malware related programs.
  • Browser System Enahncer
  • Realdeal
  • SmaRtcomparie
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll [4302848 2014-08-11] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-11] ()
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=55&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=58&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=58&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&q={searchTerms}&SSPV=
BHO: Realdeal -> {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} -> C:\ProgramData\Realdeal\1mcd9K.x64.dll ()
BHO: SmaRtComparie -> {B02AC5AA-82B8-2951-E9ED-9DA75197286A} -> C:\ProgramData\SmaRtComparie\SXn1vzlX7.x64.dll ()
BHO-x32: Realdeal -> {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} -> C:\ProgramData\Realdeal\1mcd9K.dll ()
BHO-x32: SmaRtComparie -> {B02AC5AA-82B8-2951-E9ED-9DA75197286A} -> C:\ProgramData\SmaRtComparie\SXn1vzlX7.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-28 13:30 - 2014-08-28 13:30 - 00000000 ____D () C:\ProgramData\SmaRtComparie
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\ProgramData\Realdeal
2014-08-11 08:27 - 2014-08-15 05:57 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
C:\Users\Crystal\SyncToy_7601d310-bde6-4e88-95b2-7c960c8e572d.dat
C:\Users\Crystal\SyncToy_d41a697f-c874-4ac5-9fa5-3df49b3afaf5.dat
Task: {B2DA1D13-5E2F-45ED-BFE4-BA7C6E5D7A0D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 01 September 2014 - 10:50 PM

Hello,  things seem to be better already.  But I know we're not done yet!

 

Here are my logs:

 

First:  fixlog.txt====================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Crystal at 2014-09-01 21:04:24 Run:1
Running from C:\Users\Crystal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
    Start
    AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll [4302848 2014-08-11] ()
    AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-11] ()
    ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=55&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&SSPV=
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=58&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3329969&octid=EB_ORIGINAL_CTID&ISID=M0E6EE892-361E-4912-A6C1-01D3EEEED22E&SearchSource=58&CUI=&UM=6&UP=SPAAA086A0-6D1B-4CA7-8A0A-6B3E56610D05&q={searchTerms}&SSPV=
    BHO: Realdeal -> {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} -> C:\ProgramData\Realdeal\1mcd9K.x64.dll ()
    BHO: SmaRtComparie -> {B02AC5AA-82B8-2951-E9ED-9DA75197286A} -> C:\ProgramData\SmaRtComparie\SXn1vzlX7.x64.dll ()
    BHO-x32: Realdeal -> {6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21} -> C:\ProgramData\Realdeal\1mcd9K.dll ()
    BHO-x32: SmaRtComparie -> {B02AC5AA-82B8-2951-E9ED-9DA75197286A} -> C:\ProgramData\SmaRtComparie\SXn1vzlX7.dll ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-08-28 13:30 - 2014-08-28 13:30 - 00000000 ____D () C:\ProgramData\SmaRtComparie
    2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\ProgramData\Realdeal
    2014-08-11 08:27 - 2014-08-15 05:57 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
    C:\Users\Crystal\SyncToy_7601d310-bde6-4e88-95b2-7c960c8e572d.dat
    C:\Users\Crystal\SyncToy_d41a697f-c874-4ac5-9fa5-3df49b3afaf5.dat
    Task: {B2DA1D13-5E2F-45ED-BFE4-BA7C6E5D7A0D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state on
    CMD: ipconfig /flushdns
    Emptytemp:
    Hosts:
    End
*****************

"C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL" => Value Data not found.
"c:\progra~3\browse~1\browse~1.dll" => Value Data not found.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21}" => Key not found.
"HKCR\CLSID\{6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02AC5AA-82B8-2951-E9ED-9DA75197286A}" => Key not found.
"HKCR\CLSID\{B02AC5AA-82B8-2951-E9ED-9DA75197286A}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21}" => Key not found.
"HKCR\Wow6432Node\CLSID\{6B3A8C3B-1197-FFE0-82A5-7C1C0E712E21}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02AC5AA-82B8-2951-E9ED-9DA75197286A}" => Key not found.
"HKCR\Wow6432Node\CLSID\{B02AC5AA-82B8-2951-E9ED-9DA75197286A}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\SmaRtComparie => Moved successfully.
C:\ProgramData\Realdeal => Moved successfully.
"C:\ProgramData\Browser System Enahncer" => File/Directory not found.
C:\Users\Crystal\SyncToy_7601d310-bde6-4e88-95b2-7c960c8e572d.dat => Moved successfully.
C:\Users\Crystal\SyncToy_d41a697f-c874-4ac5-9fa5-3df49b3afaf5.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2DA1D13-5E2F-45ED-BFE4-BA7C6E5D7A0D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2DA1D13-5E2F-45ED-BFE4-BA7C6E5D7A0D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Secondly, JRT.txt:=================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Crystal on Mon 09/01/2014 at 21:19:33.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 70e6ca8c
Successfully deleted: [Service] 70e6ca8c
Failed to stop: [Service] cltmngsvc
Failed to stop: [Service] update sizlsearch
Failed to stop: [Service] util sizlsearch



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36D96925-ABFA-4EB8-B630-305E905A930D}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Crystal\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Crystal\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Failed to delete: [Folder] "C:\Program Files (x86)\sizlsearch"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Empty Folder] C:\Users\Crystal\appdata\local\{4DB3F220-14A7-4F9D-B9D6-96DB359A4ED7}
Successfully deleted: [Empty Folder] C:\Users\Crystal\appdata\local\{963339BD-87B0-40DB-ACCD-577E7062EB77}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/01/2014 at 21:25:44.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

End JRT.txt======================================

 

Thirdly, AdwCleaner[S0].txt ==================================

# AdwCleaner v3.308 - Report created 01/09/2014 at 21:56:40
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Crystal - CRYSTAL-PC
# Running from : C:\Users\Crystal\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
[#] Service Deleted : Update sizlsearch
[#] Service Deleted : Util sizlsearch

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\sizlsearch
Folder Deleted : C:\Users\Crystal\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Crystal\AppData\Local\PackageAware
Folder Deleted : C:\Users\Crystal\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Crystal\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Crystal\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
File Deleted : C:\Users\Crystal\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{36D96925-ABFA-4EB8-B630-305E905A930D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36D96925-ABFA-4EB8-B630-305E905A930D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36D96925-ABFA-4EB8-B630-305E905A930D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\sizlsearch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\sizlsearch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sizlsearch
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={753B565D-0313-4EA9-8D43-1D9AAF6DD27D}&mid=64dfd5d7f7a347d0a7ebf5ffbbf272db-0ee0254b4105319d8d20cfbeb12e8af0c0e27ca6&lang=en&ds=AVG&pr=fr&d=2012-07-12 05:21:45&v=17.1.2.1&pid=avg&sg=51&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://www.gastongazette.com/search-results/gg-search-7.4908?q={searchTerms}&x=36&y=9
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=B397DECC-D812-49E2-9FDC-FD50AF65267F&n=77fda985&ind=2013112709&p2=^HJ^xdm003^YYA^us&si=CM__w_6chbsCFYFhMgodSEgA8g&searchfor={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M8E72F296-55C9-4A64-93D5-AA9479106236&SearchSource=58&CUI=&UM=6&UP=SP0B5E3C52-9D53-49F4-BEA3-8C664F697825&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M8E72F296-55C9-4A64-93D5-AA9479106236&SearchSource=55&CUI=&UM=6&UP=SP0B5E3C52-9D53-49F4-BEA3-8C664F697825&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M8E72F296-55C9-4A64-93D5-AA9479106236&SearchSource=55&CUI=&UM=6&UP=SP0B5E3C52-9D53-49F4-BEA3-8C664F697825&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [5742 octets] - [01/09/2014 21:55:34]
AdwCleaner[S0].txt - [5341 octets] - [01/09/2014 21:56:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5401 octets] ##########
 

Lastly, the fresh FRST.log=======================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Crystal (administrator) on CRYSTAL-PC on 01-09-2014 22:05:38
Running from C:\Users\Crystal\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Dropbox, Inc.) C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Weather Warnings LLC) C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [DLCDCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCDtime.dll,_RunDLLEntry@16                                                                                                                            (the data entry has 59 more characters).
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-16] (Microsoft Corporation)
HKU\S-1-5-21-461702851-272330320-812187809-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware)
HKU\S-1-5-21-461702851-272330320-812187809-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1FEAE6675486CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M8E72F296-55C9-4A64-93D5-AA9479106236&SearchSource=58&CUI=&UM=6&UP=SP0B5E3C52-9D53-49F4-BEA3-8C664F697825&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mah Jong Connect) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk [2014-08-11]
CHR Extension: (Google Docs) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12]
CHR Extension: (Google Drive) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google Search) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (G Links) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbfcdbhbobookobjhdnkgcgoiajlebn [2014-08-28]
CHR Extension: (Google Wallet) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Gmail) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 dlcd_device; C:\Windows\system32\dlcdcoms.exe [451584 2005-06-21] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 ssnfd; system32\drivers\ssnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 22:05 - 2014-09-01 22:05 - 00010238 _____ () C:\Users\Crystal\Desktop\FRST.txt
2014-09-01 21:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:54 - 2014-09-01 21:56 - 00000000 ____D () C:\AdwCleaner
2014-09-01 21:53 - 2014-09-01 21:53 - 01364531 _____ () C:\Users\Crystal\Desktop\AdwCleaner.exe
2014-09-01 21:25 - 2014-09-01 21:25 - 00002897 _____ () C:\Users\Crystal\Desktop\JRT.txt
2014-09-01 21:19 - 2014-09-01 21:19 - 01016261 _____ (Thisisu) C:\Users\Crystal\Downloads\JRT (1).exe
2014-09-01 21:18 - 2014-09-01 21:18 - 01016261 _____ (Thisisu) C:\Users\Crystal\Downloads\JRT.exe
2014-09-01 21:18 - 2014-09-01 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 20:57 - 2014-09-01 20:57 - 00000000 ____D () C:\Program Files (x86)\SmaRtComparie
2014-09-01 20:56 - 2014-09-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Realdeal
2014-09-01 19:22 - 2014-09-01 19:22 - 00247160 _____ (Premium Installer ) C:\Users\Crystal\Downloads\oovoo_Setup.exe
2014-09-01 19:22 - 2014-09-01 19:22 - 00247160 _____ (Premium Installer ) C:\Users\Crystal\Downloads\oovoo_Setup (1).exe
2014-09-01 09:26 - 2014-09-01 09:27 - 00022251 _____ () C:\Users\Crystal\Desktop\Addition.txt
2014-09-01 09:23 - 2014-09-01 09:23 - 03397632 _____ () C:\Users\Crystal\Downloads\pidenu38.msi
2014-09-01 09:04 - 2014-09-01 09:05 - 05185536 _____ (AVAST Software) C:\Users\Crystal\Desktop\aswmbr.exe
2014-09-01 09:00 - 2014-09-01 22:05 - 00000000 ____D () C:\FRST
2014-09-01 08:58 - 2014-09-01 08:58 - 02104832 _____ (Farbar) C:\Users\Crystal\Desktop\FRST64.exe
2014-09-01 07:47 - 2014-09-01 07:47 - 00000016 ____H () C:\Users\Crystal\Downloads\SyncToy_413cb70e-8130-43eb-850f-f66e12811912.dat
2014-09-01 07:46 - 2014-09-01 07:46 - 00000016 ____H () C:\Users\Crystal\Desktop\SyncToy_4a628cb1-1d2b-4d04-962f-9c95d5dd5834.dat
2014-09-01 01:05 - 2014-09-01 01:05 - 00000016 ____H () C:\Users\Crystal\Documents\SyncToy_5474d566-bfbf-404d-83f5-da731e4ee3fd.dat
2014-08-30 20:59 - 2014-08-30 20:59 - 00014289 _____ () C:\Users\Crystal\Desktop\dds.txt
2014-08-30 20:59 - 2014-08-30 20:59 - 00002648 _____ () C:\Users\Crystal\Desktop\attach.txt
2014-08-30 20:54 - 2014-08-30 20:54 - 00688992 ____R (Swearware) C:\Users\Crystal\Downloads\dds.com
2014-08-30 00:09 - 2014-08-30 00:09 - 00003144 _____ () C:\Windows\System32\Tasks\{FD9572F5-26EA-449F-A2C3-6F35B8B3707A}
2014-08-30 00:04 - 2014-08-30 00:04 - 00007519 _____ () C:\Users\Crystal\Downloads\hijackthis.log
2014-08-30 00:02 - 2014-08-30 00:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis (1).exe
2014-08-30 00:01 - 2014-08-30 00:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis.exe
2014-08-28 13:33 - 2014-08-28 13:33 - 00001857 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\ooVoo Details
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-08-28 13:30 - 2014-08-28 13:30 - 00126328 _____ (Premium Installer ) C:\Users\Crystal\Downloads\Setup (1).exe
2014-08-28 13:28 - 2014-08-28 13:29 - 02387520 _____ (ooVoo LLC) C:\Users\Crystal\Downloads\ooVooSetup.exe
2014-08-28 08:17 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:17 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:17 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 23:53 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 23:53 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 23:53 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 23:53 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 23:52 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-24 23:52 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 23:52 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-24 23:52 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 23:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-24 23:52 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 23:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-14 03:03 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 03:03 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 03:03 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 03:02 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 03:02 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 03:02 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 02:25 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 02:25 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 02:25 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 02:25 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 02:25 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 02:25 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 02:25 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 02:25 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 02:25 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 02:25 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 02:25 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 02:25 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 02:25 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 02:25 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 02:25 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 02:25 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 02:25 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 02:25 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 02:25 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 02:25 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 02:25 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 02:25 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 02:25 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 02:25 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 02:25 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 02:25 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 02:25 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 02:25 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 02:25 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 02:25 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 02:24 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 02:24 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 02:24 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 02:24 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 02:24 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 02:24 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 02:24 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 02:24 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 02:24 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 02:24 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 02:24 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 02:24 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 02:24 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 02:24 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 02:24 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 02:24 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 02:24 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 02:24 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 02:24 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 02:24 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 02:24 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 02:24 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 02:24 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 02:24 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 02:24 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 02:24 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 02:19 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 02:19 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 02:19 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 02:19 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 02:15 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 02:15 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 02:14 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 02:14 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 02:14 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 02:14 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 02:14 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 02:14 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 02:14 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 02:14 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 02:14 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 02:14 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 02:09 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 02:09 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 02:09 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 02:09 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 08:47 - 2014-09-01 20:57 - 00000000 ____D () C:\ProgramData\d83cd75a646c764
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Packages
2014-08-07 09:34 - 2014-08-07 09:34 - 00271360 _____ () C:\Users\Crystal\Documents\Awards banquet sign up.pub
2014-08-02 22:59 - 2014-08-02 22:59 - 00000000 ____D () C:\SUPERDelete
2014-08-02 22:57 - 2014-09-01 21:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-02 22:57 - 2014-08-17 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-02 22:57 - 2014-08-02 22:57 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\SUPERAntiSpyware.com
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-02 22:43 - 2014-08-02 22:45 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Crystal\Downloads\SUPERAntiSpyware.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 22:06 - 2014-09-01 22:05 - 00010238 _____ () C:\Users\Crystal\Desktop\FRST.txt
2014-09-01 22:05 - 2014-09-01 09:00 - 00000000 ____D () C:\FRST
2014-09-01 22:05 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 22:05 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 21:59 - 2014-07-19 08:56 - 00000000 ____D () C:\Users\Crystal\AppData\Local\StormAlerts
2014-09-01 21:59 - 2014-06-12 20:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 21:59 - 2014-06-12 10:04 - 00000000 ___RD () C:\Users\Crystal\Dropbox
2014-09-01 21:59 - 2014-06-12 10:03 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Dropbox
2014-09-01 21:58 - 2014-08-02 22:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-01 21:58 - 2014-06-12 20:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 21:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 21:58 - 2009-07-13 23:51 - 00024088 _____ () C:\Windows\setupact.log
2014-09-01 21:57 - 2014-06-12 21:57 - 00067456 _____ () C:\Windows\PFRO.log
2014-09-01 21:57 - 2014-06-10 01:17 - 01260771 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:56 - 2014-09-01 21:54 - 00000000 ____D () C:\AdwCleaner
2014-09-01 21:53 - 2014-09-01 21:53 - 01364531 _____ () C:\Users\Crystal\Desktop\AdwCleaner.exe
2014-09-01 21:25 - 2014-09-01 21:25 - 00002897 _____ () C:\Users\Crystal\Desktop\JRT.txt
2014-09-01 21:21 - 2009-07-13 21:34 - 00000601 _____ () C:\Windows\win.ini
2014-09-01 21:19 - 2014-09-01 21:19 - 01016261 _____ (Thisisu) C:\Users\Crystal\Downloads\JRT (1).exe
2014-09-01 21:18 - 2014-09-01 21:18 - 01016261 _____ (Thisisu) C:\Users\Crystal\Downloads\JRT.exe
2014-09-01 21:18 - 2014-09-01 21:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:04 - 2014-06-12 09:33 - 00000000 ____D () C:\Users\Crystal
2014-09-01 20:57 - 2014-09-01 20:57 - 00000000 ____D () C:\Program Files (x86)\SmaRtComparie
2014-09-01 20:57 - 2014-08-11 08:47 - 00000000 ____D () C:\ProgramData\d83cd75a646c764
2014-09-01 20:56 - 2014-09-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Realdeal
2014-09-01 19:22 - 2014-09-01 19:22 - 00247160 _____ (Premium Installer ) C:\Users\Crystal\Downloads\oovoo_Setup.exe
2014-09-01 19:22 - 2014-09-01 19:22 - 00247160 _____ (Premium Installer ) C:\Users\Crystal\Downloads\oovoo_Setup (1).exe
2014-09-01 16:03 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 09:27 - 2014-09-01 09:26 - 00022251 _____ () C:\Users\Crystal\Desktop\Addition.txt
2014-09-01 09:23 - 2014-09-01 09:23 - 03397632 _____ () C:\Users\Crystal\Downloads\pidenu38.msi
2014-09-01 09:05 - 2014-09-01 09:04 - 05185536 _____ (AVAST Software) C:\Users\Crystal\Desktop\aswmbr.exe
2014-09-01 08:58 - 2014-09-01 08:58 - 02104832 _____ (Farbar) C:\Users\Crystal\Desktop\FRST64.exe
2014-09-01 07:50 - 2014-05-21 18:32 - 00000000 ____D () C:\Users\Crystal\My Backup Files
2014-09-01 07:47 - 2014-09-01 07:47 - 00000016 ____H () C:\Users\Crystal\Downloads\SyncToy_413cb70e-8130-43eb-850f-f66e12811912.dat
2014-09-01 07:46 - 2014-09-01 07:46 - 00000016 ____H () C:\Users\Crystal\Desktop\SyncToy_4a628cb1-1d2b-4d04-962f-9c95d5dd5834.dat
2014-09-01 01:05 - 2014-09-01 01:05 - 00000016 ____H () C:\Users\Crystal\Documents\SyncToy_5474d566-bfbf-404d-83f5-da731e4ee3fd.dat
2014-08-30 20:59 - 2014-08-30 20:59 - 00014289 _____ () C:\Users\Crystal\Desktop\dds.txt
2014-08-30 20:59 - 2014-08-30 20:59 - 00002648 _____ () C:\Users\Crystal\Desktop\attach.txt
2014-08-30 20:54 - 2014-08-30 20:54 - 00688992 ____R (Swearware) C:\Users\Crystal\Downloads\dds.com
2014-08-30 03:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-30 03:17 - 2009-07-13 23:45 - 00404256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 00:09 - 2014-08-30 00:09 - 00003144 _____ () C:\Windows\System32\Tasks\{FD9572F5-26EA-449F-A2C3-6F35B8B3707A}
2014-08-30 00:07 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Crystal\Documents\Crystal-Transfer
2014-08-30 00:04 - 2014-08-30 00:04 - 00007519 _____ () C:\Users\Crystal\Downloads\hijackthis.log
2014-08-30 00:02 - 2014-08-30 00:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis (1).exe
2014-08-30 00:02 - 2014-08-30 00:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Crystal\Downloads\HijackThis.exe
2014-08-30 00:02 - 2014-06-12 09:33 - 00000000 ____D () C:\Users\Crystal\AppData\Local\VirtualStore
2014-08-28 21:40 - 2014-06-22 00:06 - 00000000 ____D () C:\Program Files\Dl_cats
2014-08-28 13:33 - 2014-08-28 13:33 - 00001857 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\ooVoo Details
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2014-08-28 13:33 - 2014-08-28 13:33 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-08-28 13:30 - 2014-08-28 13:30 - 00126328 _____ (Premium Installer ) C:\Users\Crystal\Downloads\Setup (1).exe
2014-08-28 13:29 - 2014-08-28 13:28 - 02387520 _____ (ooVoo LLC) C:\Users\Crystal\Downloads\ooVooSetup.exe
2014-08-22 21:07 - 2014-08-28 08:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-28 08:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-28 08:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 07:27 - 2014-08-02 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-14 06:01 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 06:01 - 2014-05-21 12:28 - 00001025 _____ () C:\Users\Crystal\Desktop\Dropbox.lnk
2014-08-14 03:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 03:14 - 2014-07-24 22:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:11 - 2014-07-24 22:39 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 03:01 - 2014-06-18 08:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-11 08:47 - 2014-08-11 08:47 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Packages
2014-08-07 09:34 - 2014-08-07 09:34 - 00271360 _____ () C:\Users\Crystal\Documents\Awards banquet sign up.pub
2014-08-06 21:06 - 2014-08-14 02:09 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-14 02:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 22:59 - 2014-08-02 22:59 - 00000000 ____D () C:\SUPERDelete
2014-08-02 22:57 - 2014-08-02 22:57 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\SUPERAntiSpyware.com
2014-08-02 22:57 - 2014-08-02 22:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-02 22:45 - 2014-08-02 22:43 - 18611048 _____ (SUPERAntiSpyware) C:\Users\Crystal\Downloads\SUPERAntiSpyware.exe

Some content of TEMP:
====================
C:\Users\Crystal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpetrklc.dll
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 00:48

==================== End Of Log ============================

 

Thank you again for your help!

 

Videot



#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 02 September 2014 - 05:41 AM

Hello, things seem to be better already. But I know we're not done yet!


Good to hear, and indeed, still a ways to go. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M8E72F296-55C9-4A64-93D5-AA9479106236&SearchSource=58&CUI=&UM=6&UP=SP0B5E3C52-9D53-49F4-BEA3-8C664F697825&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
2014-09-01 20:57 - 2014-09-01 20:57 - 00000000 ____D () C:\Program Files (x86)\SmaRtComparie
2014-09-01 20:56 - 2014-09-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Realdeal
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Fixlog.txt Log

TDSSKiller Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 September 2014 - 08:59 AM

Good morning!  Yeah, I agree that there's a little ways to go.  I ran the programs you gave me, and the results are below.  However, afterwards, she is having more trouble.

 

First, we have fixlog.txt==============================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Crystal at 2014-09-02 08:25:48 Run:2
Running from C:\Users\Crystal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M8E72F296-55C9-4A64-93D5-AA9479106236&SearchSource=58&CUI=&UM=6&UP=SP0B5E3C52-9D53-49F4-BEA3-8C664F697825&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
2014-09-01 20:57 - 2014-09-01 20:57 - 00000000 ____D () C:\PROGRAM Files (x86)\SmaRtComparie
2014-09-01 20:56 - 2014-09-01 20:56 - 00000000 ____D () C:\PROGRAM Files (x86)\Realdeal
End
*****************

Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Trovi search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\PROGRAM Files (x86)\SmaRtComparie => Moved successfully.
C:\PROGRAM Files (x86)\Realdeal => Moved successfully.

==== End of Fixlog ====

 

and next we have TDSSKiller's log==========================

08:32:46.0530 0x10a4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
08:32:52.0771 0x10a4  ============================================================
08:32:52.0771 0x10a4  Current date / time: 2014/09/02 08:32:52.0771
08:32:52.0771 0x10a4  SystemInfo:
08:32:52.0771 0x10a4  
08:32:52.0771 0x10a4  OS Version: 6.1.7601 ServicePack: 1.0
08:32:52.0771 0x10a4  Product type: Workstation
08:32:52.0771 0x10a4  ComputerName: CRYSTAL-PC
08:32:52.0771 0x10a4  UserName: Crystal
08:32:52.0771 0x10a4  Windows directory: C:\Windows
08:32:52.0771 0x10a4  System windows directory: C:\Windows
08:32:52.0771 0x10a4  Running under WOW64
08:32:52.0771 0x10a4  Processor architecture: Intel x64
08:32:52.0771 0x10a4  Number of processors: 4
08:32:52.0771 0x10a4  Page size: 0x1000
08:32:52.0771 0x10a4  Boot type: Normal boot
08:32:52.0771 0x10a4  ============================================================
08:32:54.0778 0x10a4  KLMD registered as C:\Windows\system32\drivers\67653755.sys
08:32:54.0920 0x10a4  System UUID: {213668DC-6805-645C-30A8-835818C06C42}
08:32:55.0413 0x10a4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:32:55.0427 0x10a4  ============================================================
08:32:55.0427 0x10a4  \Device\Harddisk0\DR0:
08:32:55.0427 0x10a4  MBR partitions:
08:32:55.0427 0x10a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:32:55.0427 0x10a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:32:55.0427 0x10a4  ============================================================
08:32:55.0467 0x10a4  C: <-> \Device\Harddisk0\DR0\Partition2
08:32:55.0467 0x10a4  ============================================================
08:32:55.0468 0x10a4  Initialize success
08:32:55.0468 0x10a4  ============================================================
08:33:54.0062 0x0e00  ============================================================
08:33:54.0062 0x0e00  Scan started
08:33:54.0062 0x0e00  Mode: Manual; SigCheck; TDLFS;
08:33:54.0062 0x0e00  ============================================================
08:33:54.0062 0x0e00  KSN ping started
08:33:56.0829 0x0e00  KSN ping finished: true
08:33:57.0632 0x0e00  ================ Scan system memory ========================
08:33:57.0632 0x0e00  System memory - ok
08:33:57.0632 0x0e00  ================ Scan services =============================
08:33:57.0733 0x0e00  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
08:33:57.0774 0x0e00  !SASCORE - ok
08:33:57.0974 0x0e00  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:33:58.0023 0x0e00  1394ohci - ok
08:33:58.0100 0x0e00  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:33:58.0119 0x0e00  ACPI - ok
08:33:58.0133 0x0e00  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:33:58.0173 0x0e00  AcpiPmi - ok
08:33:58.0245 0x0e00  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:33:58.0270 0x0e00  adp94xx - ok
08:33:58.0309 0x0e00  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:33:58.0330 0x0e00  adpahci - ok
08:33:58.0364 0x0e00  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:33:58.0379 0x0e00  adpu320 - ok
08:33:58.0415 0x0e00  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:33:58.0473 0x0e00  AeLookupSvc - ok
08:33:58.0545 0x0e00  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
08:33:58.0623 0x0e00  AFD - ok
08:33:58.0687 0x0e00  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
08:33:58.0699 0x0e00  agp440 - ok
08:33:58.0727 0x0e00  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
08:33:58.0791 0x0e00  ALG - ok
08:33:58.0836 0x0e00  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:33:58.0846 0x0e00  aliide - ok
08:33:58.0889 0x0e00  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:33:58.0899 0x0e00  amdide - ok
08:33:58.0943 0x0e00  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:33:58.0990 0x0e00  AmdK8 - ok
08:33:59.0010 0x0e00  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:33:59.0049 0x0e00  AmdPPM - ok
08:33:59.0124 0x0e00  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:33:59.0153 0x0e00  amdsata - ok
08:33:59.0181 0x0e00  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:33:59.0197 0x0e00  amdsbs - ok
08:33:59.0215 0x0e00  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:33:59.0225 0x0e00  amdxata - ok
08:33:59.0283 0x0e00  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
08:33:59.0341 0x0e00  AppID - ok
08:33:59.0362 0x0e00  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:33:59.0430 0x0e00  AppIDSvc - ok
08:33:59.0464 0x0e00  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
08:33:59.0542 0x0e00  Appinfo - ok
08:33:59.0695 0x0e00  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:33:59.0704 0x0e00  Apple Mobile Device - ok
08:33:59.0733 0x0e00  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:33:59.0746 0x0e00  arc - ok
08:33:59.0751 0x0e00  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:33:59.0764 0x0e00  arcsas - ok
08:33:59.0908 0x0e00  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:33:59.0921 0x0e00  aspnet_state - ok
08:33:59.0947 0x0e00  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:34:00.0000 0x0e00  AsyncMac - ok
08:34:00.0045 0x0e00  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:34:00.0055 0x0e00  atapi - ok
08:34:00.0181 0x0e00  [ 80D6820DDB5427363A9D3F2137441C83, FF26B6DABDD3037EAA46BF5231B2A5A6C810E32CA63B1D7F0A573B9F220DF9A5 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
08:34:00.0308 0x0e00  athr - ok
08:34:00.0389 0x0e00  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:34:00.0470 0x0e00  AudioEndpointBuilder - ok
08:34:00.0511 0x0e00  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:34:00.0563 0x0e00  AudioSrv - ok
08:34:00.0619 0x0e00  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:34:00.0691 0x0e00  AxInstSV - ok
08:34:00.0742 0x0e00  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:34:00.0813 0x0e00  b06bdrv - ok
08:34:00.0865 0x0e00  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:34:00.0911 0x0e00  b57nd60a - ok
08:34:00.0953 0x0e00  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:34:01.0024 0x0e00  BDESVC - ok
08:34:01.0051 0x0e00  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:34:01.0132 0x0e00  Beep - ok
08:34:01.0213 0x0e00  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
08:34:01.0291 0x0e00  BFE - ok
08:34:01.0357 0x0e00  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
08:34:01.0416 0x0e00  BITS - ok
08:34:01.0443 0x0e00  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:34:01.0478 0x0e00  blbdrive - ok
08:34:01.0529 0x0e00  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:34:01.0549 0x0e00  Bonjour Service - ok
08:34:01.0600 0x0e00  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:34:01.0633 0x0e00  bowser - ok
08:34:01.0678 0x0e00  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:34:01.0709 0x0e00  BrFiltLo - ok
08:34:01.0737 0x0e00  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:34:01.0752 0x0e00  BrFiltUp - ok
08:34:01.0808 0x0e00  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
08:34:01.0846 0x0e00  Browser - ok
08:34:01.0893 0x0e00  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:34:01.0943 0x0e00  Brserid - ok
08:34:01.0986 0x0e00  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:34:02.0017 0x0e00  BrSerWdm - ok
08:34:02.0042 0x0e00  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:34:02.0091 0x0e00  BrUsbMdm - ok
08:34:02.0130 0x0e00  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:34:02.0145 0x0e00  BrUsbSer - ok
08:34:02.0166 0x0e00  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:34:02.0205 0x0e00  BTHMODEM - ok
08:34:02.0251 0x0e00  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
08:34:02.0312 0x0e00  bthserv - ok
08:34:02.0339 0x0e00  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:34:02.0400 0x0e00  cdfs - ok
08:34:02.0468 0x0e00  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
08:34:02.0508 0x0e00  cdrom - ok
08:34:02.0576 0x0e00  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:34:02.0612 0x0e00  CertPropSvc - ok
08:34:02.0655 0x0e00  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:34:02.0685 0x0e00  circlass - ok
08:34:02.0730 0x0e00  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
08:34:02.0751 0x0e00  CLFS - ok
08:34:02.0846 0x0e00  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:02.0859 0x0e00  clr_optimization_v2.0.50727_32 - ok
08:34:02.0935 0x0e00  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:02.0948 0x0e00  clr_optimization_v2.0.50727_64 - ok
08:34:03.0040 0x0e00  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:03.0054 0x0e00  clr_optimization_v4.0.30319_32 - ok
08:34:03.0073 0x0e00  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:03.0088 0x0e00  clr_optimization_v4.0.30319_64 - ok
08:34:03.0114 0x0e00  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:34:03.0149 0x0e00  CmBatt - ok
08:34:03.0184 0x0e00  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:34:03.0195 0x0e00  cmdide - ok
08:34:03.0269 0x0e00  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
08:34:03.0310 0x0e00  CNG - ok
08:34:03.0353 0x0e00  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:34:03.0364 0x0e00  Compbatt - ok
08:34:03.0420 0x0e00  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:34:03.0466 0x0e00  CompositeBus - ok
08:34:03.0492 0x0e00  COMSysApp - ok
08:34:03.0581 0x0e00  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:34:03.0603 0x0e00  cphs - ok
08:34:03.0624 0x0e00  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:34:03.0635 0x0e00  crcdisk - ok
08:34:03.0702 0x0e00  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:34:03.0763 0x0e00  CryptSvc - ok
08:34:03.0839 0x0e00  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:34:03.0901 0x0e00  DcomLaunch - ok
08:34:03.0928 0x0e00  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:34:03.0994 0x0e00  defragsvc - ok
08:34:04.0062 0x0e00  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:34:04.0135 0x0e00  DfsC - ok
08:34:04.0211 0x0e00  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:34:04.0287 0x0e00  Dhcp - ok
08:34:04.0323 0x0e00  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
08:34:04.0380 0x0e00  discache - ok
08:34:04.0435 0x0e00  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:34:04.0447 0x0e00  Disk - ok
08:34:04.0461 0x0e00  dlcd_device - ok
08:34:04.0514 0x0e00  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:34:04.0585 0x0e00  Dnscache - ok
08:34:04.0643 0x0e00  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:34:04.0699 0x0e00  dot3svc - ok
08:34:04.0760 0x0e00  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
08:34:04.0811 0x0e00  DPS - ok
08:34:04.0881 0x0e00  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:34:04.0912 0x0e00  drmkaud - ok
08:34:04.0981 0x0e00  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:34:05.0016 0x0e00  DXGKrnl - ok
08:34:05.0061 0x0e00  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
08:34:05.0113 0x0e00  EapHost - ok
08:34:05.0246 0x0e00  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:34:05.0409 0x0e00  ebdrv - ok
08:34:05.0455 0x0e00  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
08:34:05.0528 0x0e00  EFS - ok
08:34:05.0626 0x0e00  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:34:05.0699 0x0e00  ehRecvr - ok
08:34:05.0732 0x0e00  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
08:34:05.0778 0x0e00  ehSched - ok
08:34:05.0831 0x0e00  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:34:05.0858 0x0e00  elxstor - ok
08:34:05.0896 0x0e00  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:34:05.0924 0x0e00  ErrDev - ok
08:34:05.0985 0x0e00  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
08:34:06.0041 0x0e00  EventSystem - ok
08:34:06.0066 0x0e00  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:34:06.0123 0x0e00  exfat - ok
08:34:06.0143 0x0e00  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:34:06.0199 0x0e00  fastfat - ok
08:34:06.0285 0x0e00  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
08:34:06.0356 0x0e00  Fax - ok
08:34:06.0387 0x0e00  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:34:06.0413 0x0e00  fdc - ok
08:34:06.0441 0x0e00  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
08:34:06.0476 0x0e00  fdPHost - ok
08:34:06.0488 0x0e00  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:34:06.0545 0x0e00  FDResPub - ok
08:34:06.0570 0x0e00  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:34:06.0582 0x0e00  FileInfo - ok
08:34:06.0604 0x0e00  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:34:06.0670 0x0e00  Filetrace - ok
08:34:06.0692 0x0e00  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:34:06.0704 0x0e00  flpydisk - ok
08:34:06.0760 0x0e00  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:34:06.0778 0x0e00  FltMgr - ok
08:34:06.0867 0x0e00  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
08:34:06.0927 0x0e00  FontCache - ok
08:34:06.0987 0x0e00  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:34:06.0997 0x0e00  FontCache3.0.0.0 - ok
08:34:07.0032 0x0e00  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:34:07.0043 0x0e00  FsDepends - ok
08:34:07.0099 0x0e00  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:34:07.0109 0x0e00  Fs_Rec - ok
08:34:07.0168 0x0e00  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:34:07.0187 0x0e00  fvevol - ok
08:34:07.0228 0x0e00  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:34:07.0240 0x0e00  gagp30kx - ok
08:34:07.0289 0x0e00  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:34:07.0298 0x0e00  GEARAspiWDM - ok
08:34:07.0382 0x0e00  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:34:07.0454 0x0e00  gpsvc - ok
08:34:07.0560 0x0e00  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:07.0572 0x0e00  gupdate - ok
08:34:07.0591 0x0e00  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:07.0601 0x0e00  gupdatem - ok
08:34:07.0613 0x0e00  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:34:07.0670 0x0e00  hcw85cir - ok
08:34:07.0728 0x0e00  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:34:07.0769 0x0e00  HdAudAddService - ok
08:34:07.0838 0x0e00  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:34:07.0880 0x0e00  HDAudBus - ok
08:34:07.0917 0x0e00  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:34:07.0945 0x0e00  HidBatt - ok
08:34:07.0951 0x0e00  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:34:07.0979 0x0e00  HidBth - ok
08:34:08.0006 0x0e00  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:34:08.0037 0x0e00  HidIr - ok
08:34:08.0077 0x0e00  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
08:34:08.0126 0x0e00  hidserv - ok
08:34:08.0191 0x0e00  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:34:08.0216 0x0e00  HidUsb - ok
08:34:08.0261 0x0e00  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:34:08.0333 0x0e00  hkmsvc - ok
08:34:08.0385 0x0e00  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:34:08.0446 0x0e00  HomeGroupListener - ok
08:34:08.0492 0x0e00  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:34:08.0524 0x0e00  HomeGroupProvider - ok
08:34:08.0574 0x0e00  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:34:08.0587 0x0e00  HpSAMD - ok
08:34:08.0652 0x0e00  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:34:08.0718 0x0e00  HTTP - ok
08:34:08.0781 0x0e00  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:34:08.0790 0x0e00  hwpolicy - ok
08:34:08.0847 0x0e00  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:34:08.0862 0x0e00  i8042prt - ok
08:34:08.0912 0x0e00  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:34:08.0934 0x0e00  iaStorV - ok
08:34:09.0023 0x0e00  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:34:09.0060 0x0e00  idsvc - ok
08:34:09.0082 0x0e00  IEEtwCollectorService - ok
08:34:09.0306 0x0e00  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:34:09.0567 0x0e00  igfx - ok
08:34:09.0618 0x0e00  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:34:09.0630 0x0e00  iirsp - ok
08:34:09.0685 0x0e00  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
08:34:09.0750 0x0e00  IKEEXT - ok
08:34:09.0817 0x0e00  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
08:34:09.0860 0x0e00  IntcDAud - ok
08:34:09.0879 0x0e00  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:34:09.0890 0x0e00  intelide - ok
08:34:09.0928 0x0e00  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:34:09.0956 0x0e00  intelppm - ok
08:34:09.0974 0x0e00  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:34:10.0023 0x0e00  IPBusEnum - ok
08:34:10.0064 0x0e00  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:34:10.0114 0x0e00  IpFilterDriver - ok
08:34:10.0165 0x0e00  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:34:10.0217 0x0e00  iphlpsvc - ok
08:34:10.0251 0x0e00  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:34:10.0287 0x0e00  IPMIDRV - ok
08:34:10.0336 0x0e00  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:34:10.0382 0x0e00  IPNAT - ok
08:34:10.0471 0x0e00  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:34:10.0496 0x0e00  iPod Service - ok
08:34:10.0518 0x0e00  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:34:10.0535 0x0e00  IRENUM - ok
08:34:10.0570 0x0e00  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:34:10.0581 0x0e00  isapnp - ok
08:34:10.0629 0x0e00  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:34:10.0648 0x0e00  iScsiPrt - ok
08:34:10.0664 0x0e00  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:34:10.0674 0x0e00  kbdclass - ok
08:34:10.0722 0x0e00  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:34:10.0756 0x0e00  kbdhid - ok
08:34:10.0789 0x0e00  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
08:34:10.0801 0x0e00  KeyIso - ok
08:34:10.0852 0x0e00  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:34:10.0864 0x0e00  KSecDD - ok
08:34:10.0883 0x0e00  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:34:10.0897 0x0e00  KSecPkg - ok
08:34:10.0935 0x0e00  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:34:10.0986 0x0e00  ksthunk - ok
08:34:11.0026 0x0e00  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:34:11.0099 0x0e00  KtmRm - ok
08:34:11.0187 0x0e00  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:34:11.0243 0x0e00  LanmanServer - ok
08:34:11.0291 0x0e00  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:34:11.0337 0x0e00  LanmanWorkstation - ok
08:34:11.0375 0x0e00  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:34:11.0429 0x0e00  lltdio - ok
08:34:11.0483 0x0e00  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:34:11.0543 0x0e00  lltdsvc - ok
08:34:11.0571 0x0e00  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:34:11.0607 0x0e00  lmhosts - ok
08:34:11.0636 0x0e00  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:34:11.0650 0x0e00  LSI_FC - ok
08:34:11.0666 0x0e00  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:34:11.0679 0x0e00  LSI_SAS - ok
08:34:11.0695 0x0e00  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:34:11.0706 0x0e00  LSI_SAS2 - ok
08:34:11.0750 0x0e00  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:34:11.0763 0x0e00  LSI_SCSI - ok
08:34:11.0781 0x0e00  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:34:11.0834 0x0e00  luafv - ok
08:34:11.0872 0x0e00  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:34:11.0888 0x0e00  Mcx2Svc - ok
08:34:11.0919 0x0e00  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:34:11.0930 0x0e00  megasas - ok
08:34:11.0969 0x0e00  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:34:11.0988 0x0e00  MegaSR - ok
08:34:12.0013 0x0e00  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
08:34:12.0068 0x0e00  MMCSS - ok
08:34:12.0092 0x0e00  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
08:34:12.0140 0x0e00  Modem - ok
08:34:12.0174 0x0e00  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:34:12.0193 0x0e00  monitor - ok
08:34:12.0218 0x0e00  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:34:12.0228 0x0e00  mouclass - ok
08:34:12.0274 0x0e00  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:34:12.0314 0x0e00  mouhid - ok
08:34:12.0385 0x0e00  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:34:12.0398 0x0e00  mountmgr - ok
08:34:12.0459 0x0e00  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
08:34:12.0479 0x0e00  MpFilter - ok
08:34:12.0495 0x0e00  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:34:12.0510 0x0e00  mpio - ok
08:34:12.0544 0x0e00  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:34:12.0581 0x0e00  mpsdrv - ok
08:34:12.0654 0x0e00  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:34:12.0723 0x0e00  MpsSvc - ok
08:34:12.0767 0x0e00  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:34:12.0821 0x0e00  MRxDAV - ok
08:34:12.0874 0x0e00  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:34:12.0906 0x0e00  mrxsmb - ok
08:34:12.0924 0x0e00  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:34:12.0968 0x0e00  mrxsmb10 - ok
08:34:13.0009 0x0e00  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:34:13.0030 0x0e00  mrxsmb20 - ok
08:34:13.0068 0x0e00  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:34:13.0079 0x0e00  msahci - ok
08:34:13.0123 0x0e00  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:34:13.0137 0x0e00  msdsm - ok
08:34:13.0155 0x0e00  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
08:34:13.0193 0x0e00  MSDTC - ok
08:34:13.0232 0x0e00  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:34:13.0267 0x0e00  Msfs - ok
08:34:13.0282 0x0e00  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:34:13.0340 0x0e00  mshidkmdf - ok
08:34:13.0374 0x0e00  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:34:13.0384 0x0e00  msisadrv - ok
08:34:13.0409 0x0e00  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:34:13.0449 0x0e00  MSiSCSI - ok
08:34:13.0452 0x0e00  msiserver - ok
08:34:13.0485 0x0e00  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:34:13.0531 0x0e00  MSKSSRV - ok
08:34:13.0625 0x0e00  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:34:13.0636 0x0e00  MsMpSvc - ok
08:34:13.0656 0x0e00  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:34:13.0690 0x0e00  MSPCLOCK - ok
08:34:13.0728 0x0e00  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:34:13.0789 0x0e00  MSPQM - ok
08:34:13.0842 0x0e00  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:34:13.0863 0x0e00  MsRPC - ok
08:34:13.0909 0x0e00  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:34:13.0920 0x0e00  mssmbios - ok
08:34:13.0942 0x0e00  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:34:13.0983 0x0e00  MSTEE - ok
08:34:14.0000 0x0e00  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:34:14.0012 0x0e00  MTConfig - ok
08:34:14.0030 0x0e00  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:34:14.0041 0x0e00  Mup - ok
08:34:14.0106 0x0e00  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
08:34:14.0167 0x0e00  napagent - ok
08:34:14.0237 0x0e00  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:34:14.0314 0x0e00  NativeWifiP - ok
08:34:14.0508 0x0e00  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:34:14.0546 0x0e00  NDIS - ok
08:34:14.0577 0x0e00  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:34:14.0623 0x0e00  NdisCap - ok
08:34:14.0643 0x0e00  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:34:14.0704 0x0e00  NdisTapi - ok
08:34:14.0766 0x0e00  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:34:14.0808 0x0e00  Ndisuio - ok
08:34:14.0859 0x0e00  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:34:14.0900 0x0e00  NdisWan - ok
08:34:14.0946 0x0e00  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:34:14.0998 0x0e00  NDProxy - ok
08:34:15.0047 0x0e00  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:34:15.0105 0x0e00  NetBIOS - ok
08:34:15.0150 0x0e00  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:34:15.0215 0x0e00  NetBT - ok
08:34:15.0245 0x0e00  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
08:34:15.0256 0x0e00  Netlogon - ok
08:34:15.0299 0x0e00  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
08:34:15.0351 0x0e00  Netman - ok
08:34:15.0403 0x0e00  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:15.0418 0x0e00  NetMsmqActivator - ok
08:34:15.0424 0x0e00  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:15.0438 0x0e00  NetPipeActivator - ok
08:34:15.0474 0x0e00  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
08:34:15.0533 0x0e00  netprofm - ok
08:34:15.0539 0x0e00  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:15.0554 0x0e00  NetTcpActivator - ok
08:34:15.0560 0x0e00  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:34:15.0575 0x0e00  NetTcpPortSharing - ok
08:34:15.0619 0x0e00  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:34:15.0630 0x0e00  nfrd960 - ok
08:34:15.0668 0x0e00  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:34:15.0684 0x0e00  NisDrv - ok
08:34:15.0719 0x0e00  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
08:34:15.0739 0x0e00  NisSrv - ok
08:34:15.0796 0x0e00  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:34:15.0827 0x0e00  NlaSvc - ok
08:34:15.0847 0x0e00  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:34:15.0882 0x0e00  Npfs - ok
08:34:15.0910 0x0e00  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
08:34:15.0946 0x0e00  nsi - ok
08:34:15.0970 0x0e00  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:34:16.0027 0x0e00  nsiproxy - ok
08:34:16.0121 0x0e00  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:34:16.0182 0x0e00  Ntfs - ok
08:34:16.0230 0x0e00  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
08:34:16.0289 0x0e00  Null - ok
08:34:16.0319 0x0e00  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:34:16.0333 0x0e00  nvraid - ok
08:34:16.0380 0x0e00  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:34:16.0394 0x0e00  nvstor - ok
08:34:16.0425 0x0e00  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:34:16.0438 0x0e00  nv_agp - ok
08:34:16.0466 0x0e00  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:34:16.0480 0x0e00  ohci1394 - ok
08:34:16.0516 0x0e00  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:34:16.0540 0x0e00  p2pimsvc - ok
08:34:16.0562 0x0e00  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
08:34:16.0588 0x0e00  p2psvc - ok
08:34:16.0608 0x0e00  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:34:16.0623 0x0e00  Parport - ok
08:34:16.0671 0x0e00  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:34:16.0683 0x0e00  partmgr - ok
08:34:16.0709 0x0e00  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:34:16.0743 0x0e00  PcaSvc - ok
08:34:16.0794 0x0e00  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
08:34:16.0809 0x0e00  pci - ok
08:34:16.0861 0x0e00  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:34:16.0871 0x0e00  pciide - ok
08:34:16.0902 0x0e00  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:34:16.0919 0x0e00  pcmcia - ok
08:34:16.0931 0x0e00  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:34:16.0942 0x0e00  pcw - ok
08:34:16.0976 0x0e00  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:34:17.0059 0x0e00  PEAUTH - ok
08:34:17.0167 0x0e00  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:34:17.0194 0x0e00  PerfHost - ok
08:34:17.0288 0x0e00  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
08:34:17.0382 0x0e00  pla - ok
08:34:17.0440 0x0e00  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:34:17.0501 0x0e00  PlugPlay - ok
08:34:17.0533 0x0e00  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:34:17.0569 0x0e00  PNRPAutoReg - ok
08:34:17.0605 0x0e00  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:34:17.0626 0x0e00  PNRPsvc - ok
08:34:17.0678 0x0e00  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:34:17.0748 0x0e00  PolicyAgent - ok
08:34:17.0778 0x0e00  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
08:34:17.0823 0x0e00  Power - ok
08:34:17.0883 0x0e00  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:34:17.0942 0x0e00  PptpMiniport - ok
08:34:17.0977 0x0e00  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:34:18.0006 0x0e00  Processor - ok
08:34:18.0056 0x0e00  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:34:18.0085 0x0e00  ProfSvc - ok
08:34:18.0100 0x0e00  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:34:18.0112 0x0e00  ProtectedStorage - ok
08:34:18.0163 0x0e00  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:34:18.0215 0x0e00  Psched - ok
08:34:18.0298 0x0e00  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:34:18.0354 0x0e00  ql2300 - ok
08:34:18.0394 0x0e00  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:34:18.0408 0x0e00  ql40xx - ok
08:34:18.0444 0x0e00  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
08:34:18.0469 0x0e00  QWAVE - ok
08:34:18.0477 0x0e00  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:34:18.0512 0x0e00  QWAVEdrv - ok
08:34:18.0538 0x0e00  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:34:18.0591 0x0e00  RasAcd - ok
08:34:18.0640 0x0e00  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:34:18.0675 0x0e00  RasAgileVpn - ok
08:34:18.0698 0x0e00  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
08:34:18.0750 0x0e00  RasAuto - ok
08:34:18.0809 0x0e00  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:34:18.0854 0x0e00  Rasl2tp - ok
08:34:18.0876 0x0e00  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
08:34:18.0922 0x0e00  RasMan - ok
08:34:18.0959 0x0e00  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:34:19.0010 0x0e00  RasPppoe - ok
08:34:19.0039 0x0e00  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:34:19.0085 0x0e00  RasSstp - ok
08:34:19.0134 0x0e00  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:34:19.0188 0x0e00  rdbss - ok
08:34:19.0208 0x0e00  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:34:19.0224 0x0e00  rdpbus - ok
08:34:19.0243 0x0e00  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:34:19.0284 0x0e00  RDPCDD - ok
08:34:19.0309 0x0e00  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:34:19.0359 0x0e00  RDPENCDD - ok
08:34:19.0385 0x0e00  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:34:19.0419 0x0e00  RDPREFMP - ok
08:34:19.0524 0x0e00  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:34:19.0559 0x0e00  RdpVideoMiniport - ok
08:34:19.0600 0x0e00  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:34:19.0650 0x0e00  RDPWD - ok
08:34:19.0700 0x0e00  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:34:19.0715 0x0e00  rdyboost - ok
08:34:19.0755 0x0e00  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:34:19.0816 0x0e00  RemoteAccess - ok
08:34:19.0853 0x0e00  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:34:19.0909 0x0e00  RemoteRegistry - ok
08:34:19.0926 0x0e00  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:34:19.0982 0x0e00  RpcEptMapper - ok
08:34:20.0012 0x0e00  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
08:34:20.0041 0x0e00  RpcLocator - ok
08:34:20.0096 0x0e00  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
08:34:20.0146 0x0e00  RpcSs - ok
08:34:20.0180 0x0e00  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:34:20.0216 0x0e00  rspndr - ok
08:34:20.0305 0x0e00  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:34:20.0327 0x0e00  RTL8167 - ok
08:34:20.0377 0x0e00  [ E3AA12FAA3192D1090B9069C3925373B, 5D668F32AC17382ADC4F7A1516A6EA49A9342E7C28F16B7E46374FCB988A9D9E ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
08:34:20.0397 0x0e00  RTL8169 - ok
08:34:20.0411 0x0e00  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
08:34:20.0423 0x0e00  SamSs - ok
08:34:20.0475 0x0e00  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:34:20.0483 0x0e00  SASDIFSV - ok
08:34:20.0499 0x0e00  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:34:20.0507 0x0e00  SASKUTIL - ok
08:34:20.0546 0x0e00  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:34:20.0560 0x0e00  sbp2port - ok
08:34:20.0594 0x0e00  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:34:20.0657 0x0e00  SCardSvr - ok
08:34:20.0693 0x0e00  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:34:20.0734 0x0e00  scfilter - ok
08:34:20.0811 0x0e00  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
08:34:20.0901 0x0e00  Schedule - ok
08:34:20.0943 0x0e00  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:34:20.0979 0x0e00  SCPolicySvc - ok
08:34:21.0023 0x0e00  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:34:21.0087 0x0e00  SDRSVC - ok
08:34:21.0115 0x0e00  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:34:21.0166 0x0e00  secdrv - ok
08:34:21.0202 0x0e00  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
08:34:21.0256 0x0e00  seclogon - ok
08:34:21.0295 0x0e00  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
08:34:21.0351 0x0e00  SENS - ok
08:34:21.0383 0x0e00  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:34:21.0442 0x0e00  SensrSvc - ok
08:34:21.0460 0x0e00  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:34:21.0487 0x0e00  Serenum - ok
08:34:21.0513 0x0e00  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:34:21.0527 0x0e00  Serial - ok
08:34:21.0576 0x0e00  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:34:21.0597 0x0e00  sermouse - ok
08:34:21.0643 0x0e00  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
08:34:21.0682 0x0e00  SessionEnv - ok
08:34:21.0715 0x0e00  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:34:21.0744 0x0e00  sffdisk - ok
08:34:21.0760 0x0e00  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:34:21.0785 0x0e00  sffp_mmc - ok
08:34:21.0802 0x0e00  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:34:21.0826 0x0e00  sffp_sd - ok
08:34:21.0853 0x0e00  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:34:21.0879 0x0e00  sfloppy - ok
08:34:21.0931 0x0e00  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:34:22.0003 0x0e00  SharedAccess - ok
08:34:22.0062 0x0e00  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:34:22.0119 0x0e00  ShellHWDetection - ok
08:34:22.0155 0x0e00  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:34:22.0167 0x0e00  SiSRaid2 - ok
08:34:22.0178 0x0e00  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:34:22.0190 0x0e00  SiSRaid4 - ok
08:34:22.0200 0x0e00  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:34:22.0259 0x0e00  Smb - ok
08:34:22.0311 0x0e00  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:34:22.0328 0x0e00  SNMPTRAP - ok
08:34:22.0358 0x0e00  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:34:22.0368 0x0e00  spldr - ok
08:34:22.0428 0x0e00  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
08:34:22.0488 0x0e00  Spooler - ok
08:34:22.0649 0x0e00  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:34:22.0851 0x0e00  sppsvc - ok
08:34:22.0891 0x0e00  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:34:22.0946 0x0e00  sppuinotify - ok
08:34:23.0004 0x0e00  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:34:23.0045 0x0e00  srv - ok
08:34:23.0074 0x0e00  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:34:23.0137 0x0e00  srv2 - ok
08:34:23.0183 0x0e00  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:34:23.0227 0x0e00  srvnet - ok
08:34:23.0267 0x0e00  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:34:23.0330 0x0e00  SSDPSRV - ok
08:34:23.0350 0x0e00  ssnfd - ok
08:34:23.0368 0x0e00  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:34:23.0407 0x0e00  SstpSvc - ok
08:34:23.0430 0x0e00  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:34:23.0441 0x0e00  stexstor - ok
08:34:23.0505 0x0e00  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
08:34:23.0561 0x0e00  stisvc - ok
08:34:23.0601 0x0e00  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:34:23.0611 0x0e00  swenum - ok
08:34:23.0649 0x0e00  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
08:34:23.0708 0x0e00  swprv - ok
08:34:23.0809 0x0e00  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
08:34:23.0884 0x0e00  SysMain - ok
08:34:23.0933 0x0e00  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:34:23.0967 0x0e00  TabletInputService - ok
08:34:23.0991 0x0e00  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:34:24.0044 0x0e00  TapiSrv - ok
08:34:24.0070 0x0e00  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
08:34:24.0114 0x0e00  TBS - ok
08:34:24.0218 0x0e00  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:34:24.0286 0x0e00  Tcpip - ok
08:34:24.0374 0x0e00  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:34:24.0435 0x0e00  TCPIP6 - ok
08:34:24.0483 0x0e00  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:34:24.0533 0x0e00  tcpipreg - ok
08:34:24.0574 0x0e00  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:34:24.0604 0x0e00  TDPIPE - ok
08:34:24.0634 0x0e00  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:34:24.0659 0x0e00  TDTCP - ok
08:34:24.0712 0x0e00  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:34:24.0750 0x0e00  tdx - ok
08:34:24.0764 0x0e00  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:34:24.0774 0x0e00  TermDD - ok
08:34:24.0842 0x0e00  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
08:34:24.0901 0x0e00  TermService - ok
08:34:24.0926 0x0e00  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
08:34:24.0967 0x0e00  Themes - ok
08:34:24.0992 0x0e00  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
08:34:25.0028 0x0e00  THREADORDER - ok
08:34:25.0048 0x0e00  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
08:34:25.0100 0x0e00  TrkWks - ok
08:34:25.0190 0x0e00  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:34:25.0230 0x0e00  TrustedInstaller - ok
08:34:25.0273 0x0e00  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:34:25.0302 0x0e00  tssecsrv - ok
08:34:25.0362 0x0e00  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:34:25.0409 0x0e00  TsUsbFlt - ok
08:34:25.0473 0x0e00  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:34:25.0511 0x0e00  tunnel - ok
08:34:25.0530 0x0e00  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:34:25.0542 0x0e00  uagp35 - ok
08:34:25.0589 0x0e00  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:34:25.0633 0x0e00  udfs - ok
08:34:25.0666 0x0e00  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:34:25.0680 0x0e00  UI0Detect - ok
08:34:25.0703 0x0e00  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:34:25.0715 0x0e00  uliagpkx - ok
08:34:25.0782 0x0e00  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
08:34:25.0804 0x0e00  umbus - ok
08:34:25.0827 0x0e00  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:34:25.0848 0x0e00  UmPass - ok
08:34:25.0882 0x0e00  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
08:34:25.0951 0x0e00  upnphost - ok
08:34:26.0006 0x0e00  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
08:34:26.0066 0x0e00  USBAAPL64 - ok
08:34:26.0130 0x0e00  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:34:26.0187 0x0e00  usbccgp - ok
08:34:26.0248 0x0e00  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:34:26.0296 0x0e00  usbcir - ok
08:34:26.0344 0x0e00  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:34:26.0378 0x0e00  usbehci - ok
08:34:26.0508 0x0e00  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:34:26.0539 0x0e00  usbhub - ok
08:34:26.0567 0x0e00  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:34:26.0579 0x0e00  usbohci - ok
08:34:26.0607 0x0e00  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:34:26.0627 0x0e00  usbprint - ok
08:34:26.0648 0x0e00  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:34:26.0698 0x0e00  usbscan - ok
08:34:26.0713 0x0e00  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:34:26.0728 0x0e00  USBSTOR - ok
08:34:26.0743 0x0e00  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:34:26.0755 0x0e00  usbuhci - ok
08:34:26.0816 0x0e00  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
08:34:26.0838 0x0e00  usbvideo - ok
08:34:26.0862 0x0e00  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
08:34:26.0918 0x0e00  UxSms - ok
08:34:26.0945 0x0e00  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
08:34:26.0958 0x0e00  VaultSvc - ok
08:34:26.0978 0x0e00  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:34:26.0988 0x0e00  vdrvroot - ok
08:34:27.0049 0x0e00  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
08:34:27.0102 0x0e00  vds - ok
08:34:27.0148 0x0e00  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:34:27.0163 0x0e00  vga - ok
08:34:27.0182 0x0e00  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:34:27.0223 0x0e00  VgaSave - ok
08:34:27.0265 0x0e00  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:34:27.0282 0x0e00  vhdmp - ok
08:34:27.0327 0x0e00  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:34:27.0338 0x0e00  viaide - ok
08:34:27.0353 0x0e00  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:34:27.0364 0x0e00  volmgr - ok
08:34:27.0416 0x0e00  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:34:27.0436 0x0e00  volmgrx - ok
08:34:27.0481 0x0e00  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:34:27.0500 0x0e00  volsnap - ok
08:34:27.0542 0x0e00  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:34:27.0556 0x0e00  vsmraid - ok
08:34:27.0656 0x0e00  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
08:34:27.0755 0x0e00  VSS - ok
08:34:27.0764 0x0e00  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:34:27.0789 0x0e00  vwifibus - ok
08:34:27.0823 0x0e00  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:34:27.0856 0x0e00  vwififlt - ok
08:34:27.0912 0x0e00  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
08:34:27.0994 0x0e00  W32Time - ok
08:34:28.0013 0x0e00  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:34:28.0047 0x0e00  WacomPen - ok
08:34:28.0118 0x0e00  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:34:28.0162 0x0e00  WANARP - ok
08:34:28.0167 0x0e00  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:34:28.0202 0x0e00  Wanarpv6 - ok
08:34:28.0292 0x0e00  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:34:28.0341 0x0e00  WatAdminSvc - ok
08:34:28.0429 0x0e00  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
08:34:28.0506 0x0e00  wbengine - ok
08:34:28.0536 0x0e00  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:34:28.0560 0x0e00  WbioSrvc - ok
08:34:28.0618 0x0e00  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:34:28.0667 0x0e00  wcncsvc - ok
08:34:28.0705 0x0e00  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:34:28.0732 0x0e00  WcsPlugInService - ok
08:34:28.0757 0x0e00  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:34:28.0768 0x0e00  Wd - ok
08:34:28.0796 0x0e00  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
08:34:28.0814 0x0e00  WDC_SAM - ok
08:34:28.0897 0x0e00  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:34:28.0932 0x0e00  Wdf01000 - ok
08:34:28.0961 0x0e00  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:34:29.0047 0x0e00  WdiServiceHost - ok
08:34:29.0051 0x0e00  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:34:29.0071 0x0e00  WdiSystemHost - ok
08:34:29.0125 0x0e00  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
08:34:29.0147 0x0e00  WebClient - ok
08:34:29.0181 0x0e00  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:34:29.0235 0x0e00  Wecsvc - ok
08:34:29.0251 0x0e00  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:34:29.0307 0x0e00  wercplsupport - ok
08:34:29.0350 0x0e00  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:34:29.0410 0x0e00  WerSvc - ok
08:34:29.0451 0x0e00  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:34:29.0487 0x0e00  WfpLwf - ok
08:34:29.0497 0x0e00  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:34:29.0507 0x0e00  WIMMount - ok
08:34:29.0546 0x0e00  WinDefend - ok
08:34:29.0551 0x0e00  WinHttpAutoProxySvc - ok
08:34:29.0617 0x0e00  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:34:29.0659 0x0e00  Winmgmt - ok
08:34:29.0766 0x0e00  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:34:29.0871 0x0e00  WinRM - ok
08:34:29.0940 0x0e00  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:34:29.0956 0x0e00  WinUsb - ok
08:34:30.0011 0x0e00  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:34:30.0082 0x0e00  Wlansvc - ok
08:34:30.0143 0x0e00  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:34:30.0171 0x0e00  WmiAcpi - ok
08:34:30.0204 0x0e00  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:34:30.0228 0x0e00  wmiApSrv - ok
08:34:30.0258 0x0e00  WMPNetworkSvc - ok
08:34:30.0289 0x0e00  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:34:30.0313 0x0e00  WPCSvc - ok
08:34:30.0360 0x0e00  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:34:30.0377 0x0e00  WPDBusEnum - ok
08:34:30.0397 0x0e00  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:34:30.0448 0x0e00  ws2ifsl - ok
08:34:30.0484 0x0e00  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
08:34:30.0527 0x0e00  wscsvc - ok
08:34:30.0530 0x0e00  WSearch - ok
08:34:30.0656 0x0e00  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:34:30.0742 0x0e00  wuauserv - ok
08:34:30.0790 0x0e00  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:34:30.0829 0x0e00  WudfPf - ok
08:34:30.0881 0x0e00  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:34:30.0918 0x0e00  WUDFRd - ok
08:34:30.0959 0x0e00  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:34:30.0985 0x0e00  wudfsvc - ok
08:34:31.0028 0x0e00  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:34:31.0056 0x0e00  WwanSvc - ok
08:34:31.0075 0x0e00  ================ Scan global ===============================
08:34:31.0101 0x0e00  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:34:31.0123 0x0e00  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:34:31.0138 0x0e00  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:34:31.0167 0x0e00  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:34:31.0199 0x0e00  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:34:31.0208 0x0e00  [ Global ] - ok
08:34:31.0208 0x0e00  ================ Scan MBR ==================================
08:34:31.0217 0x0e00  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:34:31.0586 0x0e00  \Device\Harddisk0\DR0 - ok
08:34:31.0587 0x0e00  ================ Scan VBR ==================================
08:34:31.0607 0x0e00  [ 82101F93924D4B19C21DB4D1037190B8 ] \Device\Harddisk0\DR0\Partition1
08:34:31.0610 0x0e00  \Device\Harddisk0\DR0\Partition1 - ok
08:34:31.0624 0x0e00  [ D31894B72636ED1B84C0B22C6116C063 ] \Device\Harddisk0\DR0\Partition2
08:34:31.0627 0x0e00  \Device\Harddisk0\DR0\Partition2 - ok
08:34:31.0628 0x0e00  ================ Scan generic autorun ======================
08:34:31.0746 0x0e00  [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
08:34:31.0799 0x0e00  MSC - ok
08:34:31.0803 0x0e00  DLCDCATS - ok
08:34:31.0846 0x0e00  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\Windows\system32\igfxtray.exe
08:34:31.0859 0x0e00  IgfxTray - ok
08:34:31.0885 0x0e00  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\Windows\system32\hkcmd.exe
08:34:31.0904 0x0e00  HotKeysCmds - ok
08:34:31.0959 0x0e00  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\Windows\system32\igfxpers.exe
08:34:31.0980 0x0e00  Persistence - ok
08:34:32.0060 0x0e00  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:34:32.0086 0x0e00  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:34:35.0227 0x0e00  Detect skipped due to KSN trusted
08:34:35.0227 0x0e00  QuickTime Task - ok
08:34:35.0322 0x0e00  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
08:34:35.0334 0x0e00  iTunesHelper - ok
08:34:35.0425 0x0e00  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:34:35.0527 0x0e00  Sidebar - ok
08:34:35.0548 0x0e00  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:34:35.0585 0x0e00  mctadmin - ok
08:34:35.0636 0x0e00  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:34:35.0683 0x0e00  Sidebar - ok
08:34:35.0703 0x0e00  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:34:35.0721 0x0e00  mctadmin - ok
08:34:36.0011 0x0e00  [ A9F05C0ACACED3F2B2BAD58B90ACB2D0, 4A37AFFB24AF065BA9C44E455AE3D0A3239E12194682B3B721F9E1A971CE6B6A ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
08:34:36.0311 0x0e00  SUPERAntiSpyware - ok
08:34:36.0346 0x0e00  ooVoo.exe - ok
08:34:36.0348 0x0e00  Waiting for KSN requests completion. In queue: 35
08:34:37.0348 0x0e00  Waiting for KSN requests completion. In queue: 35
08:34:38.0348 0x0e00  Waiting for KSN requests completion. In queue: 35
08:34:39.0348 0x0e00  Waiting for KSN requests completion. In queue: 35
08:34:40.0359 0x0e00  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
08:34:40.0361 0x0e00  Win FW state via NFP2: enabled
08:34:43.0200 0x0e00  ============================================================
08:34:43.0200 0x0e00  Scan finished
08:34:43.0200 0x0e00  ============================================================
08:34:43.0207 0x0d20  Detected object count: 0
08:34:43.0207 0x0d20  Actual detected object count: 0
08:36:09.0979 0x12fc  Deinitialize success
 

===============End TDDSKiller Log===================

 

Thank you for all your efforts!  Have a good day!

 

Videot



#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 02 September 2014 - 09:20 AM

What sort of trouble is the machine having now? We still have some scans to do for remnants and such, but has something new cropped up?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 September 2014 - 10:32 AM

It kept opening windows, which of course, was keeping her from writing an email.  She was on Yahoo mail at the time.

 

There was a video playing (or at least audio that sounded like it was from a video), but we never did find the video to stop it.  Things seemed to get better once the video stopped.

 

Also, if I hit Alt-Tab, there was a window that we couldn't get to come up.  In other words, if we selected it with Alt-Tab, it wouldn't come up.  We couldn't see it in Task Manager either.

 

Thanks,

Fred



#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 02 September 2014 - 08:22 PM

Ok, let's continue. We may be looking at something more than malware here, but let's get the machine completely clear of that first. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Chrome Changes

Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. If it is set to Trovi, change it from the malware related search engine to another (Such as Google)
  • Once you have changed it, click on Manage Search Engines and delete Trovi from the list.
  • Once you have removed it, close the window.
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 2: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 September 2014 - 06:10 AM

Good morning!  I hope all is well in your neck of the woods!

 

I was able to access my email without any pop-ups.  That hasn't happened before.  So maybe we have progress! 

 

Here are our logs. 

 

First, ESET Scan Log:====================================

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f39f482169157f4d8de0d91394bd0346
# engine=19972
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-03 04:56:06
# local_time=2014-09-02 11:56:06 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6140300 32592560 0 0
# scanned=249463
# found=17
# cleaned=0
# scan_time=4305
sh=C050345AF75D8E09E0C443C9901BBC0733664B7F ft=1 fh=cce0b104a2d22abd vn="a variant of Win32/BrowseFox.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\sizlsearchBHO.dll.vir"
sh=0A486CCD97908421F5C42581BBBCDC94A482C4F6 ft=1 fh=33a2f04aa7f44532 vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\updatesizlsearch.exe.vir"
sh=0A486CCD97908421F5C42581BBBCDC94A482C4F6 ft=1 fh=33a2f04aa7f44532 vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe.vir"
sh=B18CA53975ABEC21D1C4B717A4A3F62DED026E22 ft=1 fh=70ccc0ea68689b6a vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.Bromon.dll.vir"
sh=BB08D5F98B65D8C2E0D995C0837693EDE24CCFFC ft=1 fh=f341a0f3d54694f9 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.BroStats.dll.vir"
sh=DE9309254E81D2E250B60BEAC7975E1E37F08BEA ft=1 fh=bd444beb999f1556 vn="probably a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.BrowserAdapterS.dll.vir"
sh=F1561840E73274742577D497D0BCE26BBDA85531 ft=1 fh=b0ace27a46c92961 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.CompatibilityChecker.dll.vir"
sh=2977B365919932CB06142596B3321E031781E615 ft=1 fh=b1a395dce98c4c58 vn="a variant of MSIL/BrowseFox.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.FFUpdate.dll.vir"
sh=A7381B63CA653D7A4E5CC3E966585429502F89CF ft=1 fh=6fc5b331814c51a2 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.IEUpdate.dll.vir"
sh=3B8B99BFD45106EE8E447E0C5527DB4E3E714D11 ft=1 fh=2adcbd3edaf44dcc vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\bin\plugins\sizlsearch.PurBrowseG.dll.vir"
sh=D3844CBC91D713BCE1C7C3DFEA7CA6D01C02B3E6 ft=1 fh=0894c982039ce88a vn="Win32/VOPackage.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Crystal\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=88816AA2C09F734F46B1B5814F1F98569039521A ft=1 fh=438a0d572d277bea vn="Win32/VOPackage.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Crystal\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=4646EFDA3E9F08DE6227D617E955A88A26AFF893 ft=1 fh=c71c00113bd9fc83 vn="a variant of Win32/AdWare.MultiPlug.AG application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Realdeal\1mcd9K.exe"
sh=B404900E08513C02949570B2D1C4A12FFC91AFE0 ft=1 fh=c71c001165baeb77 vn="a variant of Win32/AdWare.MultiPlug.AG application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\SmaRtComparie\SXn1vzlX7.exe"
sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Crystal\Downloads\cbsidlm-cbsi134-RenameIt-SEO-45116.exe"
sh=42CBEC13D92A9A26BDE601CFAA9DAFB1F940C858 ft=1 fh=266def9cc89301f1 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Crystal\Downloads\gimp-setup.exe"
sh=0FDBBF678B41EBBFF18A7E287D56EA96C0A463F8 ft=1 fh=287fca96d2d249fd vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Crystal\Downloads\openofficesuite-setup.exe"

=======================End ESET Scan Log=============================

 

Second, MBAM Log=======================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/2/2014
Scan Time: 9:29:33 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.02.11
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Crystal

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307089
Time Elapsed: 10 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe, 2844, Delete-on-Reboot, [396054753b4053e3475f8886cc37a35d]
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe, 2852, Delete-on-Reboot, [396054753b4053e3475f8886cc37a35d]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.StormAlerts.A, HKU\S-1-5-21-461702851-272330320-812187809-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\StormAlerts, Quarantined, [5247a2276e0df541583794cc6c9511ef],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [7f1aeedb7cff9b9bac819bc130d4d828],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [94057851accf6bcb5dcf590371937789],
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [cbcedaefc0bbe94dd50c7690c53e47b9],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\sizlsearch, Quarantined, [e7b210b9196215215d5f23234db7d52b],
PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, Quarantined, [b5e49534314a1620d365d22526dc6898],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts, Delete-on-Reboot, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\0722093052, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts, Quarantined, [7f1aa227b9c28ea80e7b9090fa09e61a],
PUP.Optional.Extutil.A, C:\Users\Crystal\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [ff9ab1187dfec670eeef984522e0b54b],
PUP.Optional.Managera.A, C:\Users\Crystal\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [ebae6f5a780334024797dd0031d139c7],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\Weather_Warnings_LLC, Quarantined, [31689138c5b68ea8293c5988966c2ed2],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_o52c5xrry2vjsdgo2t2hm0taxysz4fdr, Quarantined, [31689138c5b68ea8293c5988966c2ed2],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_o52c5xrry2vjsdgo2t2hm0taxysz4fdr\1.6.0.0, Quarantined, [31689138c5b68ea8293c5988966c2ed2],

Files: 39
PUP.Optional.OptimunInstaller, C:\Users\Crystal\Downloads\Setup (1).exe, Quarantined, [9dfc0ebbccafef475a829faa9e626e92],
PUP.Optional.AirAdInstaller, C:\Users\Crystal\Downloads\Setup.exe, Quarantined, [7e1b3198b0cbba7cba84bc7e2ad602fe],
PUP.Optional.Mindspark, C:\Users\Crystal\Downloads\VideoDownloadConvertCrxSetup.B397DECC-D812-49E2-9FDC-FD50AF65267F.exe, Quarantined, [7b1e27a2a9d26cca7a101e93e91b02fe],
PUP.Optional.iBryte, C:\Users\Crystal\Downloads\oovoo_Setup (1).exe, Quarantined, [c6d38b3ec7b40432c17748e2dd236898],
PUP.Optional.iBryte, C:\Users\Crystal\Downloads\oovoo_Setup.exe, Quarantined, [3a5f28a1bfbc1b1b69cfb17952ae8a76],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsuninstall.exe, Quarantined, [5247a2276e0df541583794cc6c9511ef],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [79207a4fd4a79a9c978bf9a1d42d4fb1],
PUP.Optional.LiveLyrics.A, C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [b4e5745585f674c21f4417f08b780df3],
PUP.Optional.LiveLyrics.A, C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [e7b232975b20b97dbda6788f45be0bf5],
PUP.Optional.Trovi.A, C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage, Quarantined, [5841bd0ca0db290df0464cbcfe057a86],
PUP.Optional.Superfish.A, C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [a4f593360d6e63d30f5737d2689b4eb2],
PUP.Optional.Superfish.A, C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [9affd4f5fa8184b28bdba960c73c14ec],
PUP.Optional.MindSpark.A, C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Quarantined, [fc9d07c27cff95a17569ea21778cd42c],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsBrowser.exe.config, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe.config, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\mod.StormAlertsApp0.dat, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\SAUpdater.exe, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\SAUpdater.exe.config, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe, Delete-on-Reboot, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlerts.exe.config, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp.exe, Delete-on-Reboot, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsApp0.dat, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsBrowser.exe, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsK.dat, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\StormAlertsU.dat, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\uninstall.exe, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\0722093052\3823.3823.tmp, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\StormAlerts\0722093052\mergetree, Quarantined, [396054753b4053e3475f8886cc37a35d],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk, Quarantined, [7f1aa227b9c28ea80e7b9090fa09e61a],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk, Quarantined, [13863693bebdde5829616eb2f0135da3],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk, Quarantined, [5f3ab514fb8090a67b104ad6669d0ff1],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [3168a2279cdf88ae31ff4b11bc482ad6],
PUP.Optional.Extutil.A, C:\Users\Crystal\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [ff9ab1187dfec670eeef984522e0b54b],
PUP.Optional.Extutil.A, C:\Users\Crystal\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [ff9ab1187dfec670eeef984522e0b54b],
PUP.Optional.Extutil.A, C:\Users\Crystal\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [ff9ab1187dfec670eeef984522e0b54b],
PUP.Optional.Managera.A, C:\Users\Crystal\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [ebae6f5a780334024797dd0031d139c7],
PUP.Optional.Managera.A, C:\Users\Crystal\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [ebae6f5a780334024797dd0031d139c7],
PUP.Optional.StormAlerts.A, C:\Users\Crystal\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_o52c5xrry2vjsdgo2t2hm0taxysz4fdr\1.6.0.0\user.config, Quarantined, [31689138c5b68ea8293c5988966c2ed2],

Physical Sectors: 0
(No malicious items detected)


(end)

==============End MBAM================================

 

Third, Security Check Log==============

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 36.0.1985.125  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

================End SecurityCheck Log==========================

 

Thanks again for your help!

 

Videot



#12 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 September 2014 - 06:23 AM

By the way, I'm not sure if this has anything to do with our issue, but we have a "RunDLL" box come up when we boot up.  We've had it for the last several times.  I'm not sure when it started.  My wife says it started after we got the computer back from the Asurion Service Center.  We had the hard drive replaced in July under warranty (Walmart warranty).

 

It says, "Error in C:\Windows\system32\spool\DRIVERS\x64\DLCDtime.dll   

Missing entry:_RunDLLEntry@16"  without the quotes.

 

Thanks,

Videot



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 03 September 2014 - 08:03 PM

Good morning! I hope all is well in your neck of the woods!

I was able to access my email without any pop-ups. That hasn't happened before. So maybe we have progress!


Good evening :) That's very good news, and a very good sign of progress. We're almost there!
 

By the way, I'm not sure if this has anything to do with our issue, but we have a "RunDLL" box come up when we boot up. We've had it for the last several times. I'm not sure when it started. My wife says it started after we got the computer back from the Asurion Service Center. We had the hard drive replaced in July under warranty (Walmart warranty).

It says, "Error in C:\Windows\system32\spool\DRIVERS\x64\DLCDtime.dll

Missing entry:_RunDLLEntry@16" without the quotes.



I've researched that problem and it appears to be a file related to a printer. Do you have a printer that's installed on the machine? If so, try uninstalling and re-installing the printer drivers. If not, please let me know.


Also, there's a few items that ESET found that we need to remove, but the majority are items already quarantined. :thumbsup:


Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Users\Crystal\Downloads\cbsidlm-cbsi134-RenameIt-SEO-45116.exe
C:\Users\Crystal\Downloads\gimp-setup.exe
C:\Users\Crystal\Downloads\openofficesuite-setup.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 September 2014 - 10:03 PM

Hi there!

Thanks for the latest instructions.  The latest fixlog.txt is below.

 

My wife is going on a trip.  If this does not complete the cleaning, I can put Teamviewer on her computer and run it by remote.  Just let me know.  Or, of course, I can run whatever's needed on Sunday when she comes back.  Just let me know which way you want to do it.  Or if it's needed at all.

 

And now for the fixlog!  ==============================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Crystal at 2014-09-03 21:55:39 Run:3
Running from C:\Users\Crystal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Crystal\Downloads\cbsidlm-cbsi134-RenameIt-SEO-45116.exe
C:\Users\Crystal\Downloads\gimp-setup.exe
C:\Users\Crystal\Downloads\openofficesuite-setup.exe
End
*****************

C:\Users\Crystal\Downloads\cbsidlm-cbsi134-RenameIt-SEO-45116.exe => Moved successfully.
C:\Users\Crystal\Downloads\gimp-setup.exe => Moved successfully.
C:\Users\Crystal\Downloads\openofficesuite-setup.exe => Moved successfully.

==== End of Fixlog ====

 

Thank you for your help!

Videot 



#15 videot

videot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 September 2014 - 10:09 PM

Oh yeah.  There is at least one "dead" printer on this computer.  So that's probably it.  I'll uninstall it.

 

Thanks again,

Fred






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users