Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Rovnix W


  • This topic is locked This topic is locked
12 replies to this topic

#1 shumidog

shumidog

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 06 September 2014 - 05:23 PM

Have run FRST 64 and TDSSkiller Log files below TDSSkiller log attached.

 

Please help me get rid of this virus, Thank You  Shumidog

 

Log files for FRST 64:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 (ATTENTION: ====> FRST version is 42 days old and could be outdated)
Ran by Ruth (administrator) on RUTH-PC on 06-09-2014 17:07:13
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VSM Group AB) C:\4DEmbroidery\EmbMachineComms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe
(Oracle Corporation) C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2008-11-14] (Corel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [rmavwshj] => C:\Users\Ruth\AppData\Local\lwldvpus.exe [118784 2014-07-24] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [vsenmdoe] => C:\Users\Ruth\AppData\Local\fsuhglaf.exe [84992 2014-07-25] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rmavwshj] => C:\Users\Ruth\AppData\Local\lwldvpus.exe [118784 2014-07-24] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vsenmdoe] => C:\Users\Ruth\AppData\Local\fsuhglaf.exe [84992 2014-07-25] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: my.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\searchplugins\duckduckgo.xml
FF Extension: HTTPS-Everywhere - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\https-everywhere@eff.org [2014-07-03]
FF Extension: LastPass - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\support@lastpass.com [2014-06-03]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-21]
FF Extension: InvisibleHand - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-01-21]
FF Extension: Ghostery - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\firefox@ghostery.com.xpi [2013-12-17]
FF Extension: CoolPreviews - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-01-21]
FF Extension: Adblock Plus - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-21]
FF Extension: BetterPrivacy - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-01-21]
FF HKLM-x32\...\Firefox\Extensions: [copytolightning@corel.com] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2011-10-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 17:07 - 2014-09-06 17:07 - 00000000 ____D () C:\FRST
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 17:07 - 2014-09-06 17:07 - 00000000 ____D () C:\FRST
2014-09-06 17:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 17:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 17:06 - 2009-07-14 00:51 - 00061287 _____ () C:\Windows\setupact.log
2014-09-06 17:01 - 2011-06-13 22:23 - 01095866 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 17:00 - 2014-07-25 19:17 - 00000796 _____ () C:\Windows\Tasks\Security Center Update - 3392444536.job
2014-09-06 17:00 - 2014-07-25 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 16:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp
2014-09-06 16:55 - 2014-07-24 22:35 - 430288126 _____ () C:\Windows\MEMORY.DMP
2014-09-06 16:55 - 2014-07-24 22:35 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Ruth\AppData\Local\Temp\dlLogic.exe
C:\Users\Ruth\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Ruth\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Ruth\AppData\Local\Temp\FTCProSetup.exe
C:\Users\Ruth\AppData\Local\Temp\FTCPro_Setup.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\nsf38C1.exe
C:\Users\Ruth\AppData\Local\Temp\nsqBB76.exe
C:\Users\Ruth\AppData\Local\Temp\nssA4DA.exe
C:\Users\Ruth\AppData\Local\Temp\nsw394B.exe
C:\Users\Ruth\AppData\Local\Temp\spstub.exe
C:\Users\Ruth\AppData\Local\Temp\UpdateFlashPlayer_87b51aaa.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:20

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 (ATTENTION: ====> FRST version is 42 days old and could be outdated)
Ran by Ruth (administrator) on RUTH-PC on 06-09-2014 17:07:13
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VSM Group AB) C:\4DEmbroidery\EmbMachineComms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe
(Oracle Corporation) C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2008-11-14] (Corel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [rmavwshj] => C:\Users\Ruth\AppData\Local\lwldvpus.exe [118784 2014-07-24] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [vsenmdoe] => C:\Users\Ruth\AppData\Local\fsuhglaf.exe [84992 2014-07-25] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rmavwshj] => C:\Users\Ruth\AppData\Local\lwldvpus.exe [118784 2014-07-24] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vsenmdoe] => C:\Users\Ruth\AppData\Local\fsuhglaf.exe [84992 2014-07-25] ()
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: my.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\searchplugins\duckduckgo.xml
FF Extension: HTTPS-Everywhere - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\https-everywhere@eff.org [2014-07-03]
FF Extension: LastPass - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\support@lastpass.com [2014-06-03]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-21]
FF Extension: InvisibleHand - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-01-21]
FF Extension: Ghostery - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\firefox@ghostery.com.xpi [2013-12-17]
FF Extension: CoolPreviews - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-01-21]
FF Extension: Adblock Plus - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-21]
FF Extension: BetterPrivacy - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-01-21]
FF HKLM-x32\...\Firefox\Extensions: [copytolightning@corel.com] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2011-10-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 17:07 - 2014-09-06 17:07 - 00000000 ____D () C:\FRST
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 17:07 - 2014-09-06 17:07 - 00000000 ____D () C:\FRST
2014-09-06 17:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 17:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 17:06 - 2009-07-14 00:51 - 00061287 _____ () C:\Windows\setupact.log
2014-09-06 17:01 - 2011-06-13 22:23 - 01095866 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 17:00 - 2014-07-25 19:17 - 00000796 _____ () C:\Windows\Tasks\Security Center Update - 3392444536.job
2014-09-06 17:00 - 2014-07-25 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 16:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp
2014-09-06 16:55 - 2014-07-24 22:35 - 430288126 _____ () C:\Windows\MEMORY.DMP
2014-09-06 16:55 - 2014-07-24 22:35 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Ruth\AppData\Local\Temp\dlLogic.exe
C:\Users\Ruth\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Ruth\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Ruth\AppData\Local\Temp\FTCProSetup.exe
C:\Users\Ruth\AppData\Local\Temp\FTCPro_Setup.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ruth\AppData\Local\Temp\nsf38C1.exe
C:\Users\Ruth\AppData\Local\Temp\nsqBB76.exe
C:\Users\Ruth\AppData\Local\Temp\nssA4DA.exe
C:\Users\Ruth\AppData\Local\Temp\nsw394B.exe
C:\Users\Ruth\AppData\Local\Temp\spstub.exe
C:\Users\Ruth\AppData\Local\Temp\UpdateFlashPlayer_87b51aaa.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:20

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 06 September 2014 - 05:31 PM

Hi,


Start TDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat Rootkit.Boot.Cidox.b (and only for that) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.


#3 shumidog

shumidog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 06 September 2014 - 09:46 PM

Done. TDSSKiller started again after the reboot, but I did not start the scan.

 

22:35:58.0730 0x0aa8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
22:36:08.0827 0x0aa8  ============================================================
22:36:08.0827 0x0aa8  Current date / time: 2014/09/06 22:36:08.0827
22:36:08.0842 0x0aa8  SystemInfo:
22:36:08.0842 0x0aa8  
22:36:08.0842 0x0aa8  OS Version: 6.1.7601 ServicePack: 1.0
22:36:08.0842 0x0aa8  Product type: Workstation
22:36:08.0842 0x0aa8  ComputerName: RUTH-PC
22:36:08.0842 0x0aa8  UserName: Ruth
22:36:08.0842 0x0aa8  Windows directory: C:\Windows
22:36:08.0842 0x0aa8  System windows directory: C:\Windows
22:36:08.0842 0x0aa8  Running under WOW64
22:36:08.0842 0x0aa8  Processor architecture: Intel x64
22:36:08.0842 0x0aa8  Number of processors: 4
22:36:08.0842 0x0aa8  Page size: 0x1000
22:36:08.0842 0x0aa8  Boot type: Normal boot
22:36:08.0842 0x0aa8  ============================================================
22:36:18.0967 0x0aa8  KLMD registered as C:\Windows\system32\drivers\77886032.sys
22:36:21.0400 0x0aa8  System UUID: {C41B16D8-29CF-C986-8812-BE3EE4AC7B02}
22:36:23.0241 0x0aa8  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:36:23.0257 0x0aa8  Drive \Device\Harddisk1\DR1 - Size: 0xEEDF8000 ( 3.73 Gb ), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:36:23.0257 0x0aa8  ============================================================
22:36:23.0257 0x0aa8  \Device\Harddisk0\DR0:
22:36:23.0257 0x0aa8  MBR partitions:
22:36:23.0257 0x0aa8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:36:23.0257 0x0aa8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x48A25000
22:36:23.0257 0x0aa8  \Device\Harddisk1\DR1:
22:36:23.0257 0x0aa8  MBR partitions:
22:36:23.0257 0x0aa8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x776A81
22:36:23.0257 0x0aa8  ============================================================
22:36:23.0693 0x0aa8  C: <-> \Device\Harddisk0\DR0\Partition2
22:36:23.0693 0x0aa8  ============================================================
22:36:23.0693 0x0aa8  Initialize success
22:36:23.0693 0x0aa8  ============================================================
22:39:31.0828 0x0dc8  ============================================================
22:39:31.0828 0x0dc8  Scan started
22:39:31.0828 0x0dc8  Mode: Manual;
22:39:31.0828 0x0dc8  ============================================================
22:39:31.0828 0x0dc8  KSN ping started
22:39:31.0937 0x0dc8  KSN ping finished: false
22:39:39.0347 0x0dc8  ================ Scan system memory ========================
22:39:39.0347 0x0dc8  System memory - ok
22:39:39.0347 0x0dc8  ================ Scan services =============================
22:39:39.0550 0x0dc8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:39:39.0566 0x0dc8  1394ohci - ok
22:39:39.0612 0x0dc8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:39:39.0628 0x0dc8  ACPI - ok
22:39:39.0644 0x0dc8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:39:39.0644 0x0dc8  AcpiPmi - ok
22:39:39.0800 0x0dc8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:39.0800 0x0dc8  AdobeARMservice - ok
22:39:39.0924 0x0dc8  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:39.0940 0x0dc8  AdobeFlashPlayerUpdateSvc - ok
22:39:40.0018 0x0dc8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:39:40.0049 0x0dc8  adp94xx - ok
22:39:40.0065 0x0dc8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:39:40.0080 0x0dc8  adpahci - ok
22:39:40.0096 0x0dc8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:39:40.0096 0x0dc8  adpu320 - ok
22:39:40.0143 0x0dc8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:39:40.0143 0x0dc8  AeLookupSvc - ok
22:39:40.0205 0x0dc8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:39:40.0236 0x0dc8  AFD - ok
22:39:40.0252 0x0dc8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:39:40.0268 0x0dc8  agp440 - ok
22:39:40.0283 0x0dc8  [ 44F360B65C37A42EB5B71C2E5179FDD5, A7E65515FEE1698C96F647111F5C7D009C5FAC9A1F62D027802861A699AF1F93 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
22:39:40.0299 0x0dc8  aksdf - ok
22:39:40.0314 0x0dc8  [ 43415AF4F20E9867974623840A22FE98, 6AA2B5C000D984D21AC75A0BE48D359C24EDEB6343A9B507C299ECDA5DEAD367 ] aksfridge       C:\Windows\system32\DRIVERS\aksfridge.sys
22:39:40.0330 0x0dc8  aksfridge - ok
22:39:40.0361 0x0dc8  [ A56F1B0F967AEF8A82D7771E6D166DEF, 498B2C9AFC8298C0D06FD6278DEA698C2AFEEC419200C1EF8C150ED7CB6FA1E8 ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
22:39:40.0361 0x0dc8  akshasp - ok
22:39:40.0408 0x0dc8  [ BC0EE7F8D0BE561793B80871F4F10627, DC748791B3E10598B9C6C9CA80176802A0A44063F3523C74E6C0D0732DFFAC3D ] akshhl          C:\Windows\system32\DRIVERS\akshhl.sys
22:39:40.0408 0x0dc8  akshhl - ok
22:39:40.0439 0x0dc8  [ 27F2E2C89A1855B063FCAC21EB7D6A73, B6DB303B5A41F8A73D929492699396ADC22F0D4DD9A32A7731D0F85B1B629A4D ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
22:39:40.0439 0x0dc8  aksusb - ok
22:39:40.0455 0x0dc8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:39:40.0455 0x0dc8  ALG - ok
22:39:40.0486 0x0dc8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:39:40.0486 0x0dc8  aliide - ok
22:39:40.0533 0x0dc8  [ E57B43ACD7E14F59CC8B733FE589854C, 0725A8C66C450E8043FEA1C39A2C26C53CBDD2D558BF181DD20B6BED27440C2E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:39:40.0548 0x0dc8  AMD External Events Utility - ok
22:39:40.0580 0x0dc8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:39:40.0580 0x0dc8  amdide - ok
22:39:40.0580 0x0dc8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:39:40.0595 0x0dc8  AmdK8 - ok
22:39:41.0048 0x0dc8  [ F99DFEB934C18FCF96CD589E6681629C, 7845DF02529400DD227BCB051A71DBDFE8346CE47BA5195AE0EB675AD1977847 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:39:41.0516 0x0dc8  amdkmdag - ok
22:39:41.0594 0x0dc8  [ 2D964E526CD067D5AAFD46BFD19B3749, F069705065DFC6FC84A02B7F8C29B6CC3A7DAFE28B745EBD84A901391F494537 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:39:41.0609 0x0dc8  amdkmdap - ok
22:39:41.0625 0x0dc8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:39:41.0625 0x0dc8  AmdPPM - ok
22:39:41.0672 0x0dc8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:39:41.0672 0x0dc8  amdsata - ok
22:39:41.0703 0x0dc8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:39:41.0718 0x0dc8  amdsbs - ok
22:39:41.0734 0x0dc8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:39:41.0734 0x0dc8  amdxata - ok
22:39:41.0765 0x0dc8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
22:39:41.0765 0x0dc8  AppID - ok
22:39:41.0796 0x0dc8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:39:41.0796 0x0dc8  AppIDSvc - ok
22:39:41.0828 0x0dc8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:39:41.0828 0x0dc8  Appinfo - ok
22:39:41.0843 0x0dc8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:39:41.0843 0x0dc8  arc - ok
22:39:41.0859 0x0dc8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:39:41.0859 0x0dc8  arcsas - ok
22:39:41.0984 0x0dc8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:39:42.0015 0x0dc8  aspnet_state - ok
22:39:42.0046 0x0dc8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:42.0046 0x0dc8  AsyncMac - ok
22:39:42.0062 0x0dc8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:39:42.0062 0x0dc8  atapi - ok
22:39:42.0233 0x0dc8  [ CC406DA84E7DD3FA3AD20340DBC66CF2, 295F02AA66A3E7879329DC18A741021923C7B389AD8AC6C25A07CAAD6D9CAD33 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:39:42.0405 0x0dc8  athr - ok
22:39:42.0514 0x0dc8  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:39:42.0514 0x0dc8  AtiHDAudioService - ok
22:39:42.0545 0x0dc8  atillk64 - ok
22:39:42.0592 0x0dc8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:39:42.0623 0x0dc8  AudioEndpointBuilder - ok
22:39:42.0654 0x0dc8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:39:42.0686 0x0dc8  AudioSrv - ok
22:39:42.0717 0x0dc8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:39:42.0717 0x0dc8  AxInstSV - ok
22:39:42.0764 0x0dc8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:39:42.0810 0x0dc8  b06bdrv - ok
22:39:42.0842 0x0dc8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:42.0857 0x0dc8  b57nd60a - ok
22:39:42.0904 0x0dc8  [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd         C:\Windows\system32\drivers\b57xdbd.sys
22:39:42.0904 0x0dc8  b57xdbd - ok
22:39:42.0935 0x0dc8  [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp         C:\Windows\system32\drivers\b57xdmp.sys
22:39:42.0935 0x0dc8  b57xdmp - ok
22:39:42.0951 0x0dc8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:39:42.0951 0x0dc8  BDESVC - ok
22:39:42.0982 0x0dc8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:39:42.0982 0x0dc8  Beep - ok
22:39:43.0044 0x0dc8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:39:43.0076 0x0dc8  BFE - ok
22:39:43.0138 0x0dc8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:39:43.0185 0x0dc8  BITS - ok
22:39:43.0216 0x0dc8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:39:43.0216 0x0dc8  blbdrive - ok
22:39:43.0325 0x0dc8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:39:43.0325 0x0dc8  bowser - ok
22:39:43.0341 0x0dc8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:39:43.0341 0x0dc8  BrFiltLo - ok
22:39:43.0372 0x0dc8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:39:43.0388 0x0dc8  BrFiltUp - ok
22:39:43.0434 0x0dc8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:39:43.0434 0x0dc8  Browser - ok
22:39:43.0466 0x0dc8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:39:43.0481 0x0dc8  Brserid - ok
22:39:43.0497 0x0dc8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:43.0497 0x0dc8  BrSerWdm - ok
22:39:43.0512 0x0dc8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:43.0512 0x0dc8  BrUsbMdm - ok
22:39:43.0528 0x0dc8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:43.0528 0x0dc8  BrUsbSer - ok
22:39:43.0590 0x0dc8  [ 413DD8AB0BB30B9C4F5E6A34977A1C34, E5380B1506545112DE55BB09E9797BC6D2F730FAD220FB16AD660E72A91FEC2A ] bScsiMSa        C:\Windows\system32\drivers\bScsiMSa.sys
22:39:43.0590 0x0dc8  bScsiMSa - ok
22:39:43.0606 0x0dc8  [ 9F880F03F4A72215C8B77FD51322C297, F9D6BCA6F18B2AB3A1C39EECEBDF792729E3034517EEE77E5FA1739DABA4172C ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
22:39:43.0622 0x0dc8  bScsiSDa - ok
22:39:43.0622 0x0dc8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:39:43.0622 0x0dc8  BTHMODEM - ok
22:39:43.0668 0x0dc8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:39:43.0668 0x0dc8  bthserv - ok
22:39:43.0684 0x0dc8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:39:43.0684 0x0dc8  cdfs - ok
22:39:43.0715 0x0dc8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:39:43.0731 0x0dc8  cdrom - ok
22:39:43.0762 0x0dc8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:39:43.0762 0x0dc8  CertPropSvc - ok
22:39:43.0793 0x0dc8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:39:43.0793 0x0dc8  circlass - ok
22:39:43.0840 0x0dc8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
22:39:43.0856 0x0dc8  CLFS - ok
22:39:43.0965 0x0dc8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:43.0965 0x0dc8  clr_optimization_v2.0.50727_32 - ok
22:39:44.0027 0x0dc8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:44.0027 0x0dc8  clr_optimization_v2.0.50727_64 - ok
22:39:44.0121 0x0dc8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:44.0214 0x0dc8  clr_optimization_v4.0.30319_32 - ok
22:39:44.0230 0x0dc8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:44.0277 0x0dc8  clr_optimization_v4.0.30319_64 - ok
22:39:44.0308 0x0dc8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:39:44.0324 0x0dc8  CmBatt - ok
22:39:44.0339 0x0dc8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:39:44.0339 0x0dc8  cmdide - ok
22:39:44.0386 0x0dc8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:39:44.0417 0x0dc8  CNG - ok
22:39:44.0448 0x0dc8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:39:44.0448 0x0dc8  Compbatt - ok
22:39:44.0480 0x0dc8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:39:44.0480 0x0dc8  CompositeBus - ok
22:39:44.0511 0x0dc8  COMSysApp - ok
22:39:44.0573 0x0dc8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:39:44.0573 0x0dc8  crcdisk - ok
22:39:44.0620 0x0dc8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:39:44.0636 0x0dc8  CryptSvc - ok
22:39:44.0714 0x0dc8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:39:44.0745 0x0dc8  DcomLaunch - ok
22:39:44.0823 0x0dc8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:39:44.0823 0x0dc8  defragsvc - ok
22:39:44.0870 0x0dc8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:39:44.0885 0x0dc8  DfsC - ok
22:39:44.0916 0x0dc8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:39:44.0932 0x0dc8  Dhcp - ok
22:39:44.0948 0x0dc8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:39:44.0963 0x0dc8  discache - ok
22:39:44.0994 0x0dc8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:39:44.0994 0x0dc8  Disk - ok
22:39:45.0057 0x0dc8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:39:45.0072 0x0dc8  Dnscache - ok
22:39:45.0104 0x0dc8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:39:45.0104 0x0dc8  dot3svc - ok
22:39:45.0135 0x0dc8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:39:45.0135 0x0dc8  DPS - ok
22:39:45.0182 0x0dc8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:39:45.0182 0x0dc8  drmkaud - ok
22:39:45.0587 0x0dc8  [ 32C2CD16DC801AEF9EDAAFEA0DBD769E, 70B1FF6DC4368292525DE39363EC2B24B8A3AE040E8CCAC128A13941BF38A3D9 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:39:45.0603 0x0dc8  DsiWMIService - ok
22:39:45.0930 0x0dc8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:39:45.0962 0x0dc8  DXGKrnl - ok
22:39:45.0993 0x0dc8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:39:45.0993 0x0dc8  EapHost - ok
22:39:46.0180 0x0dc8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:39:46.0352 0x0dc8  ebdrv - ok
22:39:46.0461 0x0dc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
22:39:46.0461 0x0dc8  EFS - ok
22:39:46.0601 0x0dc8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:39:46.0632 0x0dc8  ehRecvr - ok
22:39:46.0664 0x0dc8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:39:46.0664 0x0dc8  ehSched - ok
22:39:46.0726 0x0dc8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:39:46.0757 0x0dc8  elxstor - ok
22:39:46.0882 0x0dc8  [ EB1C213A8550F066B2CCC29C9F41E2AE, D23E92EA5389F4FD1B3157FD611AC5301384DB21BAE5E935D507548CB2E49CDC ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
22:39:46.0913 0x0dc8  ePowerSvc - ok
22:39:46.0944 0x0dc8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:39:46.0944 0x0dc8  ErrDev - ok
22:39:47.0007 0x0dc8  [ 9D8739A2A2173C9D27C499A3FC6EDA3F, DB25F566A071FE935996CF6C63E1CDFB85162A92E9D3D5695A56900D54C83C76 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
22:39:47.0007 0x0dc8  ETD - ok
22:39:47.0069 0x0dc8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:39:47.0085 0x0dc8  EventSystem - ok
22:39:47.0116 0x0dc8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:39:47.0132 0x0dc8  exfat - ok
22:39:47.0163 0x0dc8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:39:47.0163 0x0dc8  fastfat - ok
22:39:47.0225 0x0dc8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:39:47.0241 0x0dc8  Fax - ok
22:39:47.0256 0x0dc8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:39:47.0256 0x0dc8  fdc - ok
22:39:47.0319 0x0dc8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:39:47.0334 0x0dc8  fdPHost - ok
22:39:47.0350 0x0dc8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:39:47.0350 0x0dc8  FDResPub - ok
22:39:47.0366 0x0dc8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:39:47.0366 0x0dc8  FileInfo - ok
22:39:47.0381 0x0dc8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:39:47.0381 0x0dc8  Filetrace - ok
22:39:47.0397 0x0dc8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:39:47.0397 0x0dc8  flpydisk - ok
22:39:47.0428 0x0dc8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:39:47.0444 0x0dc8  FltMgr - ok
22:39:47.0537 0x0dc8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
22:39:47.0600 0x0dc8  FontCache - ok
22:39:47.0662 0x0dc8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:47.0678 0x0dc8  FontCache3.0.0.0 - ok
22:39:47.0693 0x0dc8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:39:47.0693 0x0dc8  FsDepends - ok
22:39:47.0724 0x0dc8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:39:47.0724 0x0dc8  Fs_Rec - ok
22:39:47.0771 0x0dc8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:39:47.0787 0x0dc8  fvevol - ok
22:39:47.0818 0x0dc8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:39:47.0818 0x0dc8  gagp30kx - ok
22:39:47.0927 0x0dc8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:39:47.0927 0x0dc8  GamesAppService - ok
22:39:48.0005 0x0dc8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:39:48.0068 0x0dc8  gpsvc - ok
22:39:48.0130 0x0dc8  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
22:39:48.0130 0x0dc8  GREGService - ok
22:39:48.0208 0x0dc8  [ D619BA1712B83D14149850E758B835AD, AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
22:39:48.0208 0x0dc8  hardlock - ok
22:39:48.0270 0x0dc8  hasplms - ok
22:39:48.0317 0x0dc8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:39:48.0317 0x0dc8  hcw85cir - ok
22:39:48.0426 0x0dc8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:39:48.0442 0x0dc8  HdAudAddService - ok
22:39:48.0489 0x0dc8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:39:48.0489 0x0dc8  HDAudBus - ok
22:39:48.0520 0x0dc8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:39:48.0536 0x0dc8  HidBatt - ok
22:39:48.0551 0x0dc8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:39:48.0551 0x0dc8  HidBth - ok
22:39:48.0582 0x0dc8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:39:48.0582 0x0dc8  HidIr - ok
22:39:48.0614 0x0dc8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:39:48.0629 0x0dc8  hidserv - ok
22:39:48.0723 0x0dc8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:39:48.0723 0x0dc8  HidUsb - ok
22:39:48.0754 0x0dc8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:39:48.0754 0x0dc8  hkmsvc - ok
22:39:48.0785 0x0dc8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:39:48.0801 0x0dc8  HomeGroupListener - ok
22:39:48.0832 0x0dc8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:39:48.0832 0x0dc8  HomeGroupProvider - ok
22:39:48.0863 0x0dc8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:39:48.0863 0x0dc8  HpSAMD - ok
22:39:48.0910 0x0dc8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:39:48.0988 0x0dc8  HTTP - ok
22:39:49.0035 0x0dc8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:39:49.0035 0x0dc8  hwpolicy - ok
22:39:49.0066 0x0dc8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:39:49.0066 0x0dc8  i8042prt - ok
22:39:49.0144 0x0dc8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:39:49.0160 0x0dc8  iaStorV - ok
22:39:49.0534 0x0dc8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:49.0612 0x0dc8  idsvc - ok
22:39:49.0659 0x0dc8  IEEtwCollectorService - ok
22:39:49.0706 0x0dc8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:39:49.0706 0x0dc8  iirsp - ok
22:39:49.0784 0x0dc8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:39:49.0862 0x0dc8  IKEEXT - ok
22:39:50.0033 0x0dc8  [ 88798B4381FD58FAE2DA07880C177C5C, AA63C9E4DCCDF7810EFFEB82FFDEA9BD2E97A52574BC0B7802D3C4E6ADF500A0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:39:50.0127 0x0dc8  IntcAzAudAddService - ok
22:39:50.0174 0x0dc8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:39:50.0174 0x0dc8  intelide - ok
22:39:50.0205 0x0dc8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
22:39:50.0205 0x0dc8  intelppm - ok
22:39:50.0236 0x0dc8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:39:50.0252 0x0dc8  IPBusEnum - ok
22:39:50.0252 0x0dc8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:50.0267 0x0dc8  IpFilterDriver - ok
22:39:50.0314 0x0dc8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:39:50.0361 0x0dc8  iphlpsvc - ok
22:39:50.0376 0x0dc8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:39:50.0376 0x0dc8  IPMIDRV - ok
22:39:50.0392 0x0dc8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:39:50.0392 0x0dc8  IPNAT - ok
22:39:50.0408 0x0dc8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:39:50.0423 0x0dc8  IRENUM - ok
22:39:50.0423 0x0dc8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:39:50.0423 0x0dc8  isapnp - ok
22:39:50.0470 0x0dc8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:39:50.0486 0x0dc8  iScsiPrt - ok
22:39:50.0532 0x0dc8  [ 0469BFF65BBDEE9E46D0C45EE32A08BD, 8E11F03FC463CBC9FBBF5D2A29FBF1076C9317D2B8B7224E24C22553F160E065 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
22:39:50.0548 0x0dc8  k57nd60a - ok
22:39:50.0579 0x0dc8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:50.0579 0x0dc8  kbdclass - ok
22:39:50.0595 0x0dc8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:50.0595 0x0dc8  kbdhid - ok
22:39:50.0610 0x0dc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
22:39:50.0626 0x0dc8  KeyIso - ok
22:39:50.0673 0x0dc8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:39:50.0673 0x0dc8  KSecDD - ok
22:39:50.0704 0x0dc8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:39:50.0704 0x0dc8  KSecPkg - ok
22:39:50.0720 0x0dc8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:39:50.0720 0x0dc8  ksthunk - ok
22:39:50.0766 0x0dc8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:39:50.0798 0x0dc8  KtmRm - ok
22:39:50.0829 0x0dc8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:39:50.0844 0x0dc8  LanmanServer - ok
22:39:50.0876 0x0dc8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:39:50.0876 0x0dc8  LanmanWorkstation - ok
22:39:50.0954 0x0dc8  [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
22:39:50.0954 0x0dc8  Live Updater Service - ok
22:39:50.0985 0x0dc8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:39:50.0985 0x0dc8  lltdio - ok
22:39:51.0032 0x0dc8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:39:51.0032 0x0dc8  lltdsvc - ok
22:39:51.0063 0x0dc8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:39:51.0063 0x0dc8  lmhosts - ok
22:39:51.0094 0x0dc8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:39:51.0110 0x0dc8  LSI_FC - ok
22:39:51.0125 0x0dc8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:39:51.0125 0x0dc8  LSI_SAS - ok
22:39:51.0141 0x0dc8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:39:51.0141 0x0dc8  LSI_SAS2 - ok
22:39:51.0156 0x0dc8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:39:51.0156 0x0dc8  LSI_SCSI - ok
22:39:51.0188 0x0dc8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:39:51.0203 0x0dc8  luafv - ok
22:39:51.0406 0x0dc8  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:39:51.0406 0x0dc8  MBAMProtector - ok
22:39:51.0562 0x0dc8  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
22:39:51.0671 0x0dc8  MBAMScheduler - ok
22:39:51.0796 0x0dc8  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
22:39:51.0874 0x0dc8  MBAMService - ok
22:39:51.0952 0x0dc8  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:39:51.0952 0x0dc8  MBAMWebAccessControl - ok
22:39:51.0983 0x0dc8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:39:51.0983 0x0dc8  Mcx2Svc - ok
22:39:51.0999 0x0dc8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:39:51.0999 0x0dc8  megasas - ok
22:39:52.0014 0x0dc8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:39:52.0030 0x0dc8  MegaSR - ok
22:39:52.0077 0x0dc8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:39:52.0092 0x0dc8  MMCSS - ok
22:39:52.0092 0x0dc8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:39:52.0108 0x0dc8  Modem - ok
22:39:52.0124 0x0dc8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:39:52.0124 0x0dc8  monitor - ok
22:39:52.0155 0x0dc8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:39:52.0155 0x0dc8  mouclass - ok
22:39:52.0170 0x0dc8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:39:52.0170 0x0dc8  mouhid - ok
22:39:52.0202 0x0dc8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:39:52.0202 0x0dc8  mountmgr - ok
22:39:52.0248 0x0dc8  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:52.0264 0x0dc8  MozillaMaintenance - ok
22:39:52.0311 0x0dc8  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:39:52.0311 0x0dc8  MpFilter - ok
22:39:52.0358 0x0dc8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:39:52.0358 0x0dc8  mpio - ok
22:39:52.0404 0x0dc8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:39:52.0404 0x0dc8  mpsdrv - ok
22:39:52.0451 0x0dc8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:39:52.0498 0x0dc8  MpsSvc - ok
22:39:52.0545 0x0dc8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:39:52.0545 0x0dc8  MRxDAV - ok
22:39:52.0592 0x0dc8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:52.0592 0x0dc8  mrxsmb - ok
22:39:52.0623 0x0dc8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:52.0638 0x0dc8  mrxsmb10 - ok
22:39:52.0670 0x0dc8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:52.0670 0x0dc8  mrxsmb20 - ok
22:39:52.0701 0x0dc8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:39:52.0701 0x0dc8  msahci - ok
22:39:52.0732 0x0dc8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:39:52.0748 0x0dc8  msdsm - ok
22:39:52.0779 0x0dc8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:39:52.0779 0x0dc8  MSDTC - ok
22:39:52.0810 0x0dc8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:39:52.0810 0x0dc8  Msfs - ok
22:39:52.0841 0x0dc8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:39:52.0841 0x0dc8  mshidkmdf - ok
22:39:52.0857 0x0dc8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:39:52.0857 0x0dc8  msisadrv - ok
22:39:52.0904 0x0dc8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:39:52.0904 0x0dc8  MSiSCSI - ok
22:39:52.0919 0x0dc8  msiserver - ok
22:39:52.0919 0x0dc8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:39:52.0919 0x0dc8  MSKSSRV - ok
22:39:52.0997 0x0dc8  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:39:52.0997 0x0dc8  MsMpSvc - ok
22:39:53.0013 0x0dc8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:53.0013 0x0dc8  MSPCLOCK - ok
22:39:53.0028 0x0dc8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:39:53.0028 0x0dc8  MSPQM - ok
22:39:53.0060 0x0dc8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:39:53.0075 0x0dc8  MsRPC - ok
22:39:53.0106 0x0dc8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:39:53.0106 0x0dc8  mssmbios - ok
22:39:53.0106 0x0dc8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:39:53.0122 0x0dc8  MSTEE - ok
22:39:53.0122 0x0dc8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:39:53.0122 0x0dc8  MTConfig - ok
22:39:53.0153 0x0dc8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:39:53.0153 0x0dc8  Mup - ok
22:39:53.0184 0x0dc8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:39:53.0231 0x0dc8  napagent - ok
22:39:53.0309 0x0dc8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:39:53.0325 0x0dc8  NativeWifiP - ok
22:39:53.0403 0x0dc8  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
22:39:53.0450 0x0dc8  NAUpdate - ok
22:39:53.0559 0x0dc8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:39:53.0621 0x0dc8  NDIS - ok
22:39:53.0684 0x0dc8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:53.0684 0x0dc8  NdisCap - ok
22:39:53.0715 0x0dc8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:53.0715 0x0dc8  NdisTapi - ok
22:39:53.0730 0x0dc8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:53.0746 0x0dc8  Ndisuio - ok
22:39:53.0762 0x0dc8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:53.0762 0x0dc8  NdisWan - ok
22:39:53.0777 0x0dc8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:39:53.0793 0x0dc8  NDProxy - ok
22:39:53.0824 0x0dc8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:39:53.0824 0x0dc8  NetBIOS - ok
22:39:53.0855 0x0dc8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:39:53.0855 0x0dc8  NetBT - ok
22:39:53.0918 0x0dc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
22:39:53.0918 0x0dc8  Netlogon - ok
22:39:53.0964 0x0dc8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:39:53.0996 0x0dc8  Netman - ok
22:39:54.0042 0x0dc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:54.0074 0x0dc8  NetMsmqActivator - ok
22:39:54.0105 0x0dc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:54.0105 0x0dc8  NetPipeActivator - ok
22:39:54.0136 0x0dc8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:39:54.0152 0x0dc8  netprofm - ok
22:39:54.0152 0x0dc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:54.0167 0x0dc8  NetTcpActivator - ok
22:39:54.0167 0x0dc8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:54.0183 0x0dc8  NetTcpPortSharing - ok
22:39:54.0198 0x0dc8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:39:54.0214 0x0dc8  nfrd960 - ok
22:39:54.0261 0x0dc8  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:39:54.0261 0x0dc8  NisDrv - ok
22:39:54.0323 0x0dc8  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:39:54.0323 0x0dc8  NisSrv - ok
22:39:54.0386 0x0dc8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:39:54.0386 0x0dc8  NlaSvc - ok
22:39:54.0417 0x0dc8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:39:54.0417 0x0dc8  Npfs - ok
22:39:54.0432 0x0dc8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:39:54.0432 0x0dc8  nsi - ok
22:39:54.0448 0x0dc8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:39:54.0448 0x0dc8  nsiproxy - ok
22:39:54.0542 0x0dc8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:39:54.0635 0x0dc8  Ntfs - ok
22:39:54.0698 0x0dc8  [ 6CC09D2F0BA4A09BABC3C41B8FD888F7, 25E8E30575EF2A20600509FD74B18E90D497B742ABAF946073128EA8DEFE5F54 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
22:39:54.0822 0x0dc8  NTI IScheduleSvc - ok
22:39:54.0838 0x0dc8  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
22:39:54.0838 0x0dc8  NTIDrvr - ok
22:39:54.0854 0x0dc8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:39:54.0854 0x0dc8  Null - ok
22:39:54.0885 0x0dc8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:39:54.0900 0x0dc8  nvraid - ok
22:39:54.0932 0x0dc8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:39:54.0947 0x0dc8  nvstor - ok
22:39:54.0978 0x0dc8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:39:54.0978 0x0dc8  nv_agp - ok
22:39:55.0010 0x0dc8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:39:55.0010 0x0dc8  ohci1394 - ok
22:39:55.0056 0x0dc8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:39:55.0088 0x0dc8  p2pimsvc - ok
22:39:55.0119 0x0dc8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:39:55.0150 0x0dc8  p2psvc - ok
22:39:55.0181 0x0dc8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:39:55.0181 0x0dc8  Parport - ok
22:39:55.0228 0x0dc8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:39:55.0228 0x0dc8  partmgr - ok
22:39:55.0290 0x0dc8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:39:55.0290 0x0dc8  PcaSvc - ok
22:39:55.0337 0x0dc8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:39:55.0337 0x0dc8  pci - ok
22:39:55.0368 0x0dc8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:39:55.0384 0x0dc8  pciide - ok
22:39:55.0415 0x0dc8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:39:55.0415 0x0dc8  pcmcia - ok
22:39:55.0462 0x0dc8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:39:55.0462 0x0dc8  pcw - ok
22:39:55.0540 0x0dc8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:39:55.0587 0x0dc8  PEAUTH - ok
22:39:55.0743 0x0dc8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:39:55.0743 0x0dc8  PerfHost - ok
22:39:55.0836 0x0dc8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:39:55.0899 0x0dc8  pla - ok
22:39:55.0977 0x0dc8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:39:55.0992 0x0dc8  PlugPlay - ok
22:39:56.0008 0x0dc8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:39:56.0008 0x0dc8  PNRPAutoReg - ok
22:39:56.0039 0x0dc8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:39:56.0039 0x0dc8  PNRPsvc - ok
22:39:56.0102 0x0dc8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:39:56.0133 0x0dc8  PolicyAgent - ok
22:39:56.0164 0x0dc8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:39:56.0164 0x0dc8  Power - ok
22:39:56.0195 0x0dc8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:39:56.0195 0x0dc8  PptpMiniport - ok
22:39:56.0226 0x0dc8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:39:56.0226 0x0dc8  Processor - ok
22:39:56.0273 0x0dc8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:39:56.0289 0x0dc8  ProfSvc - ok
22:39:56.0304 0x0dc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:39:56.0304 0x0dc8  ProtectedStorage - ok
22:39:56.0336 0x0dc8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:39:56.0336 0x0dc8  Psched - ok
22:39:56.0429 0x0dc8  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:39:56.0429 0x0dc8  PSI_SVC_2 - ok
22:39:56.0507 0x0dc8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:39:56.0601 0x0dc8  ql2300 - ok
22:39:56.0632 0x0dc8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:39:56.0632 0x0dc8  ql40xx - ok
22:39:56.0663 0x0dc8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:39:56.0663 0x0dc8  QWAVE - ok
22:39:56.0694 0x0dc8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:39:56.0694 0x0dc8  QWAVEdrv - ok
22:39:56.0710 0x0dc8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:39:56.0710 0x0dc8  RasAcd - ok
22:39:56.0741 0x0dc8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:56.0741 0x0dc8  RasAgileVpn - ok
22:39:56.0757 0x0dc8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:39:56.0757 0x0dc8  RasAuto - ok
22:39:56.0772 0x0dc8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:56.0788 0x0dc8  Rasl2tp - ok
22:39:56.0819 0x0dc8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:39:56.0835 0x0dc8  RasMan - ok
22:39:56.0850 0x0dc8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:56.0850 0x0dc8  RasPppoe - ok
22:39:56.0882 0x0dc8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:39:56.0882 0x0dc8  RasSstp - ok
22:39:56.0913 0x0dc8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:39:56.0928 0x0dc8  rdbss - ok
22:39:56.0944 0x0dc8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:39:56.0944 0x0dc8  rdpbus - ok
22:39:56.0975 0x0dc8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:56.0975 0x0dc8  RDPCDD - ok
22:39:57.0006 0x0dc8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:39:57.0006 0x0dc8  RDPENCDD - ok
22:39:57.0006 0x0dc8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:39:57.0006 0x0dc8  RDPREFMP - ok
22:39:57.0069 0x0dc8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:39:57.0084 0x0dc8  RdpVideoMiniport - ok
22:39:57.0116 0x0dc8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:39:57.0131 0x0dc8  RDPWD - ok
22:39:57.0147 0x0dc8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:39:57.0162 0x0dc8  rdyboost - ok
22:39:57.0178 0x0dc8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:39:57.0194 0x0dc8  RemoteAccess - ok
22:39:57.0209 0x0dc8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:39:57.0256 0x0dc8  RemoteRegistry - ok
22:39:57.0287 0x0dc8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:39:57.0303 0x0dc8  RpcEptMapper - ok
22:39:57.0318 0x0dc8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:39:57.0318 0x0dc8  RpcLocator - ok
22:39:57.0365 0x0dc8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:39:57.0381 0x0dc8  RpcSs - ok
22:39:57.0396 0x0dc8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:39:57.0412 0x0dc8  rspndr - ok
22:39:57.0428 0x0dc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
22:39:57.0428 0x0dc8  SamSs - ok
22:39:57.0459 0x0dc8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:39:57.0459 0x0dc8  sbp2port - ok
22:39:57.0490 0x0dc8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:39:57.0490 0x0dc8  SCardSvr - ok
22:39:57.0521 0x0dc8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:39:57.0521 0x0dc8  scfilter - ok
22:39:57.0662 0x0dc8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:39:57.0708 0x0dc8  Schedule - ok
22:39:57.0740 0x0dc8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:39:57.0740 0x0dc8  SCPolicySvc - ok
22:39:57.0755 0x0dc8  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:39:57.0755 0x0dc8  sdbus - ok
22:39:57.0771 0x0dc8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:39:57.0771 0x0dc8  SDRSVC - ok
22:39:57.0849 0x0dc8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:39:57.0942 0x0dc8  secdrv - ok
22:39:58.0005 0x0dc8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:39:58.0020 0x0dc8  seclogon - ok
22:39:58.0036 0x0dc8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:39:58.0036 0x0dc8  SENS - ok
22:39:58.0052 0x0dc8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:39:58.0067 0x0dc8  SensrSvc - ok
22:39:58.0083 0x0dc8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:39:58.0083 0x0dc8  Serenum - ok
22:39:58.0098 0x0dc8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
22:39:58.0098 0x0dc8  Serial - ok
22:39:58.0130 0x0dc8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:39:58.0130 0x0dc8  sermouse - ok
22:39:58.0176 0x0dc8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:39:58.0176 0x0dc8  SessionEnv - ok
22:39:58.0208 0x0dc8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:39:58.0223 0x0dc8  sffdisk - ok
22:39:58.0223 0x0dc8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:39:58.0223 0x0dc8  sffp_mmc - ok
22:39:58.0239 0x0dc8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:39:58.0239 0x0dc8  sffp_sd - ok
22:39:58.0270 0x0dc8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:39:58.0286 0x0dc8  sfloppy - ok
22:39:58.0317 0x0dc8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:39:58.0348 0x0dc8  SharedAccess - ok
22:39:58.0410 0x0dc8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:39:58.0426 0x0dc8  ShellHWDetection - ok
22:39:58.0488 0x0dc8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:39:58.0488 0x0dc8  SiSRaid2 - ok
22:39:58.0504 0x0dc8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:39:58.0504 0x0dc8  SiSRaid4 - ok
22:39:58.0535 0x0dc8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:39:58.0551 0x0dc8  Smb - ok
22:39:58.0598 0x0dc8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:39:58.0598 0x0dc8  SNMPTRAP - ok
22:39:58.0613 0x0dc8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:39:58.0613 0x0dc8  spldr - ok
22:39:58.0676 0x0dc8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:39:58.0707 0x0dc8  Spooler - ok
22:39:58.0878 0x0dc8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:39:59.0066 0x0dc8  sppsvc - ok
22:39:59.0097 0x0dc8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:39:59.0112 0x0dc8  sppuinotify - ok
22:39:59.0159 0x0dc8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:39:59.0190 0x0dc8  srv - ok
22:39:59.0222 0x0dc8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:39:59.0237 0x0dc8  srv2 - ok
22:39:59.0300 0x0dc8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:39:59.0300 0x0dc8  srvnet - ok
22:39:59.0315 0x0dc8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:39:59.0331 0x0dc8  SSDPSRV - ok
22:39:59.0378 0x0dc8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:39:59.0393 0x0dc8  SstpSvc - ok
22:39:59.0409 0x0dc8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:39:59.0409 0x0dc8  stexstor - ok
22:39:59.0471 0x0dc8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:39:59.0518 0x0dc8  stisvc - ok
22:39:59.0534 0x0dc8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:39:59.0534 0x0dc8  swenum - ok
22:39:59.0580 0x0dc8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:39:59.0612 0x0dc8  swprv - ok
22:39:59.0705 0x0dc8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:39:59.0799 0x0dc8  SysMain - ok
22:39:59.0830 0x0dc8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:39:59.0830 0x0dc8  TabletInputService - ok
22:39:59.0861 0x0dc8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:39:59.0877 0x0dc8  TapiSrv - ok
22:39:59.0908 0x0dc8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:39:59.0908 0x0dc8  TBS - ok
22:40:00.0033 0x0dc8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:40:00.0126 0x0dc8  Tcpip - ok
22:40:00.0251 0x0dc8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:40:00.0314 0x0dc8  TCPIP6 - ok
22:40:00.0360 0x0dc8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:40:00.0360 0x0dc8  tcpipreg - ok
22:40:00.0392 0x0dc8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:40:00.0392 0x0dc8  TDPIPE - ok
22:40:00.0438 0x0dc8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:40:00.0438 0x0dc8  TDTCP - ok
22:40:00.0470 0x0dc8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:40:00.0485 0x0dc8  tdx - ok
22:40:00.0501 0x0dc8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:40:00.0501 0x0dc8  TermDD - ok
22:40:00.0548 0x0dc8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
22:40:00.0594 0x0dc8  TermService - ok
22:40:00.0610 0x0dc8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:40:00.0610 0x0dc8  Themes - ok
22:40:00.0626 0x0dc8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:40:00.0626 0x0dc8  THREADORDER - ok
22:40:00.0657 0x0dc8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:40:00.0672 0x0dc8  TrkWks - ok
22:40:00.0735 0x0dc8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:40:00.0735 0x0dc8  TrustedInstaller - ok
22:40:00.0782 0x0dc8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:00.0782 0x0dc8  tssecsrv - ok
22:40:00.0828 0x0dc8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:40:00.0844 0x0dc8  TsUsbFlt - ok
22:40:00.0891 0x0dc8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:40:00.0891 0x0dc8  TsUsbGD - ok
22:40:00.0938 0x0dc8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:40:00.0938 0x0dc8  tunnel - ok
22:40:00.0953 0x0dc8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:40:00.0969 0x0dc8  uagp35 - ok
22:40:00.0984 0x0dc8  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:40:00.0984 0x0dc8  UBHelper - ok
22:40:01.0016 0x0dc8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:40:01.0031 0x0dc8  udfs - ok
22:40:01.0062 0x0dc8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:40:01.0062 0x0dc8  UI0Detect - ok
22:40:01.0094 0x0dc8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:40:01.0094 0x0dc8  uliagpkx - ok
22:40:01.0125 0x0dc8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:40:01.0125 0x0dc8  umbus - ok
22:40:01.0140 0x0dc8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:40:01.0140 0x0dc8  UmPass - ok
22:40:01.0187 0x0dc8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:40:01.0203 0x0dc8  upnphost - ok
22:40:01.0250 0x0dc8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:01.0250 0x0dc8  usbccgp - ok
22:40:01.0296 0x0dc8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:40:01.0296 0x0dc8  usbcir - ok
22:40:01.0312 0x0dc8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:40:01.0328 0x0dc8  usbehci - ok
22:40:01.0374 0x0dc8  [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:40:01.0374 0x0dc8  usbfilter - ok
22:40:01.0421 0x0dc8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:40:01.0437 0x0dc8  usbhub - ok
22:40:01.0452 0x0dc8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:40:01.0452 0x0dc8  usbohci - ok
22:40:01.0484 0x0dc8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:40:01.0484 0x0dc8  usbprint - ok
22:40:01.0499 0x0dc8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
22:40:01.0515 0x0dc8  usbscan - ok
22:40:01.0546 0x0dc8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:01.0562 0x0dc8  USBSTOR - ok
22:40:01.0577 0x0dc8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:40:01.0577 0x0dc8  usbuhci - ok
22:40:01.0624 0x0dc8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:40:01.0624 0x0dc8  usbvideo - ok
22:40:01.0655 0x0dc8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:40:01.0671 0x0dc8  UxSms - ok
22:40:01.0686 0x0dc8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
22:40:01.0686 0x0dc8  VaultSvc - ok
22:40:01.0718 0x0dc8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:40:01.0733 0x0dc8  vdrvroot - ok
22:40:01.0764 0x0dc8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:40:01.0796 0x0dc8  vds - ok
22:40:01.0811 0x0dc8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:01.0827 0x0dc8  vga - ok
22:40:01.0842 0x0dc8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:40:01.0842 0x0dc8  VgaSave - ok
22:40:01.0874 0x0dc8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:40:01.0874 0x0dc8  vhdmp - ok
22:40:01.0905 0x0dc8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:40:01.0905 0x0dc8  viaide - ok
22:40:01.0920 0x0dc8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:40:01.0920 0x0dc8  volmgr - ok
22:40:01.0952 0x0dc8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:40:01.0967 0x0dc8  volmgrx - ok
22:40:01.0998 0x0dc8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:40:02.0014 0x0dc8  volsnap - ok
22:40:02.0045 0x0dc8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:40:02.0061 0x0dc8  vsmraid - ok
22:40:02.0139 0x0dc8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:40:02.0232 0x0dc8  VSS - ok
22:40:02.0264 0x0dc8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:02.0264 0x0dc8  vwifibus - ok
22:40:02.0295 0x0dc8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:02.0295 0x0dc8  vwififlt - ok
22:40:02.0357 0x0dc8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:40:02.0373 0x0dc8  W32Time - ok
22:40:02.0404 0x0dc8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:40:02.0404 0x0dc8  WacomPen - ok
22:40:02.0435 0x0dc8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:40:02.0435 0x0dc8  WANARP - ok
22:40:02.0435 0x0dc8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:40:02.0451 0x0dc8  Wanarpv6 - ok
22:40:02.0591 0x0dc8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:40:02.0685 0x0dc8  WatAdminSvc - ok
22:40:02.0841 0x0dc8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:40:02.0903 0x0dc8  wbengine - ok
22:40:02.0934 0x0dc8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:40:02.0950 0x0dc8  WbioSrvc - ok
22:40:02.0997 0x0dc8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:40:03.0012 0x0dc8  wcncsvc - ok
22:40:03.0044 0x0dc8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:40:03.0044 0x0dc8  WcsPlugInService - ok
22:40:03.0075 0x0dc8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:40:03.0075 0x0dc8  Wd - ok
22:40:03.0153 0x0dc8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:40:03.0184 0x0dc8  Wdf01000 - ok
22:40:03.0215 0x0dc8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:40:03.0231 0x0dc8  WdiServiceHost - ok
22:40:03.0231 0x0dc8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:40:03.0246 0x0dc8  WdiSystemHost - ok
22:40:03.0309 0x0dc8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:40:03.0324 0x0dc8  WebClient - ok
22:40:03.0387 0x0dc8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:40:03.0402 0x0dc8  Wecsvc - ok
22:40:03.0449 0x0dc8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:40:03.0449 0x0dc8  wercplsupport - ok
22:40:03.0512 0x0dc8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:40:03.0512 0x0dc8  WerSvc - ok
22:40:03.0543 0x0dc8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:03.0543 0x0dc8  WfpLwf - ok
22:40:03.0558 0x0dc8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:40:03.0574 0x0dc8  WIMMount - ok
22:40:03.0605 0x0dc8  WinDefend - ok
22:40:03.0621 0x0dc8  WinHttpAutoProxySvc - ok
22:40:03.0730 0x0dc8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:40:03.0746 0x0dc8  Winmgmt - ok
22:40:03.0948 0x0dc8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:40:04.0058 0x0dc8  WinRM - ok
22:40:04.0136 0x0dc8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:40:04.0182 0x0dc8  Wlansvc - ok
22:40:04.0245 0x0dc8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:40:04.0245 0x0dc8  wlcrasvc - ok
22:40:04.0370 0x0dc8  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:04.0479 0x0dc8  wlidsvc - ok
22:40:04.0526 0x0dc8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:40:04.0526 0x0dc8  WmiAcpi - ok
22:40:04.0572 0x0dc8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:40:04.0572 0x0dc8  wmiApSrv - ok
22:40:04.0604 0x0dc8  WMPNetworkSvc - ok
22:40:04.0619 0x0dc8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:40:04.0619 0x0dc8  WPCSvc - ok
22:40:04.0635 0x0dc8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:40:04.0650 0x0dc8  WPDBusEnum - ok
22:40:04.0650 0x0dc8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:40:04.0666 0x0dc8  ws2ifsl - ok
22:40:04.0682 0x0dc8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:40:04.0682 0x0dc8  wscsvc - ok
22:40:04.0697 0x0dc8  WSearch - ok
22:40:04.0838 0x0dc8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:40:04.0962 0x0dc8  wuauserv - ok
22:40:04.0994 0x0dc8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:40:04.0994 0x0dc8  WudfPf - ok
22:40:05.0040 0x0dc8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:05.0056 0x0dc8  WUDFRd - ok
22:40:05.0103 0x0dc8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:40:05.0118 0x0dc8  wudfsvc - ok
22:40:05.0165 0x0dc8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:40:05.0165 0x0dc8  WwanSvc - ok
22:40:05.0181 0x0dc8  ================ Scan global ===============================
22:40:05.0212 0x0dc8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:40:05.0259 0x0dc8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:40:05.0290 0x0dc8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:40:05.0352 0x0dc8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:40:05.0399 0x0dc8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:40:05.0415 0x0dc8  [ Global ] - ok
22:40:05.0415 0x0dc8  ================ Scan MBR ==================================
22:40:05.0430 0x0dc8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:40:06.0195 0x0dc8  \Device\Harddisk0\DR0 - ok
22:40:06.0195 0x0dc8  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
22:40:06.0210 0x0dc8  \Device\Harddisk1\DR1 - ok
22:40:06.0210 0x0dc8  ================ Scan VBR ==================================
22:40:06.0210 0x0dc8  [ CD8075178E884FAE33AC810A87ED1E83 ] \Device\Harddisk0\DR0\Partition1
22:40:06.0242 0x0dc8  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
22:40:06.0242 0x0dc8  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
22:40:06.0257 0x0dc8  [ 078B3B7F02D9E82ED0271B4447E3A6DD ] \Device\Harddisk0\DR0\Partition2
22:40:06.0288 0x0dc8  \Device\Harddisk0\DR0\Partition2 - ok
22:40:06.0288 0x0dc8  [ 38DEE8A0580034F212102156C04AA2AE ] \Device\Harddisk1\DR1\Partition1
22:40:06.0288 0x0dc8  \Device\Harddisk1\DR1\Partition1 - ok
22:40:06.0288 0x0dc8  ================ Scan generic autorun ======================
22:40:06.0304 0x0dc8  ETDCtrl - ok
22:40:06.0850 0x0dc8  [ 2D0838648D185E0B475E83AB1864F403, 3607D775E23C574CDEC6FA32A90114297BB914AAB5CEB9679B36FFFE484F527D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:40:07.0365 0x0dc8  RtHDVCpl - ok
22:40:07.0521 0x0dc8  [ 38AEA10E23EF79A685BF922EC9437F3E, 7C72270F92EC3F68AC5E6BF66CFFB9C113D25126C34223651F8E751E425FE33D ] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
22:40:07.0614 0x0dc8  Power Management - ok
22:40:07.0724 0x0dc8  [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
22:40:07.0786 0x0dc8  MSC - ok
22:40:07.0802 0x0dc8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
22:40:07.0802 0x0dc8  Logitech Download Assistant - ok
22:40:07.0864 0x0dc8  [ C0E1934140898B2FFCE15417A5FEACC8, 63E0803516D85932B4B820EE890E10484EBE81E61FE9F1FE7232AC8689F3B722 ] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
22:40:07.0973 0x0dc8  BackupManagerTray - ok
22:40:08.0020 0x0dc8  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
22:40:08.0160 0x0dc8  Adobe Reader Speed Launcher - ok
22:40:08.0254 0x0dc8  [ F0A99E3E103375FF23815C3E87C0FB57, 4DA734B173A832DC4CA09F50D2B81709681CBAEA0AF55E11B02DDC9C28DC31E0 ] C:\Program Files (x86)\Launch Manager\LManager.exe
22:40:08.0285 0x0dc8  LManager - ok
22:40:08.0379 0x0dc8  [ 2428317B4E5383464003677DDE3F2445, DADADB9F94F8CC5E08E7F44DBFE10EB03F4DF46A5290F4C52C192FE1A14B86DC ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:40:08.0457 0x0dc8  StartCCC - ok
22:40:08.0504 0x0dc8  [ 22EC0852DBF032A93D8DA697065FA189, 83A613C3C615EBCDAD32DF5CFFAD11642198D209AA5E22233DDDB517697070DA ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
22:40:08.0519 0x0dc8  RemoteControl10 - ok
22:40:08.0644 0x0dc8  [ 92539DADC36404FD6C75CC082051A05B, 703305931286A81204BA989CD6594649984C9FF26A801566A4D10DA6AA3777C5 ] c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
22:40:08.0644 0x0dc8  QuickFinder Scheduler - ok
22:40:08.0753 0x0dc8  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:40:08.0784 0x0dc8  Adobe ARM - ok
22:40:08.0816 0x0dc8  [ 846965AE55A2662B1576C0F392DD1D6E, 0ADE383991FDC5A49DD15A27CB52CF75ABF518F0335E92003C0FF75DB417BBDC ] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
22:40:08.0831 0x0dc8  SSBkgdUpdate - ok
22:40:08.0894 0x0dc8  [ F8D427DAE2984A4968E2D1CB53634784, 02DDE830F40C48321C0AB384D2505F3AD1AD84FAF17AB411A2FE7DE3409DC0E5 ] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe
22:40:08.0909 0x0dc8  OpwareSE4 - ok
22:40:09.0003 0x0dc8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:40:09.0065 0x0dc8  Sidebar - ok
22:40:09.0096 0x0dc8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:40:09.0096 0x0dc8  mctadmin - ok
22:40:09.0143 0x0dc8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:40:09.0190 0x0dc8  Sidebar - ok
22:40:09.0190 0x0dc8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:40:09.0206 0x0dc8  mctadmin - ok
22:40:09.0268 0x0dc8  [ A5C90ACD1EA5E3C10710B0748F9C7245, F39203F51D610182D08EE19D7495FBE083C93E3D901F9A326AFF2E758E47D3A3 ] C:\4DEmbroidery\EmbMachineComms.exe
22:40:09.0315 0x0dc8  EmbMachineComms.exe - ok
22:40:09.0393 0x0dc8  [ 8D97A569A2B2807419F8F28D801AD8AE, 350F56B390AD40E08E2C99A45AD8A6895B7849C135DFE579FAD72C0C8D6D5B1D ] C:\Users\Ruth\AppData\Local\lwldvpus.exe
22:40:09.0440 0x0dc8  rmavwshj - ok
22:40:09.0486 0x0dc8  [ D61B739AF09A6A62919DC4A3EEBF184C, 371A65840A787D701304A51F15A65744FFA1CC0381773A9130A9728D2B5C6342 ] C:\Users\Ruth\AppData\Local\fsuhglaf.exe
22:40:09.0845 0x0dc8  vsenmdoe - ok
22:40:09.0892 0x0dc8  [ C0B6CAD5A4A179D2E16287CA68D7D76E, ED34F075DFA8905E52FE4C5D70A8B731D640D9C3DB1660C93591E62853D53F0E ] C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe
22:40:09.0908 0x0dc8  Vaahnoomfyhol - ok
22:40:09.0939 0x0dc8  [ 95AB0B3334FBC5EAB4DB69F4BAFB53F3, C9FCB9CCA751129D55088F17EDDA67436868387FF46B3A07FF798C4A51D4FC96 ] C:\Users\Ruth\AppData\Local\vimtqcbh.exe
22:40:09.0986 0x0dc8  cdmcviae - ok
22:40:10.0032 0x0dc8  [ 5D7FB8B769F1E0BFB4CA9C59C6422DE4, B74392DEF736ED7E4834306E4D449597D6F6B50657EB2D27EEF808D49FDCEB8D ] C:\Users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe
22:40:10.0048 0x0dc8  Houvyzhako - ok
22:40:10.0064 0x0dc8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
22:40:10.0110 0x0dc8  Win FW state via NFP2: enabled
22:40:10.0110 0x0dc8  ============================================================
22:40:10.0110 0x0dc8  Scan finished
22:40:10.0110 0x0dc8  ============================================================
22:40:10.0142 0x19d4  Detected object count: 1
22:40:10.0142 0x19d4  Actual detected object count: 1
22:40:22.0793 0x19d4  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
22:40:22.0980 0x19d4  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
22:40:22.0996 0x19d4  \Device\Harddisk0\DR0\Partition1 - ok
22:40:22.0996 0x19d4  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
22:40:23.0948 0x19d4  KLMD registered as C:\Windows\system32\drivers\28717261.sys
22:40:30.0468 0x0dd8  Deinitialize success
 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 07 September 2014 - 03:27 AM

Ok, then start a scan with TDSSKiller manually now to verify that Rootkit.Boot.Cidox.b isn't found anymore.

After that please run Combofix:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 shumidog

shumidog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 07 September 2014 - 12:54 PM

TDSSKiller did not find a problem. Ran Combofix, txt file below. Having trouble with cursor going to upper left corner and not moving. I hit Ctrl-Esc to get it back.

 

ComboFix 14-09-05.01 - Ruth 09/07/2014  13:15:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5611.4146 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ruth\AppData\Local\fsuhglaf.exe
c:\users\Ruth\AppData\Local\lwldvpus.exe
c:\users\Ruth\AppData\Local\vimtqcbh.exe
c:\users\Ruth\AppData\Local\vvepkpwb.exe
c:\users\Ruth\AppData\Local\wnlufvir.exe
c:\users\Ruth\AppData\Local\xvrpwsnk.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\regobj.dll
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-07 to 2014-09-07  )))))))))))))))))))))))))))))))
.
.
2014-09-07 17:38 . 2014-09-07 17:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-07 17:12 . 2014-09-07 17:12    69000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F51B6E0-91CC-4A3C-B901-E0CFFA6FB483}\offreg.dll
2014-09-07 02:40 . 2014-09-07 02:40    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-09-07 02:37 . 2014-09-07 02:37    --------    d-----w-    c:\users\Ruth\AppData\Roaming\Qadyygve
2014-09-06 21:59 . 2014-09-06 21:59    --------    d-----w-    c:\users\Ruth\AppData\Roaming\Izmefy
2014-09-06 21:29 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-09-06 21:29 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2014-09-06 21:29 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2014-09-06 21:29 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2014-09-06 21:28 . 2014-05-14 13:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
2014-09-06 21:28 . 2014-05-14 13:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2014-09-06 21:28 . 2014-05-14 13:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-09-06 21:28 . 2014-05-14 13:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
2014-09-06 21:14 . 2014-09-06 21:14    241248    ----a-w-    c:\windows\system32\drivers\26292892.sys
2014-09-06 21:07 . 2014-09-06 21:08    --------    d-----w-    C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-07 02:35 . 2010-06-24 18:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-06 22:18 . 2014-07-25 20:32    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-11 07:02 . 2014-07-19 15:09    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-10 12:54 . 2012-07-02 14:29    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 12:54 . 2011-11-12 21:06    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 02:09 . 2014-07-09 19:22    519168    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-30 02:04 . 2014-07-09 19:22    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-06-26 21:40 . 2011-10-29 23:23    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-06-20 20:14 . 2014-07-09 19:21    266424    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-09 19:21    23464448    ----a-w-    c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-09 19:21    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-09 19:21    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-09 19:21    2768384    ----a-w-    c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-09 19:21    548352    ----a-w-    c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-09 19:21    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-09 19:21    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-09 19:21    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-09 19:21    51200    ----a-w-    c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-09 19:21    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-09 19:21    598016    ----a-w-    c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-09 19:21    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-09 19:21    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-09 19:21    752640    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-09 19:21    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-09 19:21    452608    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-09 19:21    38400    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-09 19:21    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-09 19:21    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-09 19:21    5721088    ----a-w-    c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-09 19:21    85504    ----a-w-    c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-09 19:21    292864    ----a-w-    c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-09 19:21    608768    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-09 19:21    455168    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-09 19:21    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-09 19:21    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 19:21    62464    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-09 19:21    631808    ----a-w-    c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-09 19:21    1249280    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-09 19:21    2040832    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-09 19:21    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-09 19:21    592896    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-09 19:21    32256    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-09 19:21    2266112    ----a-w-    c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-09 19:21    4254720    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-09 19:21    13527040    ----a-w-    c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-09 19:21    1068032    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 19:21    1964544    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-09 19:21    1393664    ----a-w-    c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-09 19:21    846336    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-09 19:21    1791488    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-09 19:21    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 19:21    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-09 19:21    3157504    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EmbMachineComms.exe"="c:\4dembroidery\EmbMachineComms.exe" [2007-08-01 85504]
"Vaahnoomfyhol"="c:\users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe" [2013-10-10 374272]
"Houvyzhako"="c:\users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe" [2014-02-06 359424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-31 1092688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 336384]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-11-14 83232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 30798661
*Deregistered* - 30798661
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 12:54]
.
2014-09-07 c:\windows\Tasks\Security Center Update - 159911073.job
- c:\users\Ruth\AppData\Roaming\Qadyygve\tywaus.exe [2014-06-30 23:20]
.
2014-09-07 c:\windows\Tasks\Security Center Update - 3392444536.job
- c:\users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [2013-10-10 23:11]
.
2014-09-07 c:\windows\Tasks\Security Center Update - 4097525323.job
- c:\users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe [2014-02-06 02:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-02-23 1796200]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - my.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-rmavwshj - c:\users\Ruth\AppData\Local\lwldvpus.exe
Wow6432Node-HKCU-Run-vsenmdoe - c:\users\Ruth\AppData\Local\fsuhglaf.exe
Wow6432Node-HKCU-Run-cdmcviae - c:\users\Ruth\AppData\Local\vimtqcbh.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-47478385.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2922756106-2011690843-984619637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c5,37,25,b8,25,85,2d,1f,65,b2,29,0b,f8,c0,20,a4,7c,ab,8f,59,91,3b,22,
   8f,9a,6a,2f,f1,99,08,3f,3a,c0,36,5b,e7,e6,d8,7a,11,e7,ae,08,ee,2d,bf,a1,ae,\
"??"=hex:8e,30,b5,d7,92,68,80,5c,90,0c,fd,ec,09,69,d3,e4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-07  13:43:47
ComboFix-quarantined-files.txt  2014-09-07 17:43
.
Pre-Run: 551,701,913,600 bytes free
Post-Run: 553,512,017,920 bytes free
.
- - End Of File - - 8DC09E1203A5026F88F78BE26499547A
A36C5E4F47E84449FF07ED3517B43A31



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 07 September 2014 - 01:38 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(The version you've scanned with is outdated, so please download the latest version.)
  • Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 07 September 2014 - 01:39 PM.


#7 shumidog

shumidog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 07 September 2014 - 08:44 PM

Here's the new FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Ruth (administrator) on RUTH-PC on 07-09-2014 21:36:47
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(VSM Group AB) C:\4DEmbroidery\EmbMachineComms.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Oracle Corporation) C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe
(Futuremark) C:\Users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2008-11-14] (Corel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Houvyzhako] => C:\Users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe [359424 2014-02-05] (Futuremark)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Ybheqauwx] => C:\Users\Ruth\AppData\Roaming\Qadyygve\tywaus.exe [359424 2014-06-30] (Futuremark)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Houvyzhako] => C:\Users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe [359424 2014-02-05] (Futuremark)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ybheqauwx] => C:\Users\Ruth\AppData\Roaming\Qadyygve\tywaus.exe [359424 2014-06-30] (Futuremark)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: my.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\searchplugins\duckduckgo.xml
FF Extension: HTTPS-Everywhere - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\https-everywhere@eff.org [2014-07-03]
FF Extension: LastPass - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\support@lastpass.com [2014-06-03]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-21]
FF Extension: InvisibleHand - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-01-21]
FF Extension: Ghostery - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\firefox@ghostery.com.xpi [2013-12-17]
FF Extension: CoolPreviews - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-01-21]
FF Extension: Adblock Plus - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-21]
FF Extension: BetterPrivacy - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-01-21]
FF HKLM-x32\...\Firefox\Extensions: [copytolightning@corel.com] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2011-10-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-14]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 13:43 - 2014-09-07 13:43 - 00021928 _____ () C:\ComboFix.txt
2014-09-07 13:13 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-07 13:13 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-07 13:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-07 13:05 - 2014-09-07 13:43 - 00000000 ____D () C:\Qoobox
2014-09-07 13:05 - 2014-09-07 13:42 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 22:40 - 2014-09-06 22:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-06 22:37 - 2014-09-07 14:03 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 159911073.job
2014-09-06 22:37 - 2014-09-06 22:37 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 159911073
2014-09-06 22:37 - 2014-09-06 22:37 - 00000000 ____D () C:\Users\Ruth\AppData\Roaming\Qadyygve
2014-09-06 17:59 - 2014-09-07 14:00 - 00000794 _____ () C:\Windows\Tasks\Security Center Update - 4097525323.job
2014-09-06 17:59 - 2014-09-06 17:59 - 00003800 _____ () C:\Windows\System32\Tasks\Security Center Update - 4097525323
2014-09-06 17:59 - 2014-09-06 17:59 - 00000000 ____D () C:\Users\Ruth\AppData\Roaming\Izmefy
2014-09-06 17:29 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-06 17:29 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-06 17:29 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-06 17:29 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-06 17:28 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-06 17:28 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-06 17:28 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-06 17:28 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-06 17:28 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-06 17:28 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-06 17:14 - 2014-09-06 17:14 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\26292892.sys
2014-09-06 17:07 - 2014-09-07 21:36 - 00000000 ____D () C:\FRST
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 21:36 - 2014-09-06 17:07 - 00000000 ____D () C:\FRST
2014-09-07 21:29 - 2014-07-25 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 21:29 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 21:29 - 2009-07-14 00:51 - 00061623 _____ () C:\Windows\setupact.log
2014-09-07 14:04 - 2011-06-13 22:23 - 01388600 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 14:04 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 14:04 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 14:03 - 2014-09-06 22:37 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 159911073.job
2014-09-07 14:00 - 2014-09-06 17:59 - 00000794 _____ () C:\Windows\Tasks\Security Center Update - 4097525323.job
2014-09-07 14:00 - 2014-07-25 19:17 - 00000796 _____ () C:\Windows\Tasks\Security Center Update - 3392444536.job
2014-09-07 13:57 - 2010-11-20 23:47 - 00386556 _____ () C:\Windows\PFRO.log
2014-09-07 13:53 - 2012-07-02 10:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 13:43 - 2014-09-07 13:43 - 00021928 _____ () C:\ComboFix.txt
2014-09-07 13:43 - 2014-09-07 13:05 - 00000000 ____D () C:\Qoobox
2014-09-07 13:42 - 2014-09-07 13:05 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 13:41 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-07 13:12 - 2011-11-12 16:51 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-06 22:40 - 2014-09-06 22:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-06 22:37 - 2014-09-06 22:37 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 159911073
2014-09-06 22:37 - 2014-09-06 22:37 - 00000000 ____D () C:\Users\Ruth\AppData\Roaming\Qadyygve
2014-09-06 17:59 - 2014-09-06 17:59 - 00003800 _____ () C:\Windows\System32\Tasks\Security Center Update - 4097525323
2014-09-06 17:59 - 2014-09-06 17:59 - 00000000 ____D () C:\Users\Ruth\AppData\Roaming\Izmefy
2014-09-06 17:14 - 2014-09-06 17:14 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\26292892.sys
2014-09-06 17:09 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp
2014-09-06 16:55 - 2014-07-24 22:35 - 430288126 _____ () C:\Windows\MEMORY.DMP
2014-09-06 16:55 - 2014-07-24 22:35 - 00000000 ____D () C:\Windows\Minidump

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:20

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 08 September 2014 - 03:53 AM

Ok, there's still malware active. Let's delete those as well:


Step 1

Please download this attached Attached File  fixlist.txt   1.95KB   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by aharonov, 08 September 2014 - 03:53 AM.


#9 shumidog

shumidog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 08 September 2014 - 05:07 PM

OK attached in order Fixlog, FRST.txt, Addition.txt  I know I got the Robnix in an email that was supposed to be from my lawyer, but when this is corrected, how do I protect myself from an encore?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Ruth at 2014-09-08 17:51:22 Run:1
Running from C:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Houvyzhako] => C:\Users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe [359424 2014-02-05] (Futuremark)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [Ybheqauwx] => C:\Users\Ruth\AppData\Roaming\Qadyygve\tywaus.exe [359424 2014-06-30] (Futuremark)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Vaahnoomfyhol] => C:\Users\Ruth\AppData\Roaming\Amemzuo\imewyw.exe [374272 2013-10-10] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Houvyzhako] => C:\Users\Ruth\AppData\Roaming\Izmefy\ygbidou.exe [359424 2014-02-05] (Futuremark)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ybheqauwx] => C:\Users\Ruth\AppData\Roaming\Qadyygve\tywaus.exe [359424 2014-06-30] (Futuremark)
2014-09-06 22:37 - 2014-09-07 14:03 - 00000800 _____ () C:\Windows\Tasks\Security Center Update - 159911073.job
2014-09-06 22:37 - 2014-09-06 22:37 - 00003806 _____ () C:\Windows\System32\Tasks\Security Center Update - 159911073
2014-09-06 22:37 - 2014-09-06 22:37 - 00000000 ____D () C:\Users\Ruth\AppData\Roaming\Qadyygve
2014-09-06 17:59 - 2014-09-07 14:00 - 00000794 _____ () C:\Windows\Tasks\Security Center Update - 4097525323.job
2014-09-06 17:59 - 2014-09-06 17:59 - 00003800 _____ () C:\Windows\System32\Tasks\Security Center Update - 4097525323
2014-09-06 17:59 - 2014-09-06 17:59 - 00000000 ____D () C:\Users\Ruth\AppData\Roaming\Izmefy
C:\Users\Ruth\AppData\Roaming\Amemzuo
C:\Windows\Tasks\Security Center Update - *
C:\Windows\System32\Tasks\Security Center Update - *
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Vaahnoomfyhol => value deleted successfully.
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Houvyzhako => value deleted successfully.
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ybheqauwx => value deleted successfully.
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Vaahnoomfyhol => Value not found.
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Houvyzhako => Value not found.
HKU\S-1-5-21-2922756106-2011690843-984619637-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Ybheqauwx => Value not found.
C:\Windows\Tasks\Security Center Update - 159911073.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 159911073 => Moved successfully.
C:\Users\Ruth\AppData\Roaming\Qadyygve => Moved successfully.
C:\Windows\Tasks\Security Center Update - 4097525323.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 4097525323 => Moved successfully.
C:\Users\Ruth\AppData\Roaming\Izmefy => Moved successfully.
C:\Users\Ruth\AppData\Roaming\Amemzuo => Moved successfully.
C:\Windows\Tasks\Security Center Update - * => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - * => Moved successfully.

========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2922756106-2011690843-984619637-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Ruth
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    0105000000000005150000000AB835AE5BF7E777751AB03AE8030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x2
    RunLogonScriptSync    REG_DWORD    0x0



========= End of Reg: =========

EmptyTemp: => Removed 159.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Ruth (administrator) on RUTH-PC on 08-09-2014 17:54:15
Running from C:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(VSM Group AB) C:\4DEmbroidery\EmbMachineComms.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2008-11-14] (Corel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-2922756106-2011690843-984619637-1000\...\Run: [EmbMachineComms.exe] => C:\4DEmbroidery\EmbMachineComms.exe [85504 2007-08-01] (VSM Group AB)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: my.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\searchplugins\duckduckgo.xml
FF Extension: HTTPS-Everywhere - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\https-everywhere@eff.org [2014-07-03]
FF Extension: LastPass - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\support@lastpass.com [2014-06-03]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-21]
FF Extension: InvisibleHand - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-01-21]
FF Extension: Ghostery - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\firefox@ghostery.com.xpi [2013-12-17]
FF Extension: CoolPreviews - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-01-21]
FF Extension: Adblock Plus - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-21]
FF Extension: BetterPrivacy - C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\rx3up99b.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-01-21]
FF HKLM-x32\...\Firefox\Extensions: [copytolightning@corel.com] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2011-10-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-14]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:54 - 2014-09-08 17:54 - 00013293 _____ () C:\FRST.txt
2014-09-08 17:49 - 2014-09-07 21:28 - 02105344 _____ (Farbar) C:\FRST64.exe
2014-09-07 13:43 - 2014-09-07 13:43 - 00021928 _____ () C:\ComboFix.txt
2014-09-07 13:13 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-07 13:13 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-07 13:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-07 13:13 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-07 13:05 - 2014-09-07 13:43 - 00000000 ____D () C:\Qoobox
2014-09-07 13:05 - 2014-09-07 13:42 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 22:40 - 2014-09-06 22:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-06 17:29 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-06 17:29 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-06 17:29 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-06 17:29 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-06 17:28 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-06 17:28 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-06 17:28 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-06 17:28 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-06 17:28 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-06 17:28 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-06 17:28 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-06 17:14 - 2014-09-06 17:14 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\26292892.sys
2014-09-06 17:07 - 2014-09-08 17:54 - 00000000 ____D () C:\FRST
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:54 - 2014-09-08 17:54 - 00013293 _____ () C:\FRST.txt
2014-09-08 17:54 - 2014-09-06 17:07 - 00000000 ____D () C:\FRST
2014-09-08 17:53 - 2012-07-02 10:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 17:52 - 2010-11-20 23:47 - 00388106 _____ () C:\Windows\PFRO.log
2014-09-08 17:52 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 17:52 - 2009-07-14 00:51 - 00061735 _____ () C:\Windows\setupact.log
2014-09-08 17:51 - 2011-06-13 22:23 - 01400634 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 17:49 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 17:49 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 17:41 - 2011-10-28 19:07 - 00095240 _____ () C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 17:41 - 2009-07-14 00:45 - 00380128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 21:56 - 2012-01-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PDF995
2014-09-07 21:56 - 2012-01-15 15:38 - 00000000 ____D () C:\Program Files (x86)\HRBlock2011
2014-09-07 21:52 - 2011-11-05 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2014-09-07 21:52 - 2011-11-05 14:53 - 00000000 ____D () C:\Program Files (x86)\PopCap Games
2014-09-07 21:52 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-07 21:28 - 2014-09-08 17:49 - 02105344 _____ (Farbar) C:\FRST64.exe
2014-09-07 13:43 - 2014-09-07 13:43 - 00021928 _____ () C:\ComboFix.txt
2014-09-07 13:43 - 2014-09-07 13:05 - 00000000 ____D () C:\Qoobox
2014-09-07 13:42 - 2014-09-07 13:05 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 13:41 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-07 13:12 - 2011-11-12 16:51 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-06 22:40 - 2014-09-06 22:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-06 17:14 - 2014-09-06 17:14 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\26292892.sys
2014-09-06 17:09 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 16:55 - 2014-09-06 16:55 - 00642400 _____ () C:\Windows\Minidump\090614-27409-01.dmp
2014-09-06 16:55 - 2014-07-24 22:35 - 430288126 _____ () C:\Windows\MEMORY.DMP
2014-09-06 16:55 - 2014-07-24 22:35 - 00000000 ____D () C:\Windows\Minidump

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 10:20

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Ruth at 2014-09-08 17:56:01
Running from C:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5D Embroidery System (HKLM-x32\...\{C1B542D3-59CA-4540-932E-BF364EB2FDDE}) (Version: 1.05.0000 - VSM Software Ltd.)
5D Revue Motif Fill (HKLM-x32\...\{A97E9719-DF92-45E9-8862-0229DBEF9029}) (Version: 1.00.0000 - VSM Software Ltd.)
5D Revue MultiWave Fill (HKLM-x32\...\{A6FC2E71-DCC1-4B39-9435-4AF0067DA6ED}) (Version: 1.00.0001 - VSM Software Ltd.)
5D Revue Patchwork (HKLM-x32\...\{692CB733-DD52-4031-98EE-33FF42A32175}) (Version: 1.00.0000 - VSM Software Ltd.)
5D Revue Spiral Fill (HKLM-x32\...\{EEFC52DA-AFEE-49B4-BBDC-0926F0564752}) (Version: 1.00.0000 - VSM Software Ltd.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2011.0425.1331.22369 - ATI) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ATI Catalyst Install Manager (HKLM\...\{A503DF85-81BC-05CB-B3A9-64F158BBA840}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.90 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe 1.1 (HKLM-x32\...\Bejeweled 2 Deluxe 1.1) (Version: 1.1 - PopCap Games)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0425.1331.22369 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0425.1331.22369 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0425.1331.22369 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help English (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help French (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help German (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0425.1330.22369 - ATI) Hidden
ccc-utility64 (Version: 2011.0425.1331.22369 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Extra Content (HKLM-x32\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM-x32\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1421_35790 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1421_35790 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2531.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Embroidery Machine Communication Software (HKLM-x32\...\{4361496D-B956-4C83-A7A5-2BFDFC73FAC7}) (Version: 8.1 - VSM Software Ltd.)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Floriani Total Control Pro (HKLM-x32\...\{03E8AB09-48A8-4C78-8070-11CA5CF5F876}) (Version: 7.25.0001 - G7 Solutions)
Floriani Total Control Pro Support Files (HKLM-x32\...\{DB5D5AAC-CC72-4E60-AECD-A16EDEA641E2}) (Version: 1.01.0000 - G7Solutions)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.90 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Gateway Incorporated)
Hoyle Card Games (HKLM-x32\...\{8C5766F2-81D9-4B5A-8AD5-A8BD6361EF0A}) (Version: 1.0.0 - Encore)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Gateway)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6343 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3102 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WordPerfect Lightning - EN (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Common (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Content (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - EN (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Filters (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Graphics (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - ICA (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM EN (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Migration Manager (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - PerfectExperts (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - PR (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - QP (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Skins (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - System (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - WP (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 (HKLM-x32\...\_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version:  - Corel Corporation)
WordPerfect Office X4 (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect OfficeReady (HKLM-x32\...\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}) (Version: 1.0 - Corel Corporation.)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-07-2014 17:51:21 Windows Update
08-07-2014 16:24:24 Windows Update
09-07-2014 19:27:30 Windows Update
13-07-2014 19:28:55 Windows Update
17-07-2014 13:30:45 Windows Update
19-07-2014 15:07:57 Installed Java 7 Update 65
21-07-2014 13:32:20 Windows Update
21-07-2014 17:03:14 Windows Update
23-07-2014 21:11:14 Windows Update
06-09-2014 21:27:32 Windows Update
08-09-2014 01:53:13 Removed Times Reader
08-09-2014 01:54:38 Removed eBay Worldwide
08-09-2014 01:55:48 Removed H&R Block Basic + Efile 2011.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-09-07 13:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {215E4BA7-7590-4653-BB56-D9E8868B4815} - \Security Center Update - 3392444536 No Task File <==== ATTENTION
Task: {282AA6B3-02B9-48AB-AEFA-A19868EFED68} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-02-21] (CyberLink)
Task: {3DB72B25-6CBE-4040-83BB-4393E04D6B81} - \Security Center Update - 4097525323 No Task File <==== ATTENTION
Task: {86D5BAFC-BB6E-489D-BCDD-9C6EEA973DD9} - \Security Center Update - 159911073 No Task File <==== ATTENTION
Task: {9BF1E362-7B37-4320-B8D1-F652CCF98BFA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-04-03 11:25 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2011-03-09 13:13 - 2011-03-09 13:13 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-03-09 13:12 - 2011-03-09 13:12 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-03-09 13:12 - 2011-03-09 13:12 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 05:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2014 05:42:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 09:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 01:58:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 01:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 10:42:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 10:35:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 06:15:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 04:59:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 04:57:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/08/2014 05:51:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%3

Error: (09/08/2014 05:51:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%3

Error: (09/08/2014 05:51:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/08/2014 05:51:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/08/2014 05:51:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/08/2014 05:51:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/08/2014 05:51:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/08/2014 05:51:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2014 05:51:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NTI IScheduleSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/08/2014 05:51:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Protexis Licensing V2 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/08/2014 05:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2014 05:42:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 09:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 01:58:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 01:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 10:42:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 10:35:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 06:15:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 04:59:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 04:57:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-09-07 13:38:32.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 13:38:32.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A8-3500M APU with Radeon™ HD Graphics
Percentage of memory in use: 22%
Total physical RAM: 5610.9 MB
Available physical RAM: 4334.1 MB
Total Pagefile: 11219.98 MB
Available Pagefile: 9715.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:581.07 GB) (Free:518.81 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:3.72 GB) (Free:2.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F4486A90)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 37F9686F)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 08 September 2014 - 06:11 PM

If you were infected by an attachement from an email then the best prevention is simply to be careful. If you get an attachement always think twice before you open it. Never start executable files (*.exe, *.com, *.scr etc) from such attachements. You can also analyse such attachements at virustotal.com. Or of course check with the alleged sender of the email that it really is for you.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader 9.5.5 MUI
Java 7 Update 65




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 shumidog

shumidog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 14 September 2014 - 06:19 PM

Thank you, computer now virus free and protected.



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 14 September 2014 - 06:23 PM

You're welcome.
Take care.

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 14 September 2014 - 06:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users