Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 Com problem


  • This topic is locked This topic is locked
45 replies to this topic

#1 herrjones

herrjones

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 01 November 2014 - 10:04 AM

Greetings

 

I seem to have a popular problem.  I've accomplished the FRST scan and the have provided the files.  Thanks for the assistance.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 02 November 2014 - 04:24 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Family\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
2014-10-26 18:53 - 2014-10-26 18:53 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-26 18:49 - 2014-10-26 18:49 - 00070656 _____ () C:\Windows\system32\qhkis.dll
2014-10-26 18:49 - 2014-10-26 18:49 - 00003856 _____ () C:\Windows\System32\Tasks\{9CCAE442-2A0D-FFEB-9A5C-C0C8861BD94E}
2014-10-26 18:49 - 2014-10-26 18:49 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-26 18:49 - 2014-10-26 18:49 - 00000000 _____ () C:\Windows\system32\ttnivxx.dll
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 02 November 2014 - 08:09 PM

Afternoon

 

Here is the log:

 

Running from C:\Users\Family\Desktop
Loaded Profile: Family (Available profiles: Family)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Family\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
2014-10-26 18:53 - 2014-10-26 18:53 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-26 18:49 - 2014-10-26 18:49 - 00070656 _____ () C:\Windows\system32\qhkis.dll
2014-10-26 18:49 - 2014-10-26 18:49 - 00003856 _____ () C:\Windows\System32\Tasks\{9CCAE442-2A0D-FFEB-9A5C-C0C8861BD94E}
2014-10-26 18:49 - 2014-10-26 18:49 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-26 18:49 - 2014-10-26 18:49 - 00000000 _____ () C:\Windows\system32\ttnivxx.dll
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value deleted successfully.
"HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1793425793-3339277692-3164508590-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Windows\SysWOW64\u => Moved successfully.
C:\Windows\system32\qhkis.dll => Moved successfully.
C:\Windows\System32\Tasks\{9CCAE442-2A0D-FFEB-9A5C-C0C8861BD94E} => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
Could not move "C:\Windows\system32\ttnivxx.dll" => Scheduled to move on reboot.
EmptyTemp: => Removed 7.6 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-02 19:00:33)<=

C:\Windows\system32\ttnivxx.dll => Is moved successfully.

==== End of Fixlog ====



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 02 November 2014 - 11:22 PM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 03 November 2014 - 08:32 AM

ComboFix Log:

 

ComboFix 14-10-29.01 - Family 11/03/2014   7:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7667.5527 [GMT -6:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Family\AppData\Local\TapTap
c:\users\Family\AppData\Local\TapTap\score.xml
c:\users\Family\AppData\Roaming\Start
c:\users\Family\AppData\Roaming\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
c:\users\Family\AppData\Roaming\Start\temp_BB40E0B5\ScreenCapture.mfx
c:\users\Family\BIT35A3.tmp
c:\users\Family\xobglu32.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-03 to 2014-11-03  )))))))))))))))))))))))))))))))
.
.
2014-11-03 13:09 . 2014-11-03 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-01 14:56 . 2014-11-03 01:00 -------- d-----w- C:\FRST
2014-10-24 19:14 . 2014-10-24 19:14 -------- d-----w- c:\users\Family\AppData\Roaming\Unity
2014-10-17 16:06 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-18 02:14 . 2012-02-15 03:14 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-09-30 19:52 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 19:52 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 02:12 . 2012-05-12 11:54 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 02:12 . 2011-12-16 00:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-20 17:03 . 2014-09-20 17:00 96560 ----a-w- c:\windows\system32\bcmwlcoi.dll
2014-09-20 17:03 . 2014-09-20 17:00 3667968 ----a-w- c:\windows\system32\bcmihvui64.dll
2014-09-20 17:03 . 2014-09-20 17:00 8071888 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2014-09-20 17:03 . 2014-09-20 17:00 4400128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2014-09-20 17:03 . 2014-09-20 17:00 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2014-09-20 16:59 . 2014-09-20 17:00 1063936 ----a-w- c:\windows\system32\BCMLogon.dll
2014-09-20 16:59 . 2014-09-20 17:00 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2014-09-20 16:59 . 2014-09-20 17:00 23760 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2014-09-20 16:59 . 2014-09-20 17:00 73216 ----a-w- c:\windows\system32\wltrynt.dll
2014-09-20 16:59 . 2014-09-20 17:00 4659200 ----a-w- c:\windows\system32\bcmttls.dll
2014-09-20 16:59 . 2014-09-20 17:00 7849472 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2014-09-20 16:59 . 2014-09-20 17:00 441 ----a-w- c:\windows\system32\vcredist_x64.bat
2014-09-20 16:59 . 2014-09-20 17:00 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe
2014-09-20 16:59 . 2014-09-20 17:00 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe
2014-09-20 16:59 . 2014-09-20 17:00 446 ----a-w- c:\windows\SysWow64\vcredist_x64.bat
2014-09-09 22:11 . 2014-09-23 22:35 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 22:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-03 23:52 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-09-04 00:02 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-04 00:02 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-20 13:07 . 2014-08-20 13:07 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-08-20 13:06 . 2014-08-20 13:06 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-08-20 13:05 . 2014-08-20 13:05 445512 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}"= "c:\program files (x86)\IMVU_Inc_C\prxtbIMVU.dll" [2014-02-27 226592]
.
[HKEY_CLASSES_ROOT\clsid\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2013-03-05 12:37 231168 ----a-w- c:\program files (x86)\IMVU_Inc\prxtbIMV0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}]
2014-02-27 14:08 226592 ----a-w- c:\program files (x86)\IMVU_Inc_C\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMV0.dll" [2013-03-05 231168]
"{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}"= "c:\program files (x86)\IMVU_Inc_C\prxtbIMVU.dll" [2014-02-27 226592]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"Starfield Updater"="c:\users\Family\AppData\Local\Workspace\WorkspaceUpdate.exe" [2013-06-20 35008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-06-03 2368736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0409-0000-0000000FF1CE}"="del" [X]
"{90140000-001A-0409-0000-0000000FF1CE}"="del" [X]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 0178271414970726mcinstcleanup;McAfee Application Installer Cleanup (0178271414970726);c:\windows\TEMP\017827~1.EXE;c:\windows\TEMP\017827~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 02:12]
.
2014-11-02 c:\windows\Tasks\HPCeeScheduleForFamily.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-06-20 15:38 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-06-20 15:38 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-09-20 7032320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mDefault_Page_URL =
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0EB61E88-E1CF-4E2D-92ED-A366470850FB}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{1AC7BEAF-A8D8-4FEA-AE63-FE5703A3E5B3}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{65ADF551-E42E-499B-A420-8A55FDC8410D}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{CB15398B-A663-4A2F-858F-3CA4AA8DCA8C}: NameServer = 8.8.8.8,8.8.8.8
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
Wow6432Node-HKLM-Run-SMessaging - c:\users\Family\AppData\Local\Strongvault Online Backup\SMessaging.exe
Wow6432Node-HKLM-Run-NetworkUpdater - c:\users\Family\AppData\Local\Temp\temp2111849640.exe
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2014-11-03  07:22:03 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-03 13:22
.
Pre-Run: 827,724,177,408 bytes free
Post-Run: 826,737,446,912 bytes free
.
- - End Of File - - 7D635C48A6DE4AE82A372796C74EA994
A36C5E4F47E84449FF07ED3517B43A31
 



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 03 November 2014 - 02:20 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 03 November 2014 - 10:26 PM

I didn't clean any of the things found during this scan.  I wasn't sure if I should as the instructions didn't cover cleaning these files.

 

 

# AdwCleaner v3.311 - Report created 03/11/2014 at 20:15:33
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Family
# Running from : C:\Users\Family\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\IMVU_Inc
Folder Found : C:\Program Files (x86)\IMVU_Inc_C
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Family\AppData\Local\Strongvault
Folder Found : C:\Users\Family\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Family\AppData\LocalLow\Conduit
Folder Found : C:\Users\Family\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Family\AppData\LocalLow\IMVU_Inc
Folder Found : C:\Users\Family\AppData\LocalLow\IMVU_Inc_C
Folder Found : C:\Users\Family\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Family\AppData\Roaming\Strongvault
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=HitachiXHDS721010CLA632_JP2940J83GGSDV3GGSDVX&ts=1381622796 )
Shortcut Found : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=HitachiXHDS721010CLA632_JP2940J83GGSDV3GGSDVX&ts=1381622796 )
Shortcut Found : C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=HitachiXHDS721010CLA632_JP2940J83GGSDV3GGSDVX&ts=1381622796 )

***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Found : HKCU\Software\AppDataLow\Software\IMVU_Inc_C
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2580209-EBD1-477B-A9A9-4171D6E8958C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Found : HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2580209-EBD1-477B-A9A9-4171D6E8958C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3318151
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\dosearchessoftware
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\IMVU_Inc
Key Found : HKLM\SOFTWARE\IMVU_Inc_C
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC7B5BB-F4E1-4A7C-91C1-339F0C007994}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46095D67-3DB3-43D7-B4F1-6C62D3D877D7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DB78E5A-AA7F-4E99-8158-94AEBD6CACBF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D143C5B9-3A0C-4DF9-A201-188648C25628}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2580209-EBD1-477B-A9A9-4171D6E8958C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3318151
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [16015 octets] - [03/11/2014 20:15:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16076 octets] ##########


Edited by herrjones, 03 November 2014 - 10:33 PM.


#8 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 03 November 2014 - 10:31 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2014
Scan Time: 8:21:53 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.03.11
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 435517
Time Elapsed: 52 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 17
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [4027e4533a42e84eceffded50cf6956b],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [4027e4533a42e84eceffded50cf6956b],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [1d4a2c0b1f5d83b385ea05e2be447c84],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [1d4a2c0b1f5d83b385ea05e2be447c84],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [f671c770314b62d4de27f4f6fa08f10f],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [f671c770314b62d4de27f4f6fa08f10f],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [f671c770314b62d4de27f4f6fa08f10f],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [f671c770314b62d4de27f4f6fa08f10f],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [6ef9fe3903790c2aaed07d0816ee7b85],
PUP.Optional.DoSearches.A, HKLM\SOFTWARE\WOW6432NODE\dosearchesSoftware, Quarantined, [82e5fe399ede8da97b344f2e56aee818],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\DEFAULT TAB, Quarantined, [f3740334522a92a4cec62a3cdb28a55b],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [0d5a79be621a69cddba3295c35cfa15f],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [1c4b5cdb8af27fb72dfef36bb35036ca],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, Quarantined, [343396a1e99365d1e0b595d129da04fc],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\conduit.com, Quarantined, [ce99f443a2dad264879a029d1fe527d9],
PUP.Optional.Qone8, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [91d63ff894e8a6903a43cfb6b252f808],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3318151, Quarantined, [87e068cf3b41280e08abb743af532ad6],

Registry Values: 4
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [f671c770314b62d4de27f4f6fa08f10f],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [9bcc70c705774ceae91cc525d82a2fd1],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\DEFAULT TAB|Version, 2.0.14.0, Quarantined, [f3740334522a92a4cec62a3cdb28a55b]
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1793425793-3339277692-3164508590-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.0.14.0, Quarantined, [343396a1e99365d1e0b595d129da04fc]

Registry Data: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[fe6956e1b2ca54e2ec9f9d9c42c3da26]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[bea97dba92ea26103853ef4a37ce6d93]

Folders: 10
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\lib, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [87e068cf3b41280e08abb743af532ad6],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151, Quarantined, [87e068cf3b41280e08abb743af532ad6],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],

Files: 54
PUP.Optional.Somoto.A, C:\Users\Family\Downloads\Rogue_downloader_by_dosgamesarchive.exe, Quarantined, [4225f047e498b87e98ab261267999a66],
Backdoor.Bot, C:\Windows\Installer\{0DB8F78A-596F-472F-B022-EFBAB67DC2E3}\msiexec.exe, Quarantined, [97d083b4aececc6a41ae855615ec44bc],
Backdoor.Bot, C:\Windows\Installer\{6FC8AED0-7A35-45BC-93C1-41748EB3E9B7}\msiexec.exe, Quarantined, [3235f542d2aa25116d820ccf56ab817f],
Trojan.Agent.ED, C:\Windows\Installer\{701A99D0-170B-4B19-9459-79662688C15E}\msiexec.exe, Quarantined, [82e559deaad259dde8439041b15032ce],
Trojan.Agent.FSAVXGen, C:\Windows\Installer\{B4767D63-7A49-45FE-B6DC-ED1F2677858C}\msiexec.exe, Quarantined, [4c1bc473ccb0f4428a0ebbd5fa07ec14],
Trojan.Agent.ED, C:\Windows\Installer\{B50673CD-68CD-44D1-8815-557AA760F421}\msiexec.exe, Quarantined, [2b3c20172a5240f6a487eae72dd403fd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png, Quarantined, [bbac2e099ddf1c1a9058195e8a7a7a86],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151\configutaion.json, Quarantined, [87e068cf3b41280e08abb743af532ad6],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151\SetupIcon.ico, Quarantined, [87e068cf3b41280e08abb743af532ad6],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151\UninstallerUI.exe, Quarantined, [87e068cf3b41280e08abb743af532ad6],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\1.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\a.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\b.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\c.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\d.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\e.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\f.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\g.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\h.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\i.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\j.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\k.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\l.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\m.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\n.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\o.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\p.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\q.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\r.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\s.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\t.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\u.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\v.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\w.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\wlu.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\x.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\y.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],
PUP.Optional.PriceGong.A, C:\Users\Family\AppData\LocalLow\PriceGong\Data\z.txt, Quarantined, [ea7d231496e60a2c73286e8f59a9b050],

Physical Sectors: 0
(No malicious items detected)

(end)



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 04 November 2014 - 10:04 AM

How is your computer running now?  Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-uncheck any items that relate to programs that you wish to keep->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is your computer running now?
  • adwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 04 November 2014 - 08:12 PM

Computer is running much better now.  Task Manager show zero instances of COM surrogate.

 

I was unable to run the ESET scan.  When I click the Online Scanner button, the pop-up window appears along with a webpage error box - debug message for LINE 837.  After I pass that message, I can accept the terms of use then I get a message that says a add-on for that website failed to run.  I right clicked on the shortcut to run IE as an administrator prior to the attempt.

 

 

# AdwCleaner v3.311 - Report created 04/11/2014 at 18:43:31
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Family
# Running from : C:\Users\Family\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\IMVU_Inc
Folder Deleted : C:\Program Files (x86)\IMVU_Inc_C
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Family\AppData\Local\Strongvault
Folder Deleted : C:\Users\Family\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Family\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Family\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Family\AppData\LocalLow\IMVU_Inc_C
Folder Deleted : C:\Users\Family\AppData\Roaming\Strongvault
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3318151
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2580209-EBD1-477B-A9A9-4171D6E8958C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2580209-EBD1-477B-A9A9-4171D6E8958C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2580209-EBD1-477B-A9A9-4171D6E8958C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC7B5BB-F4E1-4A7C-91C1-339F0C007994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D143C5B9-3A0C-4DF9-A201-188648C25628}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DB78E5A-AA7F-4E99-8158-94AEBD6CACBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46095D67-3DB3-43D7-B4F1-6C62D3D877D7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc_C
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\IMVU_Inc
Key Deleted : HKLM\SOFTWARE\IMVU_Inc_C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [16321 octets] - [03/11/2014 20:15:33]
AdwCleaner[R1].txt - [14787 octets] - [04/11/2014 18:37:50]
AdwCleaner[S0].txt - [13967 octets] - [04/11/2014 18:43:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14028 octets] ##########



#11 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 04 November 2014 - 08:29 PM

Correction to my computer running.  While it is running better, my IE history shows many sites that I've not gone to and now IE is showing several iterations running in task manager. 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 05 November 2014 - 10:53 AM

OK, please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

Please include the following in your next post:
  • TDSSKiller log


Edited by RPMcMurphy, 05 November 2014 - 10:55 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 05 November 2014 - 10:32 PM

The TDSS program created two logs.    The first:

 

21:18:00.0606 0x0e50  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
21:18:24.0322 0x0e50  ============================================================
21:18:24.0322 0x0e50  Current date / time: 2014/11/05 21:18:24.0322
21:18:24.0322 0x0e50  SystemInfo:
21:18:24.0322 0x0e50 
21:18:24.0322 0x0e50  OS Version: 6.1.7601 ServicePack: 1.0
21:18:24.0322 0x0e50  Product type: Workstation
21:18:24.0322 0x0e50  ComputerName: RUSKIEVICZ
21:18:24.0322 0x0e50  UserName: Family
21:18:24.0322 0x0e50  Windows directory: C:\Windows
21:18:24.0322 0x0e50  System windows directory: C:\Windows
21:18:24.0322 0x0e50  Running under WOW64
21:18:24.0322 0x0e50  Processor architecture: Intel x64
21:18:24.0322 0x0e50  Number of processors: 4
21:18:24.0322 0x0e50  Page size: 0x1000
21:18:24.0322 0x0e50  Boot type: Normal boot
21:18:24.0322 0x0e50  ============================================================
21:18:25.0134 0x0e50  KLMD registered as C:\Windows\system32\drivers\13044573.sys
21:18:26.0631 0x0e50  System UUID: {11395101-D113-21D9-3E3D-9903B9D93E92}
21:18:28.0222 0x0e50  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:18:28.0254 0x0e50  ============================================================
21:18:28.0254 0x0e50  \Device\Harddisk0\DR0:
21:18:28.0300 0x0e50  MBR partitions:
21:18:28.0300 0x0e50  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:18:28.0300 0x0e50  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72538000
21:18:28.0300 0x0e50  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7256A800, BlocksNum 0x219B800
21:18:28.0300 0x0e50  ============================================================
21:18:28.0332 0x0e50  C: <-> \Device\Harddisk0\DR0\Partition2
21:18:28.0425 0x0e50  D: <-> \Device\Harddisk0\DR0\Partition3
21:18:28.0425 0x0e50  ============================================================
21:18:28.0425 0x0e50  Initialize success
21:18:28.0425 0x0e50  ============================================================
21:18:42.0528 0x0c08  ============================================================
21:18:42.0528 0x0c08  Scan started
21:18:42.0528 0x0c08  Mode: Manual; TDLFS;
21:18:42.0528 0x0c08  ============================================================
21:18:42.0528 0x0c08  KSN ping started
21:18:42.0918 0x0c08  KSN ping finished: false
21:18:45.0850 0x0c08  ================ Scan system memory ========================
21:18:45.0850 0x0c08  System memory - ok
21:18:45.0850 0x0c08  ================ Scan services =============================
21:18:46.0521 0x0c08  0178271414970726mcinstcleanup - ok
21:18:46.0927 0x0c08  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:18:47.0020 0x0c08  1394ohci - ok
21:18:47.0114 0x0c08  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:18:47.0145 0x0c08  ACPI - ok
21:18:47.0223 0x0c08  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:18:47.0317 0x0c08  AcpiPmi - ok
21:18:47.0551 0x0c08  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:47.0582 0x0c08  AdobeARMservice - ok
21:18:48.0050 0x0c08  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:48.0050 0x0c08  AdobeFlashPlayerUpdateSvc - ok
21:18:48.0253 0x0c08  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:18:48.0378 0x0c08  adp94xx - ok
21:18:48.0456 0x0c08  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:18:48.0487 0x0c08  adpahci - ok
21:18:48.0534 0x0c08  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:18:48.0580 0x0c08  adpu320 - ok
21:18:48.0705 0x0c08  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:18:48.0799 0x0c08  AeLookupSvc - ok
21:18:48.0955 0x0c08  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
21:18:49.0033 0x0c08  AFD - ok
21:18:49.0158 0x0c08  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:18:49.0173 0x0c08  agp440 - ok
21:18:49.0236 0x0c08  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:18:49.0267 0x0c08  ALG - ok
21:18:49.0454 0x0c08  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:18:49.0470 0x0c08  aliide - ok
21:18:49.0641 0x0c08  [ A592CA3EC9A5AF7F74D5169D556B976F, D58B7394683751AA1EE5F0E670952B0F078596D64CD63EC6B9DDFAB724C7DED0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:18:49.0672 0x0c08  AMD External Events Utility - ok
21:18:49.0704 0x0c08  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:18:49.0719 0x0c08  amdide - ok
21:18:49.0844 0x0c08  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:18:49.0875 0x0c08  AmdK8 - ok
21:18:50.0421 0x0c08  [ 1512CEEDC3657082F396A0818528B5E8, 59565101A21BD6064CCC47C8057DAA3301236324C28A7460C62A25776D171178 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:50.0718 0x0c08  amdkmdag - ok
21:18:50.0936 0x0c08  [ 3D00276750E2D6F35228E12868CF1A46, C18D2591D52F6E6F102BF0894DC34D3AB0F11845C2AAD068CEC73E4A9CD2CDFF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:18:50.0967 0x0c08  amdkmdap - ok
21:18:51.0030 0x0c08  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:18:51.0045 0x0c08  AmdPPM - ok
21:18:51.0154 0x0c08  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:18:51.0186 0x0c08  amdsata - ok
21:18:51.0201 0x0c08  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:18:51.0248 0x0c08  amdsbs - ok
21:18:51.0310 0x0c08  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:18:51.0326 0x0c08  amdxata - ok
21:18:51.0404 0x0c08  [ 352476C98EF3952563A14F767491BBA9, 386EE7663E04479465145CF41A9226446E4C0473EB31FBC9A81D0500166B812A ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
21:18:51.0404 0x0c08  amd_sata - ok
21:18:51.0513 0x0c08  [ F4805C309FE48D6939147FE5CCDB1AD4, 2F6C95401A38448460E4B0902A9026B416B2D4133239E04787E4F77152F2DE41 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
21:18:51.0529 0x0c08  amd_xata - ok
21:18:51.0685 0x0c08  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
21:18:51.0778 0x0c08  androidusb - ok
21:18:51.0841 0x0c08  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
21:18:51.0934 0x0c08  AppID - ok
21:18:51.0981 0x0c08  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:18:52.0028 0x0c08  AppIDSvc - ok
21:18:52.0122 0x0c08  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:18:52.0200 0x0c08  Appinfo - ok
21:18:52.0558 0x0c08  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:18:52.0574 0x0c08  Apple Mobile Device - ok
21:18:52.0933 0x0c08  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:18:52.0964 0x0c08  arc - ok
21:18:53.0011 0x0c08  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:18:53.0026 0x0c08  arcsas - ok
21:18:53.0276 0x0c08  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:18:53.0448 0x0c08  aspnet_state - ok
21:18:53.0635 0x0c08  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:18:53.0713 0x0c08  AsyncMac - ok
21:18:53.0900 0x0c08  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:18:53.0947 0x0c08  atapi - ok
21:18:54.0118 0x0c08  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:18:54.0196 0x0c08  AudioEndpointBuilder - ok
21:18:54.0212 0x0c08  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:18:54.0228 0x0c08  AudioSrv - ok
21:18:54.0384 0x0c08  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:18:54.0446 0x0c08  AxInstSV - ok
21:18:54.0586 0x0c08  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:18:54.0789 0x0c08  b06bdrv - ok
21:18:54.0867 0x0c08  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:18:54.0961 0x0c08  b57nd60a - ok
21:18:55.0179 0x0c08  [ 28A4012E68BC9597BCB9B26B51AAC4B6, E198961620630C37C0FDD079B921AF2A0DD61DB4617EAD9C7ED58BE25F480E51 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:18:55.0257 0x0c08  BBSvc - ok
21:18:55.0288 0x0c08  [ 785DE7ABDA13309D6065305542829E76, 78F49A5349B66042836615EF99B4EB70FA708369D315D105513C04F33070D297 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:18:55.0320 0x0c08  BBUpdate - ok
21:18:55.0444 0x0c08  [ C44E843E1A4DA2C53D08E28440B11AA4, 63B35F3A213CA5FF028F8BC9A6F48262BD9CF4A5448184855420EE375463E241 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
21:18:55.0491 0x0c08  BCM42RLY - ok
21:18:55.0897 0x0c08  [ 6A28AFEB1409E07DE96E805FA1C5723C, 58CB9EAFC414AC486338F9869926CCE51F36158246FFCE7F54BC22729839B38D ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:18:56.0427 0x0c08  BCM43XX - ok
21:18:56.0568 0x0c08  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:18:56.0661 0x0c08  BDESVC - ok
21:18:56.0848 0x0c08  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:18:56.0926 0x0c08  Beep - ok
21:18:57.0098 0x0c08  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:18:57.0145 0x0c08  BFE - ok
21:18:57.0566 0x0c08  [ 9BF7ED72685E81BF8763B1585D40C57F, 69C463A4284A4AC8968F3D1690E4F1560486AB7D17A704F705D6A8896915A3B4 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
21:18:57.0613 0x0c08  BingDesktopUpdate - ok
21:18:57.0738 0x0c08  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
21:18:57.0800 0x0c08  BITS - ok
21:18:58.0018 0x0c08  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:18:58.0065 0x0c08  blbdrive - ok
21:18:58.0346 0x0c08  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:18:58.0377 0x0c08  Bonjour Service - ok
21:18:58.0518 0x0c08  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:18:58.0549 0x0c08  bowser - ok
21:18:58.0658 0x0c08  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:18:58.0689 0x0c08  BrFiltLo - ok
21:18:58.0767 0x0c08  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:18:58.0798 0x0c08  BrFiltUp - ok
21:18:59.0126 0x0c08  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:18:59.0188 0x0c08  BridgeMP - ok
21:18:59.0251 0x0c08  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:18:59.0266 0x0c08  Browser - ok
21:18:59.0344 0x0c08  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:18:59.0500 0x0c08  Brserid - ok
21:18:59.0610 0x0c08  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:18:59.0703 0x0c08  BrSerWdm - ok
21:18:59.0750 0x0c08  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:18:59.0781 0x0c08  BrUsbMdm - ok
21:18:59.0797 0x0c08  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:18:59.0812 0x0c08  BrUsbSer - ok
21:19:00.0031 0x0c08  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:19:00.0140 0x0c08  BthEnum - ok
21:19:00.0202 0x0c08  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:19:00.0249 0x0c08  BTHMODEM - ok
21:19:00.0265 0x0c08  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:19:00.0296 0x0c08  BthPan - ok
21:19:00.0436 0x0c08  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:19:00.0546 0x0c08  BTHPORT - ok
21:19:00.0624 0x0c08  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:19:00.0686 0x0c08  bthserv - ok
21:19:00.0748 0x0c08  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:19:00.0764 0x0c08  BTHUSB - ok
21:19:00.0904 0x0c08  [ A0DFB69ADE3444C78B17636FCF28E898, 21B1E76F056C2AFD5DEAFD620D2F90F4F617F8E76A88CEA2196E69D2CFBEE88B ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
21:19:00.0982 0x0c08  BTWAMPFL - ok
21:19:00.0998 0x0c08  [ 7CF028CE78696882B327FF13D2DFA534, 624C88C3CB511DE5F8279B7E982632F81FDFCAC8F2B038B69FEB686400E0C4F8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:19:01.0060 0x0c08  btwaudio - ok
21:19:01.0076 0x0c08  [ 3DEF2370E414B4E299673558BA171A51, 5A0923D9F941ABD34EC9BEE0EB62A62F135CBF128061239CC6EA0E6752791636 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:19:01.0170 0x0c08  btwavdt - ok
21:19:01.0388 0x0c08  [ 1AD3A2BAF31C4327DCBB2B0ECA4A23BB, 2A32CE5BF7D55E21E72FC06FBCFEEE07281FE7FF94923F671C099B1C76369661 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:19:01.0528 0x0c08  btwdins - ok
21:19:01.0622 0x0c08  [ 346B4051B3D7FF70E8F027869B8ECA6E, 7C0485F592368016C6BAB8B1BC24C89454D4B305C3E6DFB8AAF4CDB26062D4EB ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:19:01.0684 0x0c08  btwl2cap - ok
21:19:01.0700 0x0c08  [ 9937E0E4DFC0030560A6DFE9D3A94B39, 0B9CF1932D4534BD7B1F5D7B7BD5FBF9C8D156838D24ABBDE475E79EEF1150F1 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:19:01.0762 0x0c08  btwrchid - ok
21:19:01.0918 0x0c08  [ A3AD13CA2747953DDD4C9AE4FB925BEC, 860FA3A04DE9DA0B19C625681E594713844F3401FEFD7C26A28C6C94BA6920C7 ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
21:19:01.0981 0x0c08  CalendarSynchService - ok
21:19:02.0308 0x0c08  catchme - ok
21:19:02.0386 0x0c08  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:19:02.0449 0x0c08  cdfs - ok
21:19:02.0527 0x0c08  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:19:02.0605 0x0c08  cdrom - ok
21:19:02.0792 0x0c08  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:19:02.0870 0x0c08  CertPropSvc - ok
21:19:03.0120 0x0c08  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\Windows\system32\drivers\cfwids.sys
21:19:03.0151 0x0c08  cfwids - ok
21:19:03.0338 0x0c08  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:19:03.0525 0x0c08  circlass - ok
21:19:03.0572 0x0c08  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:19:03.0603 0x0c08  CLFS - ok
21:19:03.0806 0x0c08  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:03.0853 0x0c08  clr_optimization_v2.0.50727_32 - ok
21:19:03.0962 0x0c08  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:19:03.0993 0x0c08  clr_optimization_v2.0.50727_64 - ok
21:19:04.0321 0x0c08  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:04.0477 0x0c08  clr_optimization_v4.0.30319_32 - ok
21:19:04.0570 0x0c08  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:19:04.0695 0x0c08  clr_optimization_v4.0.30319_64 - ok
21:19:04.0773 0x0c08  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:19:04.0804 0x0c08  CmBatt - ok
21:19:04.0851 0x0c08  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:19:04.0882 0x0c08  cmdide - ok
21:19:04.0929 0x0c08  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:19:04.0992 0x0c08  CNG - ok
21:19:05.0023 0x0c08  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:19:05.0054 0x0c08  Compbatt - ok
21:19:05.0163 0x0c08  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:19:05.0226 0x0c08  CompositeBus - ok
21:19:05.0272 0x0c08  COMSysApp - ok
21:19:05.0304 0x0c08  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:19:05.0319 0x0c08  crcdisk - ok
21:19:05.0428 0x0c08  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:19:05.0475 0x0c08  CryptSvc - ok
21:19:05.0647 0x0c08  [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
21:19:05.0662 0x0c08  ctxusbm - ok
21:19:05.0912 0x0c08  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:19:05.0943 0x0c08  cvhsvc - ok
21:19:06.0068 0x0c08  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:19:06.0084 0x0c08  DcomLaunch - ok
21:19:06.0193 0x0c08  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:19:06.0271 0x0c08  defragsvc - ok
21:19:06.0318 0x0c08  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:19:06.0411 0x0c08  DfsC - ok
21:19:06.0520 0x0c08  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:19:06.0552 0x0c08  Dhcp - ok
21:19:06.0598 0x0c08  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:19:06.0645 0x0c08  discache - ok
21:19:06.0879 0x0c08  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:19:06.0910 0x0c08  Disk - ok
21:19:07.0113 0x0c08  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:19:07.0160 0x0c08  Dnscache - ok
21:19:07.0269 0x0c08  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:19:07.0332 0x0c08  dot3svc - ok
21:19:07.0519 0x0c08  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:19:07.0550 0x0c08  Dot4 - ok
21:19:07.0737 0x0c08  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:19:07.0768 0x0c08  Dot4Print - ok
21:19:07.0815 0x0c08  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:19:07.0893 0x0c08  dot4usb - ok
21:19:08.0002 0x0c08  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:19:08.0065 0x0c08  DPS - ok
21:19:08.0190 0x0c08  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:19:08.0252 0x0c08  drmkaud - ok
21:19:08.0392 0x0c08  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:19:08.0470 0x0c08  DXGKrnl - ok
21:19:08.0626 0x0c08  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:19:08.0736 0x0c08  EapHost - ok
21:19:09.0032 0x0c08  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:19:09.0266 0x0c08  ebdrv - ok
21:19:09.0344 0x0c08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
21:19:09.0360 0x0c08  EFS - ok
21:19:09.0438 0x0c08  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:19:09.0516 0x0c08  ehRecvr - ok
21:19:09.0640 0x0c08  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:19:09.0687 0x0c08  ehSched - ok
21:19:09.0765 0x0c08  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:19:09.0828 0x0c08  elxstor - ok
21:19:09.0859 0x0c08  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:19:09.0890 0x0c08  ErrDev - ok
21:19:10.0030 0x0c08  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:19:10.0046 0x0c08  EventSystem - ok
21:19:10.0108 0x0c08  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:19:10.0171 0x0c08  exfat - ok
21:19:10.0233 0x0c08  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:19:10.0436 0x0c08  fastfat - ok
21:19:10.0576 0x0c08  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:19:10.0732 0x0c08  Fax - ok
21:19:10.0842 0x0c08  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:19:10.0857 0x0c08  fdc - ok
21:19:10.0966 0x0c08  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:19:11.0060 0x0c08  fdPHost - ok
21:19:11.0076 0x0c08  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:19:11.0138 0x0c08  FDResPub - ok
21:19:11.0622 0x0c08  [ 49E2E2C62D1A8FDEA2DDFF1778190FE3, 6D6FDABA9EE723EB63433AA0265A1931137FB0971D78B478BA33FD26A502940A ] File Backup     C:\Program Files (x86)\Workspace\offSyncService.exe
21:19:11.0778 0x0c08  File Backup - ok
21:19:11.0840 0x0c08  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:19:11.0871 0x0c08  FileInfo - ok
21:19:11.0965 0x0c08  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:19:12.0074 0x0c08  Filetrace - ok
21:19:12.0199 0x0c08  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:19:12.0246 0x0c08  flpydisk - ok
21:19:12.0339 0x0c08  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:19:12.0386 0x0c08  FltMgr - ok
21:19:12.0558 0x0c08  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
21:19:12.0604 0x0c08  FontCache - ok
21:19:12.0729 0x0c08  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:19:12.0760 0x0c08  FontCache3.0.0.0 - ok
21:19:12.0823 0x0c08  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:19:12.0838 0x0c08  FsDepends - ok
21:19:12.0901 0x0c08  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:19:12.0916 0x0c08  Fs_Rec - ok
21:19:13.0072 0x0c08  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:19:13.0104 0x0c08  fvevol - ok
21:19:13.0182 0x0c08  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:19:13.0213 0x0c08  gagp30kx - ok
21:19:13.0369 0x0c08  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:19:13.0416 0x0c08  GamesAppService - ok
21:19:13.0540 0x0c08  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:19:13.0572 0x0c08  GEARAspiWDM - ok
21:19:13.0665 0x0c08  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:19:13.0728 0x0c08  gpsvc - ok
21:19:13.0837 0x0c08  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:19:13.0930 0x0c08  hcw85cir - ok
21:19:13.0977 0x0c08  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:19:14.0008 0x0c08  HdAudAddService - ok
21:19:14.0118 0x0c08  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:19:14.0149 0x0c08  HDAudBus - ok
21:19:14.0164 0x0c08  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:19:14.0180 0x0c08  HidBatt - ok
21:19:14.0258 0x0c08  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:19:14.0289 0x0c08  HidBth - ok
21:19:14.0367 0x0c08  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:19:14.0430 0x0c08  HidIr - ok
21:19:14.0492 0x0c08  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
21:19:14.0586 0x0c08  hidserv - ok
21:19:14.0742 0x0c08  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:19:14.0757 0x0c08  HidUsb - ok
21:19:15.0038 0x0c08  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
21:19:15.0100 0x0c08  HipShieldK - ok
21:19:15.0163 0x0c08  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:19:15.0241 0x0c08  hkmsvc - ok
21:19:15.0350 0x0c08  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:19:15.0397 0x0c08  HomeGroupListener - ok
21:19:15.0568 0x0c08  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:19:15.0584 0x0c08  HomeGroupProvider - ok
21:19:15.0834 0x0c08  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
21:19:15.0865 0x0c08  HomeNetSvc - ok
21:19:15.0990 0x0c08  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:19:16.0068 0x0c08  HP Support Assistant Service - ok
21:19:16.0224 0x0c08  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:19:16.0317 0x0c08  HPClientSvc - ok
21:19:16.0536 0x0c08  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:19:16.0536 0x0c08  hpqcxs08 - ok
21:19:16.0598 0x0c08  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:19:16.0660 0x0c08  hpqddsvc - ok
21:19:16.0848 0x0c08  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:19:16.0957 0x0c08  hpqwmiex - ok
21:19:17.0066 0x0c08  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:19:17.0097 0x0c08  HpSAMD - ok
21:19:17.0253 0x0c08  [ 7F57926169C1B8ABA9274EA7D4B70F18, A2BB01054737C6B0461381221D1C344951AC2BE9E5AE01E15A6871B31B62BE78 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:19:17.0284 0x0c08  HPSLPSVC - ok
21:19:17.0472 0x0c08  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:19:17.0534 0x0c08  HTTP - ok
21:19:17.0550 0x0c08  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:19:17.0565 0x0c08  hwpolicy - ok
21:19:17.0737 0x0c08  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:19:17.0768 0x0c08  i8042prt - ok
21:19:17.0815 0x0c08  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:19:17.0877 0x0c08  iaStorV - ok
21:19:17.0971 0x0c08  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:19:18.0080 0x0c08  idsvc - ok
21:19:18.0283 0x0c08  IEEtwCollectorService - ok
21:19:18.0579 0x0c08  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:19:18.0954 0x0c08  igfx - ok
21:19:19.0000 0x0c08  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:19:19.0032 0x0c08  iirsp - ok
21:19:19.0110 0x0c08  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:19:19.0156 0x0c08  IKEEXT - ok
21:19:19.0562 0x0c08  [ 91ED47813243B455E2D81115A8255F0E, 278B3D4397DB98513A952E3DDCFF9B6E2572167E200AA5B6046B23A9E80CA04B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:19:19.0858 0x0c08  IntcAzAudAddService - ok
21:19:19.0905 0x0c08  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:19:19.0921 0x0c08  intelide - ok
21:19:20.0046 0x0c08  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:19:20.0092 0x0c08  intelppm - ok
21:19:20.0202 0x0c08  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:19:20.0295 0x0c08  IPBusEnum - ok
21:19:20.0373 0x0c08  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:20.0436 0x0c08  IpFilterDriver - ok
21:19:20.0529 0x0c08  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:19:20.0545 0x0c08  iphlpsvc - ok
21:19:20.0607 0x0c08  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:19:20.0623 0x0c08  IPMIDRV - ok
21:19:20.0670 0x0c08  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:19:20.0748 0x0c08  IPNAT - ok
21:19:20.0950 0x0c08  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:19:20.0997 0x0c08  iPod Service - ok
21:19:21.0075 0x0c08  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:19:21.0122 0x0c08  IRENUM - ok
21:19:21.0138 0x0c08  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:19:21.0153 0x0c08  isapnp - ok
21:19:21.0294 0x0c08  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:19:21.0356 0x0c08  iScsiPrt - ok
21:19:21.0450 0x0c08  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:19:21.0465 0x0c08  kbdclass - ok
21:19:21.0528 0x0c08  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:19:21.0559 0x0c08  kbdhid - ok
21:19:21.0574 0x0c08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
21:19:21.0574 0x0c08  KeyIso - ok
21:19:21.0606 0x0c08  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:19:21.0637 0x0c08  KSecDD - ok
21:19:21.0652 0x0c08  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:19:21.0668 0x0c08  KSecPkg - ok
21:19:21.0715 0x0c08  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:19:21.0793 0x0c08  ksthunk - ok
21:19:21.0840 0x0c08  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:19:21.0918 0x0c08  KtmRm - ok
21:19:21.0964 0x0c08  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:19:22.0027 0x0c08  LanmanServer - ok
21:19:22.0183 0x0c08  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:22.0230 0x0c08  LanmanWorkstation - ok
21:19:22.0401 0x0c08  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:19:22.0448 0x0c08  lltdio - ok
21:19:22.0479 0x0c08  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:19:22.0588 0x0c08  lltdsvc - ok
21:19:22.0666 0x0c08  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:19:22.0713 0x0c08  lmhosts - ok
21:19:22.0885 0x0c08  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:19:22.0916 0x0c08  LSI_FC - ok
21:19:22.0932 0x0c08  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:19:22.0963 0x0c08  LSI_SAS - ok
21:19:22.0963 0x0c08  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:19:22.0994 0x0c08  LSI_SAS2 - ok
21:19:22.0994 0x0c08  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:19:23.0025 0x0c08  LSI_SCSI - ok
21:19:23.0119 0x0c08  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:19:23.0212 0x0c08  luafv - ok
21:19:23.0431 0x0c08  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:19:23.0462 0x0c08  McAfee SiteAdvisor Service - ok
21:19:23.0883 0x0c08  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
21:19:23.0899 0x0c08  McAPExe - ok
21:19:24.0055 0x0c08  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
21:19:24.0055 0x0c08  McMPFSvc - ok
21:19:24.0070 0x0c08  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
21:19:24.0086 0x0c08  McNaiAnn - ok
21:19:24.0226 0x0c08  [ 1817FCB59F1832BC5387EC10838FC1BF, F0950EEEF5285C1C21E0C5BAFAFA44302E901EB8466427FA6AA3F1709B4D5A21 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
21:19:24.0242 0x0c08  McODS - ok
21:19:24.0476 0x0c08  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
21:19:24.0492 0x0c08  mcpltsvc - ok
21:19:24.0616 0x0c08  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
21:19:24.0632 0x0c08  McProxy - ok
21:19:24.0663 0x0c08  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:19:24.0710 0x0c08  Mcx2Svc - ok
21:19:24.0757 0x0c08  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:19:24.0772 0x0c08  megasas - ok
21:19:24.0788 0x0c08  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:19:24.0850 0x0c08  MegaSR - ok
21:19:25.0006 0x0c08  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
21:19:25.0053 0x0c08  mfeapfk - ok
21:19:25.0303 0x0c08  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
21:19:25.0334 0x0c08  mfeavfk - ok
21:19:25.0755 0x0c08  [ C83EBEE66A2754CEE5B05699A42F728B, 1D739A505AEC1F40CC8CB86D01BDCEC0E29002A609FDA96CEF3531285E8261B9 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
21:19:25.0802 0x0c08  mfecore - ok
21:19:26.0067 0x0c08  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:19:26.0114 0x0c08  mfefire - ok
21:19:26.0254 0x0c08  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
21:19:26.0301 0x0c08  mfefirek - ok
21:19:26.0660 0x0c08  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
21:19:26.0738 0x0c08  mfehidk - ok
21:19:26.0941 0x0c08  [ 93712907DEE6FFBD8A4016ECBB250DCD, FB3673BA495EF1301C4BA75B457493D9B1D5AE52642A04473575CABC1EC6EDFD ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
21:19:26.0988 0x0c08  mfencbdc - ok
21:19:27.0331 0x0c08  [ E97EE1F31F7E5349A06CE089658DA8A1, 8136155C734457E422331B3CBE67927C45FAB10B9B34789A612B58CF0E0E3BEC ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
21:19:27.0362 0x0c08  mfencrk - ok
21:19:27.0518 0x0c08  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\Windows\system32\mfevtps.exe
21:19:27.0549 0x0c08  mfevtp - ok
21:19:27.0908 0x0c08  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
21:19:28.0173 0x0c08  mfewfpk - ok
21:19:28.0345 0x0c08  Microsoft SharePoint Workspace Audit Service - ok
21:19:28.0485 0x0c08  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:19:28.0563 0x0c08  MMCSS - ok
21:19:28.0641 0x0c08  [ 8CC001C65C31633171991FA72A551D43, F256EED72C712C2B5C1DB6DE31DA52609EC0E47EB869E7BC0B70B286593A96DB ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
21:19:28.0657 0x0c08  MOBKbackup - ok
21:19:29.0000 0x0c08  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF, D949CACB9EF881194B06A961071938F57F3AD57EBB5440B6E7F0B340757641BD ] MOBKFilter      C:\Windows\system32\DRIVERS\MOBK.sys
21:19:29.0031 0x0c08  MOBKFilter - ok
21:19:29.0047 0x0c08  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:19:29.0156 0x0c08  Modem - ok
21:19:29.0265 0x0c08  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:19:29.0281 0x0c08  monitor - ok
21:19:29.0406 0x0c08  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:19:29.0437 0x0c08  mouclass - ok
21:19:29.0608 0x0c08  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:19:29.0671 0x0c08  mouhid - ok
21:19:29.0702 0x0c08  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:19:29.0733 0x0c08  mountmgr - ok
21:19:29.0796 0x0c08  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:19:29.0827 0x0c08  mpio - ok
21:19:29.0952 0x0c08  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:19:30.0014 0x0c08  mpsdrv - ok
21:19:30.0108 0x0c08  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:19:30.0186 0x0c08  MpsSvc - ok
21:19:30.0326 0x0c08  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:19:30.0529 0x0c08  MRxDAV - ok
21:19:30.0591 0x0c08  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:19:30.0638 0x0c08  mrxsmb - ok
21:19:30.0685 0x0c08  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:19:30.0716 0x0c08  mrxsmb10 - ok
21:19:30.0763 0x0c08  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:19:30.0794 0x0c08  mrxsmb20 - ok
21:19:30.0825 0x0c08  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:19:30.0841 0x0c08  msahci - ok
21:19:30.0888 0x0c08  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:19:30.0903 0x0c08  msdsm - ok
21:19:30.0934 0x0c08  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:19:30.0966 0x0c08  MSDTC - ok
21:19:31.0106 0x0c08  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:19:31.0200 0x0c08  Msfs - ok
21:19:31.0262 0x0c08  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:19:31.0371 0x0c08  mshidkmdf - ok
21:19:31.0402 0x0c08  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:19:31.0434 0x0c08  msisadrv - ok
21:19:31.0621 0x0c08  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:19:31.0761 0x0c08  MSiSCSI - ok
21:19:31.0761 0x0c08  msiserver - ok
21:19:31.0917 0x0c08  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
21:19:31.0917 0x0c08  MSK80Service - ok
21:19:31.0995 0x0c08  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:19:32.0042 0x0c08  MSKSSRV - ok
21:19:32.0089 0x0c08  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:19:32.0136 0x0c08  MSPCLOCK - ok
21:19:32.0276 0x0c08  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:19:32.0385 0x0c08  MSPQM - ok
21:19:32.0416 0x0c08  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:19:32.0448 0x0c08  MsRPC - ok
21:19:32.0510 0x0c08  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:19:32.0526 0x0c08  mssmbios - ok
21:19:32.0557 0x0c08  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:19:32.0728 0x0c08  MSTEE - ok
21:19:32.0775 0x0c08  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:19:32.0822 0x0c08  MTConfig - ok
21:19:32.0869 0x0c08  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:19:32.0884 0x0c08  Mup - ok
21:19:32.0962 0x0c08  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:19:33.0025 0x0c08  napagent - ok
21:19:33.0150 0x0c08  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:19:33.0228 0x0c08  NativeWifiP - ok
21:19:33.0274 0x0c08  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:19:33.0306 0x0c08  NDIS - ok
21:19:33.0352 0x0c08  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:19:33.0524 0x0c08  NdisCap - ok
21:19:33.0586 0x0c08  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:19:33.0633 0x0c08  NdisTapi - ok
21:19:33.0680 0x0c08  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:19:33.0742 0x0c08  Ndisuio - ok
21:19:33.0789 0x0c08  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:19:33.0898 0x0c08  NdisWan - ok
21:19:33.0961 0x0c08  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:19:34.0008 0x0c08  NDProxy - ok
21:19:34.0273 0x0c08  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:19:34.0320 0x0c08  Net Driver HPZ12 - ok
21:19:34.0398 0x0c08  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:19:34.0460 0x0c08  NetBIOS - ok
21:19:34.0491 0x0c08  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:19:34.0554 0x0c08  NetBT - ok
21:19:34.0616 0x0c08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
21:19:34.0616 0x0c08  Netlogon - ok
21:19:34.0678 0x0c08  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:19:34.0741 0x0c08  Netman - ok
21:19:34.0928 0x0c08  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:35.0006 0x0c08  NetMsmqActivator - ok
21:19:35.0006 0x0c08  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:35.0006 0x0c08  NetPipeActivator - ok
21:19:35.0068 0x0c08  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:19:35.0084 0x0c08  netprofm - ok
21:19:35.0084 0x0c08  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:35.0100 0x0c08  NetTcpActivator - ok
21:19:35.0115 0x0c08  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:35.0115 0x0c08  NetTcpPortSharing - ok
21:19:35.0193 0x0c08  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:19:35.0224 0x0c08  nfrd960 - ok
21:19:35.0256 0x0c08  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:19:35.0334 0x0c08  NlaSvc - ok
21:19:35.0677 0x0c08  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:19:35.0770 0x0c08  NOBU - ok
21:19:35.0817 0x0c08  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:19:35.0864 0x0c08  Npfs - ok
21:19:35.0942 0x0c08  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:19:36.0098 0x0c08  nsi - ok
21:19:36.0129 0x0c08  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:19:36.0207 0x0c08  nsiproxy - ok
21:19:36.0301 0x0c08  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:19:36.0410 0x0c08  Ntfs - ok
21:19:36.0457 0x0c08  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:19:36.0519 0x0c08  Null - ok
21:19:36.0566 0x0c08  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:19:36.0597 0x0c08  nvraid - ok
21:19:36.0597 0x0c08  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:19:36.0644 0x0c08  nvstor - ok
21:19:36.0660 0x0c08  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:19:36.0675 0x0c08  nv_agp - ok
21:19:36.0816 0x0c08  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:19:36.0847 0x0c08  ohci1394 - ok
21:19:37.0050 0x0c08  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:37.0096 0x0c08  ose - ok
21:19:37.0486 0x0c08  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:19:37.0783 0x0c08  osppsvc - ok
21:19:37.0892 0x0c08  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:19:37.0892 0x0c08  p2pimsvc - ok
21:19:37.0939 0x0c08  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:19:37.0970 0x0c08  p2psvc - ok
21:19:38.0064 0x0c08  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:19:38.0095 0x0c08  Parport - ok
21:19:38.0142 0x0c08  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:19:38.0173 0x0c08  partmgr - ok
21:19:38.0376 0x0c08  [ 5EACB8A19CAD7057806FBBF9550165E1, 63B9AE044F9205E395B9573BE32EC8A9695A16E4DF1BF3E7F7F5FFD336A7029E ] PcaSp60         C:\Windows\system32\DRIVERS\PcaSp60.sys
21:19:38.0485 0x0c08  PcaSp60 - ok
21:19:38.0578 0x0c08  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:19:38.0610 0x0c08  PcaSvc - ok
21:19:38.0672 0x0c08  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:19:38.0672 0x0c08  pci - ok
21:19:38.0797 0x0c08  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:19:38.0812 0x0c08  pciide - ok
21:19:38.0859 0x0c08  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:19:38.0890 0x0c08  pcmcia - ok
21:19:38.0953 0x0c08  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:19:38.0968 0x0c08  pcw - ok
21:19:39.0031 0x0c08  pdfcDispatcher - ok
21:19:39.0078 0x0c08  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:19:39.0140 0x0c08  PEAUTH - ok
21:19:39.0514 0x0c08  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:19:39.0764 0x0c08  PerfHost - ok
21:19:39.0889 0x0c08  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:19:39.0998 0x0c08  pla - ok
21:19:40.0170 0x0c08  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:19:40.0201 0x0c08  PlugPlay - ok
21:19:40.0248 0x0c08  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:19:40.0404 0x0c08  Pml Driver HPZ12 - ok
21:19:40.0513 0x0c08  PnkBstrA - ok
21:19:40.0544 0x0c08  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:19:40.0575 0x0c08  PNRPAutoReg - ok
21:19:40.0606 0x0c08  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:19:40.0606 0x0c08  PNRPsvc - ok
21:19:40.0716 0x0c08  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:19:40.0903 0x0c08  PolicyAgent - ok
21:19:40.0934 0x0c08  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:19:40.0950 0x0c08  Power - ok
21:19:41.0028 0x0c08  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:19:41.0074 0x0c08  PptpMiniport - ok
21:19:41.0168 0x0c08  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:19:41.0230 0x0c08  Processor - ok
21:19:41.0324 0x0c08  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:19:41.0402 0x0c08  ProfSvc - ok
21:19:41.0449 0x0c08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:19:41.0449 0x0c08  ProtectedStorage - ok
21:19:41.0542 0x0c08  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:19:41.0542 0x0c08  Psched - ok
21:19:41.0761 0x0c08  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:19:41.0854 0x0c08  ql2300 - ok
21:19:41.0854 0x0c08  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:19:41.0886 0x0c08  ql40xx - ok
21:19:41.0948 0x0c08  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:19:41.0979 0x0c08  QWAVE - ok
21:19:42.0026 0x0c08  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:19:42.0057 0x0c08  QWAVEdrv - ok
21:19:42.0073 0x0c08  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:19:42.0182 0x0c08  RasAcd - ok
21:19:42.0260 0x0c08  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:19:42.0307 0x0c08  RasAgileVpn - ok
21:19:42.0385 0x0c08  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:19:42.0463 0x0c08  RasAuto - ok
21:19:42.0510 0x0c08  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:19:42.0572 0x0c08  Rasl2tp - ok
21:19:42.0681 0x0c08  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:19:42.0744 0x0c08  RasMan - ok
21:19:42.0790 0x0c08  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:19:42.0837 0x0c08  RasPppoe - ok
21:19:42.0868 0x0c08  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:19:42.0915 0x0c08  RasSstp - ok
21:19:42.0962 0x0c08  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:19:43.0009 0x0c08  rdbss - ok
21:19:43.0087 0x0c08  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:19:43.0134 0x0c08  rdpbus - ok
21:19:43.0180 0x0c08  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:19:43.0227 0x0c08  RDPCDD - ok
21:19:43.0336 0x0c08  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:19:43.0399 0x0c08  RDPENCDD - ok
21:19:43.0430 0x0c08  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:19:43.0492 0x0c08  RDPREFMP - ok
21:19:43.0633 0x0c08  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:19:43.0680 0x0c08  RdpVideoMiniport - ok
21:19:43.0726 0x0c08  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:19:43.0758 0x0c08  RDPWD - ok
21:19:43.0851 0x0c08  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:19:43.0898 0x0c08  rdyboost - ok
21:19:43.0929 0x0c08  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:19:44.0023 0x0c08  RemoteAccess - ok
21:19:44.0054 0x0c08  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:19:44.0116 0x0c08  RemoteRegistry - ok
21:19:44.0210 0x0c08  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:19:44.0288 0x0c08  RFCOMM - ok
21:19:44.0428 0x0c08  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:19:44.0491 0x0c08  RpcEptMapper - ok
21:19:44.0522 0x0c08  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:19:44.0553 0x0c08  RpcLocator - ok
21:19:44.0584 0x0c08  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:19:44.0600 0x0c08  RpcSs - ok
21:19:44.0725 0x0c08  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:19:44.0787 0x0c08  rspndr - ok
21:19:45.0146 0x0c08  [ E50CFB92986DCAB49DE93788FD695813, EAE103008B967B0F064EDDA551AA553EE7C22D39D14FA0BBFEF41C4D1B6C99E5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:19:45.0208 0x0c08  RTL8167 - ok
21:19:45.0255 0x0c08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
21:19:45.0255 0x0c08  SamSs - ok
21:19:45.0349 0x0c08  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:19:45.0396 0x0c08  sbp2port - ok
21:19:45.0458 0x0c08  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:19:45.0536 0x0c08  SCardSvr - ok
21:19:45.0676 0x0c08  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:19:45.0739 0x0c08  scfilter - ok
21:19:45.0879 0x0c08  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:19:45.0988 0x0c08  Schedule - ok
21:19:46.0035 0x0c08  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:19:46.0035 0x0c08  SCPolicySvc - ok
21:19:46.0098 0x0c08  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:19:46.0191 0x0c08  sdbus - ok
21:19:46.0254 0x0c08  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:19:46.0347 0x0c08  SDRSVC - ok
21:19:46.0722 0x0c08  [ 206387AB881E93A1A6EB89966C8651F1, 3BF9DFF3E70F0787F7F94BE5B9717DFADD9E13AB8154FAE295CEAC834F0835E5 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:19:46.0768 0x0c08  SDScannerService - ok
21:19:46.0862 0x0c08  [ A529CFE32565C0B145578FFB2B32C9A5, 4B1596CBDDA74D510707FD475AAB3A89B1203E0B95ECAE3756CAA56555F9F66D ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:19:46.0909 0x0c08  SDUpdateService - ok
21:19:46.0940 0x0c08  [ CB63BDB77BB86549FC3303C2F11EDC18, 1C96C082B9CE08C8F3C088D5DE68BA8783E6F6A837A88E2654BC4CBCF7B81846 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:19:46.0940 0x0c08  SDWSCService - ok
21:19:47.0049 0x0c08  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:19:47.0096 0x0c08  secdrv - ok
21:19:47.0143 0x0c08  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:19:47.0190 0x0c08  seclogon - ok
21:19:47.0252 0x0c08  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
21:19:47.0252 0x0c08  SENS - ok
21:19:47.0502 0x0c08  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:19:47.0580 0x0c08  SensrSvc - ok
21:19:47.0673 0x0c08  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:19:47.0689 0x0c08  Serenum - ok
21:19:47.0798 0x0c08  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:19:47.0829 0x0c08  Serial - ok
21:19:47.0892 0x0c08  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:19:47.0907 0x0c08  sermouse - ok
21:19:47.0970 0x0c08  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:19:48.0235 0x0c08  SessionEnv - ok
21:19:48.0250 0x0c08  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:19:48.0282 0x0c08  sffdisk - ok
21:19:48.0344 0x0c08  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:19:48.0391 0x0c08  sffp_mmc - ok
21:19:48.0406 0x0c08  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:19:48.0438 0x0c08  sffp_sd - ok
21:19:48.0453 0x0c08  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:19:48.0469 0x0c08  sfloppy - ok
21:19:48.0843 0x0c08  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
21:19:48.0921 0x0c08  Sftfs - ok
21:19:49.0093 0x0c08  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:19:49.0140 0x0c08  sftlist - ok
21:19:49.0249 0x0c08  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:19:49.0280 0x0c08  Sftplay - ok
21:19:49.0701 0x0c08  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:19:49.0717 0x0c08  Sftredir - ok
21:19:49.0748 0x0c08  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
21:19:49.0779 0x0c08  Sftvol - ok
21:19:49.0826 0x0c08  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:19:49.0857 0x0c08  sftvsa - ok
21:19:49.0967 0x0c08  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:19:50.0029 0x0c08  SharedAccess - ok
21:19:50.0201 0x0c08  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:19:50.0263 0x0c08  ShellHWDetection - ok
21:19:50.0403 0x0c08  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:19:50.0450 0x0c08  SiSRaid2 - ok
21:19:50.0481 0x0c08  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:19:50.0513 0x0c08  SiSRaid4 - ok
21:19:50.0622 0x0c08  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:19:50.0669 0x0c08  Smb - ok
21:19:51.0027 0x0c08  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:19:51.0090 0x0c08  SNMPTRAP - ok
21:19:51.0137 0x0c08  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:19:51.0168 0x0c08  spldr - ok
21:19:51.0261 0x0c08  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:19:51.0308 0x0c08  Spooler - ok
21:19:51.0620 0x0c08  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:19:51.0698 0x0c08  sppsvc - ok
21:19:51.0839 0x0c08  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:19:51.0948 0x0c08  sppuinotify - ok
21:19:52.0010 0x0c08  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:19:52.0041 0x0c08  srv - ok
21:19:52.0151 0x0c08  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:19:52.0353 0x0c08  srv2 - ok
21:19:52.0463 0x0c08  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:19:52.0509 0x0c08  srvnet - ok
21:19:52.0603 0x0c08  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
21:19:52.0681 0x0c08  ssadbus - ok
21:19:52.0775 0x0c08  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:19:52.0837 0x0c08  ssadmdfl - ok
21:19:52.0853 0x0c08  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
21:19:52.0915 0x0c08  ssadmdm - ok
21:19:53.0165 0x0c08  [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
21:19:53.0227 0x0c08  ssadserd - ok
21:19:53.0289 0x0c08  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:19:53.0336 0x0c08  SSDPSRV - ok
21:19:53.0399 0x0c08  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:19:53.0445 0x0c08  SstpSvc - ok
21:19:53.0617 0x0c08  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:19:53.0679 0x0c08  stexstor - ok
21:19:53.0804 0x0c08  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:19:53.0851 0x0c08  stisvc - ok
21:19:53.0913 0x0c08  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:19:53.0929 0x0c08  swenum - ok
21:19:53.0991 0x0c08  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:19:54.0069 0x0c08  swprv - ok
21:19:54.0335 0x0c08  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:19:54.0381 0x0c08  SysMain - ok
21:19:54.0413 0x0c08  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:54.0444 0x0c08  TabletInputService - ok
21:19:54.0491 0x0c08  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:19:54.0584 0x0c08  TapiSrv - ok
21:19:54.0615 0x0c08  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:19:54.0615 0x0c08  TBS - ok
21:19:54.0990 0x0c08  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:19:55.0099 0x0c08  Tcpip - ok
21:19:55.0193 0x0c08  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:19:55.0224 0x0c08  TCPIP6 - ok
21:19:55.0302 0x0c08  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:19:55.0317 0x0c08  tcpipreg - ok
21:19:55.0551 0x0c08  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:19:55.0629 0x0c08  TDPIPE - ok
21:19:55.0692 0x0c08  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:19:55.0754 0x0c08  TDTCP - ok
21:19:55.0817 0x0c08  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:19:55.0879 0x0c08  tdx - ok
21:19:56.0051 0x0c08  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:19:56.0097 0x0c08  TermDD - ok
21:19:56.0191 0x0c08  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
21:19:56.0269 0x0c08  TermService - ok
21:19:56.0331 0x0c08  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:19:56.0363 0x0c08  Themes - ok
21:19:56.0456 0x0c08  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:19:56.0456 0x0c08  THREADORDER - ok
21:19:56.0487 0x0c08  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:19:56.0550 0x0c08  TrkWks - ok
21:19:56.0628 0x0c08  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:56.0721 0x0c08  TrustedInstaller - ok
21:19:56.0815 0x0c08  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:56.0846 0x0c08  tssecsrv - ok
21:19:56.0987 0x0c08  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:19:57.0080 0x0c08  TsUsbFlt - ok
21:19:57.0158 0x0c08  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:19:57.0236 0x0c08  TsUsbGD - ok
21:19:57.0423 0x0c08  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:19:57.0501 0x0c08  tunnel - ok
21:19:57.0564 0x0c08  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:19:57.0595 0x0c08  uagp35 - ok
21:19:57.0657 0x0c08  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:19:57.0720 0x0c08  udfs - ok
21:19:57.0767 0x0c08  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:19:57.0845 0x0c08  UI0Detect - ok
21:19:57.0876 0x0c08  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:19:57.0907 0x0c08  uliagpkx - ok
21:19:57.0923 0x0c08  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:19:57.0938 0x0c08  umbus - ok
21:19:57.0969 0x0c08  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:19:58.0016 0x0c08  UmPass - ok
21:19:58.0063 0x0c08  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:19:58.0125 0x0c08  upnphost - ok
21:19:58.0235 0x0c08  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:19:58.0297 0x0c08  USBAAPL64 - ok
21:19:58.0391 0x0c08  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:19:58.0484 0x0c08  usbaudio - ok
21:19:58.0531 0x0c08  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:58.0625 0x0c08  usbccgp - ok
21:19:58.0703 0x0c08  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:19:58.0749 0x0c08  usbcir - ok
21:19:58.0765 0x0c08  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:19:58.0812 0x0c08  usbehci - ok
21:19:58.0843 0x0c08  [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\Windows\system32\drivers\usbfilter.sys
21:19:58.0874 0x0c08  usbfilter - ok
21:19:59.0015 0x0c08  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:19:59.0077 0x0c08  usbhub - ok
21:19:59.0108 0x0c08  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:19:59.0217 0x0c08  usbohci - ok
21:19:59.0264 0x0c08  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:19:59.0311 0x0c08  usbprint - ok
21:19:59.0483 0x0c08  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
21:19:59.0545 0x0c08  usbscan - ok
21:19:59.0607 0x0c08  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:59.0654 0x0c08  USBSTOR - ok
21:19:59.0685 0x0c08  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:19:59.0701 0x0c08  usbuhci - ok
21:19:59.0748 0x0c08  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:19:59.0795 0x0c08  UxSms - ok
21:19:59.0826 0x0c08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
21:19:59.0826 0x0c08  VaultSvc - ok
21:19:59.0888 0x0c08  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:19:59.0919 0x0c08  vdrvroot - ok
21:19:59.0997 0x0c08  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:20:00.0075 0x0c08  vds - ok
21:20:00.0138 0x0c08  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:20:00.0169 0x0c08  vga - ok
21:20:00.0216 0x0c08  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:20:00.0294 0x0c08  VgaSave - ok
21:20:00.0309 0x0c08  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:20:00.0341 0x0c08  vhdmp - ok
21:20:00.0419 0x0c08  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:20:00.0434 0x0c08  viaide - ok
21:20:00.0512 0x0c08  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:20:00.0559 0x0c08  volmgr - ok
21:20:00.0606 0x0c08  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:20:00.0637 0x0c08  volmgrx - ok
21:20:00.0699 0x0c08  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:20:00.0731 0x0c08  volsnap - ok
21:20:00.0777 0x0c08  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:20:00.0809 0x0c08  vsmraid - ok
21:20:00.0902 0x0c08  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:20:00.0996 0x0c08  VSS - ok
21:20:01.0058 0x0c08  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:20:01.0074 0x0c08  vwifibus - ok
21:20:01.0152 0x0c08  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:20:01.0183 0x0c08  vwififlt - ok
21:20:01.0277 0x0c08  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:20:01.0308 0x0c08  vwifimp - ok
21:20:01.0370 0x0c08  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:20:01.0542 0x0c08  W32Time - ok
21:20:01.0589 0x0c08  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:20:01.0651 0x0c08  WacomPen - ok
21:20:01.0823 0x0c08  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:20:01.0869 0x0c08  WANARP - ok
21:20:01.0916 0x0c08  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:20:01.0916 0x0c08  Wanarpv6 - ok
21:20:02.0088 0x0c08  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:20:02.0166 0x0c08  WatAdminSvc - ok
21:20:02.0291 0x0c08  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:20:02.0400 0x0c08  wbengine - ok
21:20:02.0431 0x0c08  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:20:02.0478 0x0c08  WbioSrvc - ok
21:20:02.0540 0x0c08  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:20:02.0603 0x0c08  wcncsvc - ok
21:20:02.0681 0x0c08  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:20:02.0712 0x0c08  WcsPlugInService - ok
21:20:02.0727 0x0c08  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:20:02.0759 0x0c08  Wd - ok
21:20:02.0805 0x0c08  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
21:20:02.0852 0x0c08  WDC_SAM - ok
21:20:02.0930 0x0c08  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:20:02.0993 0x0c08  Wdf01000 - ok
21:20:03.0071 0x0c08  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:20:03.0102 0x0c08  WdiServiceHost - ok
21:20:03.0117 0x0c08  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:20:03.0117 0x0c08  WdiSystemHost - ok
21:20:03.0180 0x0c08  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
21:20:03.0211 0x0c08  WebClient - ok
21:20:03.0273 0x0c08  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:20:03.0336 0x0c08  Wecsvc - ok
21:20:03.0398 0x0c08  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:20:03.0398 0x0c08  wercplsupport - ok
21:20:03.0429 0x0c08  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:20:03.0492 0x0c08  WerSvc - ok
21:20:03.0585 0x0c08  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:20:03.0632 0x0c08  WfpLwf - ok
21:20:03.0695 0x0c08  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:20:03.0726 0x0c08  WIMMount - ok
21:20:03.0851 0x0c08  WinDefend - ok
21:20:03.0913 0x0c08  WinHttpAutoProxySvc - ok
21:20:04.0022 0x0c08  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:20:04.0085 0x0c08  Winmgmt - ok
21:20:04.0194 0x0c08  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:20:04.0350 0x0c08  WinRM - ok
21:20:04.0490 0x0c08  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:20:04.0490 0x0c08  WinUsb - ok
21:20:04.0521 0x0c08  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:20:04.0599 0x0c08  Wlansvc - ok
21:20:04.0693 0x0c08  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:20:04.0724 0x0c08  wlcrasvc - ok
21:20:05.0021 0x0c08  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:20:05.0099 0x0c08  wlidsvc - ok
21:20:05.0270 0x0c08  [ 874787489B7250D545EDBEA954C3CEC6, C81AF125EB64BD9C45B5AC34EABF43580C383ADFEC436BC6C7043452F2BAEDA7 ] wltrysvc        C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
21:20:05.0348 0x0c08  wltrysvc - ok
21:20:05.0457 0x0c08  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:20:05.0520 0x0c08  WmiAcpi - ok
21:20:05.0567 0x0c08  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:20:05.0598 0x0c08  wmiApSrv - ok
21:20:05.0691 0x0c08  WMPNetworkSvc - ok
21:20:05.0769 0x0c08  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:20:05.0816 0x0c08  WPCSvc - ok
21:20:05.0879 0x0c08  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:20:05.0894 0x0c08  WPDBusEnum - ok
21:20:05.0941 0x0c08  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:20:06.0003 0x0c08  ws2ifsl - ok
21:20:06.0081 0x0c08  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
21:20:06.0113 0x0c08  wscsvc - ok
21:20:06.0113 0x0c08  WSearch - ok
21:20:06.0331 0x0c08  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:20:06.0471 0x0c08  wuauserv - ok
21:20:06.0581 0x0c08  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:20:06.0596 0x0c08  WudfPf - ok
21:20:06.0674 0x0c08  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:20:06.0705 0x0c08  WUDFRd - ok
21:20:06.0752 0x0c08  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:20:06.0768 0x0c08  wudfsvc - ok
21:20:06.0861 0x0c08  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:20:06.0924 0x0c08  WwanSvc - ok
21:20:07.0017 0x0c08  ================ Scan global ===============================
21:20:07.0111 0x0c08  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:20:07.0251 0x0c08  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:20:07.0392 0x0c08  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:20:07.0439 0x0c08  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:20:07.0501 0x0c08  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:20:07.0532 0x0c08  [ Global ] - ok
21:20:07.0532 0x0c08  ================ Scan MBR ==================================
21:20:07.0595 0x0c08  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:20:08.0952 0x0c08  \Device\Harddisk0\DR0 - ok
21:20:08.0952 0x0c08  ================ Scan VBR ==================================
21:20:08.0967 0x0c08  [ EBC04A59A1206CE4949E8EBEC61F2C11 ] \Device\Harddisk0\DR0\Partition1
21:20:09.0170 0x0c08  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
21:20:09.0170 0x0c08  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
21:20:09.0217 0x0c08  [ D766680B41E0481379100D7E3D479F63 ] \Device\Harddisk0\DR0\Partition2
21:20:09.0295 0x0c08  \Device\Harddisk0\DR0\Partition2 - ok
21:20:09.0357 0x0c08  [ 85591011F5C74D83C077DA3A22B283E7 ] \Device\Harddisk0\DR0\Partition3
21:20:09.0357 0x0c08  \Device\Harddisk0\DR0\Partition3 - ok
21:20:09.0357 0x0c08  ================ Scan generic autorun ======================
21:20:09.0498 0x0c08  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
21:20:09.0529 0x0c08  hpsysdrv - ok
21:20:10.0059 0x0c08  [ 8E38A7E3249999BF90CB23505D22A5A8, 04E6EAFA14552EA6B9FBABFB76A38CA2E57C98CA64A6189F183B603DD0CD6738 ] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
21:20:10.0465 0x0c08  Broadcom Wireless Manager UI - ok
21:20:10.0605 0x0c08  [ DD79A6B15C2F28DE98DF4852AAF6B13B, 0F7E9023E0BA4B40E2DE9A9FA34E85FEAF72B93049AAB3E1D73AD046BB113E05 ] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
21:20:10.0621 0x0c08  NCPluginUpdater - ok
21:20:10.0746 0x0c08  [ 6AB979D8B90A2E0C1CBFCBB13BFF37E2, 56EFEA72B2A300D5F40C975F32C8DAE41994528FF6E4CB4AAB015F602009039A ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
21:20:10.0839 0x0c08  StartCCC - ok
21:20:10.0964 0x0c08  [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
21:20:11.0058 0x0c08  HP Software Update - ok
21:20:11.0307 0x0c08  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
21:20:11.0417 0x0c08  Norton Online Backup - ok
21:20:11.0526 0x0c08  [ 29BAD398C82369BFC1E709B536520960, F651303E2E5CB46C01A96DC7A7F6008B6B39400F826F4E507E92C6CA37FE7FCA ] C:\Program Files (x86)\PDF Complete\pdfsty.exe
21:20:11.0666 0x0c08  PDF Complete - ok
21:20:11.0838 0x0c08  [ 72860972F8196EBB3C896F53D2B95470, 95C046A66DD0089377867F073CADCE585B7C69CA23E724DCAD9D896BF01E023D ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
21:20:11.0963 0x0c08  hpqSRMon - ok
21:20:12.0041 0x0c08  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:20:12.0087 0x0c08  APSDaemon - ok
21:20:12.0197 0x0c08  [ 12FD7C1EADDDA10A67B1D6F905B3CC1E, 54FA875C5C3D7AD2D5AE966C72C63558D152455AB78816F31345443F0B13D89F ] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
21:20:12.0228 0x0c08  ContentTransferWMDetector.exe - ok
21:20:12.0431 0x0c08  [ 13075D6EF3C74F0D6567A7ED8D755F3E, EC0E2C413D4CB368AADAACFAFF7EB394816560FF3E34B024C6E30A5F3514A602 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
21:20:12.0462 0x0c08  ConnectionCenter - ok
21:20:12.0696 0x0c08  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
21:20:12.0727 0x0c08  BCSSync - ok
21:20:13.0226 0x0c08  [ B5A4EBA9487F08BECC843A87422B8052, EA905E9169CE8C934F2D6F7E319A75E31EA9E1840CC455298BEB3F92E22FCAAE ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
21:20:13.0351 0x0c08  SDTray - ok
21:20:13.0429 0x0c08  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
21:20:13.0429 0x0c08  mcui_exe - ok
21:20:13.0538 0x0c08  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:20:13.0585 0x0c08  Adobe ARM - ok
21:20:13.0601 0x0c08  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
21:20:13.0616 0x0c08  mcpltui_exe - ok
21:20:13.0866 0x0c08  [ 30EE672AD2C53BFB7DD4BE6993B07C71, 5FB6B5B71AFF14E22460C4C6CA75830736222B74D200E413E05F0CACDE2C44CF ] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
21:20:14.0037 0x0c08  BingDesktop - ok
21:20:14.0147 0x0c08  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
21:20:14.0178 0x0c08  SunJavaUpdateSched - ok
21:20:14.0240 0x0c08  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
21:20:14.0287 0x0c08  iTunesHelper - ok
21:20:14.0474 0x0c08  [ 1B2B3215F4B6B735813844AC1769E239, FCC4D5E52329531904637C19F0BA6EBD857CDFB814D3DCD799062D049FF2E485 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
21:20:14.0599 0x0c08  Spybot-S&D Cleaning - ok
21:20:14.0771 0x0c08  [ 8BBDBEBCF62898D56AB584A373A461E7, 627F24C96576C51255794DCD4DFAA39C0F0334F5E1EF69EC552DE357C2C16228 ] C:\Users\Family\AppData\Local\Workspace\workspaceupdate.exe
21:20:14.0880 0x0c08  Starfield Updater - ok
21:20:14.0958 0x0c08  [ 341B8554AC7E586326C35606937C068C, 35DD73D0A46A1409F2D99738341F5AFF785106DBBA0674D67BD8C890558A5478 ] C:\dd254ce\dd254ce.exe
21:20:15.0067 0x0c08  dd254c - ok
21:20:15.0145 0x0c08  [ 341B8554AC7E586326C35606937C068C, 35DD73D0A46A1409F2D99738341F5AFF785106DBBA0674D67BD8C890558A5478 ] C:\Users\Family\AppData\Roaming\dd254ce.exe
21:20:15.0239 0x0c08  dd254ce - ok
21:20:16.0143 0x0c08  [ EC24F26F3532EDAD54A537CC66E94DB3, FE7DDDAF894159DAB7C3FC1E1352D462BCD6FC935D593F9DEEF3B0E47554306A ] C:\Users\Family\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe
21:20:16.0736 0x0c08  GoogleUpdate - ok
21:20:17.0235 0x0c08  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
21:20:17.0251 0x0c08  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
21:20:17.0251 0x0c08  ============================================================
21:20:17.0251 0x0c08  Scan finished
21:20:17.0251 0x0c08  ============================================================
21:20:17.0251 0x156c  Detected object count: 1
21:20:17.0251 0x156c  Actual detected object count: 1
21:20:42.0570 0x156c  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
21:20:42.0710 0x156c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
21:20:42.0866 0x156c  \Device\Harddisk0\DR0\Partition1 - ok
21:20:42.0866 0x156c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
21:20:43.0007 0x156c  KLMD registered as C:\Windows\system32\drivers\35001430.sys
21:20:47.0593 0x1c24  Deinitialize success

 

 



#14 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 05 November 2014 - 10:33 PM

21:22:27.0516 0x165c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
21:22:28.0047 0x165c  ============================================================
21:22:28.0047 0x165c  Current date / time: 2014/11/05 21:22:28.0047
21:22:28.0047 0x165c  SystemInfo:
21:22:28.0047 0x165c 
21:22:28.0047 0x165c  OS Version: 6.1.7601 ServicePack: 1.0
21:22:28.0047 0x165c  Product type: Workstation
21:22:28.0047 0x165c  ComputerName: RUSKIEVICZ
21:22:28.0047 0x165c  UserName: Family
21:22:28.0047 0x165c  Windows directory: C:\Windows
21:22:28.0047 0x165c  System windows directory: C:\Windows
21:22:28.0047 0x165c  Running under WOW64
21:22:28.0047 0x165c  Processor architecture: Intel x64
21:22:28.0047 0x165c  Number of processors: 4
21:22:28.0047 0x165c  Page size: 0x1000
21:22:28.0047 0x165c  Boot type: Normal boot
21:22:28.0047 0x165c  ============================================================
21:22:28.0047 0x165c  BG loaded
21:22:30.0105 0x165c  System UUID: {11395101-D113-21D9-3E3D-9903B9D93E92}
21:22:31.0850 0x165c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:31.0882 0x165c  ============================================================
21:22:31.0882 0x165c  \Device\Harddisk0\DR0:
21:22:31.0882 0x165c  MBR partitions:
21:22:31.0882 0x165c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:22:31.0882 0x165c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72538000
21:22:31.0882 0x165c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7256A800, BlocksNum 0x219B800
21:22:31.0882 0x165c  ============================================================
21:22:31.0913 0x165c  C: <-> \Device\Harddisk0\DR0\Partition2
21:22:31.0960 0x165c  D: <-> \Device\Harddisk0\DR0\Partition3
21:22:31.0960 0x165c  ============================================================
21:22:31.0960 0x165c  Initialize success
21:22:31.0960 0x165c  ============================================================



#15 herrjones

herrjones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 05 November 2014 - 10:34 PM

Task manager shows 3 additional applications of IE running, but I only show one screen visible. I cannot view these versions of ie running nor can I make them stop

Edited by herrjones, 05 November 2014 - 10:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users