Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fff5ee.com


  • This topic is locked This topic is locked
29 replies to this topic

#1 dagscomputers

dagscomputers

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 02 November 2014 - 03:29 PM

I see this topic was closed Oct 10th without resolution.

Constant pop ups blocking IP address:

95.212.1.57

88.214.193.211

and blocking the websitefff5ee.com

Task manager shows between 5 and 8 instances of dllhost.exe running.

I have this virus for more than a week and nothing is removing it, I have the licensed MalWareBytes installed and running and completed full System Scans both in Safe Mode and Normal Mode with no results found. I had Symantec End Point 12.1.5 installed, full system scan finds nothing. I now have BitDefender Install, full system scans finds nothing. I have cleaned all the temporary directories in three of the AppData directories under my profile. I have ran ComboFix several times and it finds nothing. I have ran Norton Power Eraser - no results, Adwcleaner_3.311, Farbar Recovery Scan Tool, RogueKiller, TDSSKiller,Exterminate It, and SpyHunter. None of these programs have found the virus, but it is nearly preventing the computers it is on from being used - it makes them super slow.

 

I would consider Format and reinstall Windows but this virus came from another computer and has spread to 3 more computers since then, so that would be 4 computers that would need formatiing and still no assurance that I will not visit a site and catch the virus again since nothing I have seams to detect or prevent it.

 

If this is for real the Poweliks rootkit virus, doesn't someone out there have the solution for it yet?

 

Thanks,

Darrel



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 AM

Posted 06 November 2014 - 04:45 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 06 November 2014 - 09:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Darrel (administrator) on DARREL-PC on 06-11-2014 06:40:05
Running from C:\Users\Darrel\Downloads
Loaded Profile: Darrel (Available profiles: Darrel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Symantec Corporation) C:\Users\Darrel\AppData\Local\temp\STSFX1991\SymDiag.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell) C:\Users\Darrel\AppData\Local\Apps\2.0\OO37L7B4.JLR\78YLQ0CH.7WP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Symantec Corporation) C:\Users\Darrel\AppData\Local\temp\STSFX1991\SymDiagUi3.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\x10nets.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(VIVOTEK) C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSWebServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSConfigurationServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSStreamingServer.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSRecordingServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSQueryServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSEventServer.exe
() C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSBackupServer.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Symantec Corporation) C:\Users\Darrel\AppData\Local\temp\STSFX1991\NativeApiClientx64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6419560 2011-11-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [ST7501] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ST7501 Service Control] => C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe [2638848 2013-10-25] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-10-12] (Intel Corporation)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-3125001501-1962380850-1972986946-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3125001501-1962380850-1972986946-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3125001501-1962380850-1972986946-1001\...\Run: [DellSystemDetect] => C:\Users\Darrel\AppData\Local\Apps\2.0\OO37L7B4.JLR\78YLQ0CH.7WP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-03-13] (Dell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:49394;https=127.0.0.1:49394
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3125001501-1962380850-1972986946-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {5CDE3024-5FA0-483B-8F32-7366A980A545} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5CDE3024-5FA0-483B-8F32-7366A980A545} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {5CDE3024-5FA0-483B-8F32-7366A980A545} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5CDE3024-5FA0-483B-8F32-7366A980A545} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKCU - {356AF1B5-C747-4933-A3B8-3124C12E63EE} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {5CDE3024-5FA0-483B-8F32-7366A980A545} URL =
SearchScopes: HKCU - {A04E4CCE-88D9-438D-A228-EA3093585575} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {64865E5A-E8D7-44C1-89E1-99A84F6E56D0} http://192.168.0.103/VVTK_Plugin_Installer.exe
DPF: HKLM-x32 {73888E2B-FF04-416C-8847-984D7FC4507F} http://192.168.0.175/RtspVaPgDecNew2.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.29.16 209.242.128.101

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: WinLessPlugin -> C:\Program Files (x86)\Camera Stream Controller\npWinLessRtspCtrl.dll ()
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Darrel\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-11-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-01]
CHR Extension: (Google Docs) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-01]
CHR Extension: (Google Drive) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-01]
CHR Extension: (YouTube) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-01]
CHR Extension: (Google Search) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-01]
CHR Extension: (Google Sheets) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-01]
CHR Extension: (Google Wallet) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-01]
CHR Extension: (Gmail) - C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-10-12] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSSQLSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-06-05] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-06-05] (Intuit Inc.) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
R2 ST7501 Uranus Watch Dog; C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe [288664 2013-10-25] ()
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\x10nets.exe [20480 2010-11-02] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-22] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-10-12] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141105.011\IDSvia64.sys [525016 2014-11-04] (Symantec Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.035\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141105.035\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-11-04] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-11-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-12] (Symantec Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NTIOLib_Flash; \??\C:\Users\Darrel\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X]
S2 NVR0FLASHDev; \??\C:\Windows\nvflsh64.sys [X]
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 06:40 - 2014-11-06 06:40 - 00027645 _____ () C:\Users\Darrel\Downloads\FRST.txt
2014-11-06 06:38 - 2014-11-06 06:40 - 00000000 ____D () C:\FRST
2014-11-06 06:38 - 2014-11-06 06:38 - 02114560 _____ (Farbar) C:\Users\Darrel\Downloads\FRST64.exe
2014-11-04 20:14 - 2014-11-04 20:14 - 00000599 _____ () C:\Users\Darrel\Documents\symantec case 07612472.txt
2014-11-04 19:26 - 2014-11-04 19:26 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-11-04 19:26 - 2014-11-04 19:26 - 00000000 ____D () C:\ProgramData\SMR430
2014-11-04 19:04 - 2014-11-04 19:04 - 00126432 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-11-04 18:42 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-04 18:42 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-04 18:42 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-04 18:42 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-04 18:42 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-04 18:42 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-04 18:42 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-04 18:42 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-04 18:42 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-04 18:42 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-04 18:42 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-04 18:42 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-04 18:42 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-04 18:42 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-04 18:42 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-04 18:42 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-04 18:42 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-04 18:42 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-04 18:13 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-04 18:13 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-04 18:13 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-04 18:13 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-04 18:13 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-04 18:13 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-04 18:13 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-04 18:13 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-04 17:48 - 2014-11-04 17:48 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-04 17:48 - 2014-11-04 17:48 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-04 17:48 - 2014-11-04 17:48 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-04 17:47 - 2014-11-04 17:47 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-11-04 17:47 - 2014-11-04 17:47 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-11-04 17:45 - 2014-11-04 17:45 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-11-04 17:45 - 2014-11-04 17:45 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-11-04 17:45 - 2014-11-04 17:45 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-11-04 17:45 - 2014-11-04 17:45 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-11-04 17:45 - 2014-11-04 17:45 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-11-04 17:45 - 2014-11-04 17:45 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-11-04 17:45 - 2014-11-04 17:45 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-11-04 17:44 - 2014-11-04 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-11-04 16:51 - 2014-11-04 16:51 - 00000000 _____ () C:\tasklist.txt
2014-11-04 16:41 - 2014-11-04 16:41 - 00000000 ____D () C:\Users\Darrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-11-04 16:41 - 2014-11-04 16:41 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-11-04 16:40 - 2014-11-04 16:45 - 00201018 _____ () C:\Windows\Minidump\conhost.dmp
2014-11-04 16:36 - 2014-11-04 16:36 - 00000000 ____D () C:\Windows Process Explorer
2014-11-04 16:26 - 2014-11-04 16:26 - 00265635 _____ () C:\ProgramData\1415147026.bdinstall.bin
2014-11-04 15:16 - 2014-11-04 17:14 - 00000000 ____D () C:\Users\Darrel\AppData\Local\CrashDumps
2014-11-03 11:31 - 2014-11-03 11:31 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-03 11:31 - 2014-11-03 11:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-03 11:30 - 2014-11-03 11:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-03 11:27 - 2014-11-03 11:29 - 00003092 _____ () C:\Users\Darrel\Desktop\Rkill.txt
2014-11-03 10:50 - 2014-11-03 10:50 - 00031096 _____ () C:\ComboFix.txt
2014-10-29 14:45 - 2014-10-29 14:54 - 00000000 ____D () C:\Process Explorer
2014-10-29 14:31 - 2014-10-29 14:31 - 00000000 ____D () C:\Users\Darrel\AppData\Temp
2014-10-29 14:16 - 2014-10-29 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-10-29 14:06 - 2014-10-29 14:06 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-10-29 14:06 - 2014-10-29 14:06 - 00000385 _____ () C:\Users\Darrel\AppData\Roaminguser_gensett.xml
2014-10-29 14:05 - 2014-10-29 14:18 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-29 14:05 - 2014-10-29 14:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-29 14:05 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-10-29 14:04 - 2013-11-04 14:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-10-29 14:04 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-10-29 14:01 - 2014-11-04 16:27 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-29 14:01 - 2014-11-04 16:25 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-10-29 14:01 - 2014-10-29 14:01 - 00000000 ____D () C:\Users\Darrel\AppData\Roaming\QuickScan
2014-10-29 14:01 - 2013-11-04 14:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-10-29 14:01 - 2013-11-04 14:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-10-29 13:49 - 2014-10-29 13:49 - 06770080 _____ () C:\Users\Darrel\Downloads\bitdefender_isecurity.exe
2014-10-29 10:16 - 2014-11-04 16:13 - 00000000 ____D () C:\Windows\pss
2014-10-29 09:18 - 2014-10-29 09:18 - 00000000 ____D () C:\Users\Darrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2014-10-29 09:18 - 2014-10-29 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2014-10-29 09:18 - 2014-10-29 09:18 - 00000000 ____D () C:\Program Files (x86)\CleanUp!
2014-10-20 09:16 - 2014-10-20 09:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 09:16 - 2014-10-20 09:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 09:16 - 2014-10-20 09:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 09:16 - 2014-10-20 09:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 09:16 - 2014-10-20 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 09:16 - 2014-10-20 09:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 07:46 - 2014-10-20 07:46 - 00344253 _____ () C:\Windows\SysWOW64\symantec traffic log.log
2014-10-16 09:19 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\Darrel\AppData\Roaming\FileZilla Server
2014-10-16 09:16 - 2014-10-20 11:11 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2014-10-16 09:08 - 2014-10-16 09:06 - 02088658 _____ (FileZilla Project) C:\Users\Darrel\Downloads\FileZilla_Server-0_9_47 [1].exe
2014-10-16 08:57 - 2014-10-16 09:06 - 00764912 _____ ( ) C:\Users\Darrel\Downloads\FileZilla_Server-0_9_47.exe
2014-10-15 23:14 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 23:14 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 23:14 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 23:14 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 23:14 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 23:14 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 23:14 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 23:04 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 23:04 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 23:03 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 23:03 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 23:03 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 23:03 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 23:03 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 23:03 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 23:03 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 23:03 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 23:03 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 23:03 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 23:02 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 23:02 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 23:02 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 23:02 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 23:02 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 23:02 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 23:02 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 23:02 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 23:02 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 23:02 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 23:02 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 23:02 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 23:02 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 23:02 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 23:02 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 23:02 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 23:02 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 23:02 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 23:02 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 23:02 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 23:02 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 23:02 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 23:02 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 23:02 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 23:02 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 23:02 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 23:02 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 23:02 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 23:02 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 23:02 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 23:02 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 23:02 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 23:02 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 23:02 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 23:02 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 23:02 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 23:02 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 23:02 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 23:02 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 23:02 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 23:02 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 23:02 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 23:02 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 23:02 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 23:02 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 23:02 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 23:02 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 23:02 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 23:02 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 23:02 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 23:02 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 23:02 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 23:02 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 23:02 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 23:02 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 23:02 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 23:02 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 23:02 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 23:02 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 22:51 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 22:51 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 22:51 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-15 22:51 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-15 22:51 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-15 22:51 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-15 22:51 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-15 22:50 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 22:50 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 22:50 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 22:50 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 22:50 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 22:50 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 22:50 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 22:50 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 22:50 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 22:50 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 22:50 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 22:50 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 22:50 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 22:50 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 22:47 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 22:47 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 06:14 - 2013-12-24 12:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 06:11 - 2013-12-22 20:55 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-06 05:49 - 2013-01-29 06:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 04:49 - 2014-09-14 12:26 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Darrel-PC-Darrel Darrel-PC
2014-11-06 03:46 - 2014-08-18 15:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 22:14 - 2013-12-24 12:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 20:01 - 2013-01-19 18:31 - 00000000 ____D () C:\Quickbooks
2014-11-05 18:38 - 2013-01-29 07:44 - 01121774 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 16:01 - 2013-12-22 17:34 - 00000394 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-05 16:00 - 2013-12-23 14:00 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-11-05 16:00 - 2013-12-22 17:34 - 00003424 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-11-05 01:13 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 01:13 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 20:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-04 19:35 - 2009-07-13 21:13 - 00006880 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 19:29 - 2013-12-24 12:59 - 00000000 ___RD () C:\Users\Darrel\Documents\Google Drive
2014-11-04 19:29 - 2013-01-29 07:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-04 19:29 - 2013-01-29 06:28 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-04 19:29 - 2013-01-29 06:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-04 19:29 - 2013-01-29 06:20 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-11-04 19:29 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 19:29 - 2009-07-13 20:51 - 00077126 _____ () C:\Windows\setupact.log
2014-11-04 19:04 - 2013-12-22 17:32 - 00126432 _____ () C:\Users\Darrel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-04 19:03 - 2013-12-22 17:35 - 00000000 ___RD () C:\Users\Darrel\Virtual Machines
2014-11-04 18:58 - 2009-07-13 20:45 - 00486624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-04 18:57 - 2010-11-20 19:47 - 01119230 _____ () C:\Windows\PFRO.log
2014-11-04 18:52 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-04 18:46 - 2013-12-22 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-04 18:34 - 2013-12-22 21:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-04 18:27 - 2009-07-13 18:34 - 00000513 _____ () C:\Windows\win.ini
2014-11-04 18:20 - 2013-12-22 21:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-04 17:44 - 2013-12-22 20:55 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-11-04 17:34 - 2014-08-18 07:34 - 01204880 _____ () C:\Windows\ntbtlog.txt.bak
2014-11-04 17:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\TAPI
2014-11-04 16:43 - 2014-01-14 21:56 - 00000000 ____D () C:\Windows\Minidump
2014-11-04 16:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-03 10:50 - 2014-08-18 07:39 - 00000000 ____D () C:\Qoobox
2014-11-03 10:50 - 2013-12-22 20:06 - 00000000 ____D () C:\Users\Darrel\AppData\Local\Apps\2.0
2014-11-03 10:49 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-02 14:24 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-02 13:44 - 2014-02-10 19:00 - 00000000 ____D () C:\Program Files (x86)\Scalextric Track Designer
2014-10-31 06:21 - 2014-02-11 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-30 18:01 - 2014-01-02 11:44 - 00002250 ____H () C:\Users\Darrel\Documents\Default.rdp
2014-10-30 15:14 - 2013-12-24 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-29 14:50 - 2014-01-14 21:55 - 1177331984 _____ () C:\Windows\MEMORY.DMP
2014-10-29 09:23 - 2013-01-29 06:21 - 00000000 ____D () C:\Temp
2014-10-28 18:01 - 2013-12-22 17:34 - 00000536 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-28 06:00 - 2013-12-22 17:34 - 00004244 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-28 05:27 - 2014-08-18 15:20 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 05:27 - 2014-08-18 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 05:27 - 2014-08-18 15:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 16:24 - 2014-10-01 13:07 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 14:54 - 2014-08-21 14:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-10-23 06:44 - 2014-08-07 10:14 - 00000000 ____D () C:\ProgramData\X10 Settings
2014-10-22 08:52 - 2014-08-02 13:26 - 00000000 ____D () C:\Users\Darrel\AppData\Roaming\Nitro PDF
2014-10-20 09:18 - 2014-03-19 13:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 09:13 - 2014-06-24 05:47 - 00000000 ____D () C:\Users\Darrel\AppData\Local\Adobe
2014-10-20 09:13 - 2013-01-29 06:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 09:13 - 2013-01-29 06:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 09:13 - 2013-01-29 06:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 08:19 - 2014-04-04 06:44 - 00000000 ____D () C:\Users\Darrel\Documents\Ramona House
2014-10-17 21:09 - 2013-12-24 12:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 21:09 - 2013-12-24 12:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 08:55 - 2013-02-21 17:31 - 00000000 ____D () C:\Users\Darrel\Documents\My Scans
2014-10-15 10:37 - 2013-01-20 18:12 - 00000000 ____D () C:\Users\Darrel\Documents\Slot Car
2014-10-11 14:33 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-08 12:58 - 2013-12-22 17:31 - 00000000 ____D () C:\Users\Darrel

Some content of TEMP:
====================
C:\Users\Darrel\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 00:59

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Darrel at 2014-11-06 06:40:31
Running from C:\Users\Darrel\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AHP version 3.318 (HKLM-x32\...\{7E1B8A7A-AEE1-439B-A61F-56D8C1D4AE6D}_is1) (Version: 3.318 - tuicemen software)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
Alienware Customer Surveys (HKLM-x32\...\{9AAA35D1-B21D-4610-BBAE-18FE2D00C3E0}) (Version: 1.0.5 - Dell Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0051 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Calendar #1 [ENU] (HKLM-x32\...\{11420356-8C63-4B6F-9D6E-B2B5E5E8CC2D}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Caution (HKLM-x32\...\{83640671-5F02-4528-82B4-1F4637699C38}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Doctor's Office #1 [ENU] (HKLM-x32\...\{7ED7C719-8DAA-4B1C-A19C-8C22D7EC1090}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Doctor's Office #2 [ENU] (HKLM-x32\...\{9AF924BE-DC17-4893-9FB9-BA57AFB70CD3}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Eco (HKLM-x32\...\{13967EAF-6FE3-4394-ACAD-326C463FB6D4}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Facility #1 [ENU] (HKLM-x32\...\{7E5902CB-8ED3-4B7C-9FDF-2D7CBFC96512}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Files (HKLM-x32\...\{B9AA72E1-DDB0-4344-9FFA-11545382ECB5}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Office Signage (HKLM-x32\...\{58A7A4BA-AB8F-410F-963D-0BB3E73389F7}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal #3 [ENU] (HKLM-x32\...\{ED13E571-7997-4C44-896D-297C09047B64}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal (HKLM-x32\...\{B24F0BA7-A962-47D2-A4E6-0E3AFCE8D874}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Personal Files [ENU] (HKLM-x32\...\{315CF84A-788E-4C14-8511-58BD81D2CD0E}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail #3 [ENU] (HKLM-x32\...\{395D8D04-902F-44A5-AC57-51CA2377D074}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail #4 [ENU] (HKLM-x32\...\{7B4170CA-3C13-4A4F-97F5-E90E0038E9A4}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Retail (HKLM-x32\...\{CDE0AEA2-2F2F-4894-987F-5BE954E578A8}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Shipping (HKLM-x32\...\{C99C37D6-6ADA-4CDF-971E-46DCB1E743CE}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Spices [ENU] (HKLM-x32\...\{7E891772-627E-4E90-B05F-269390A5279D}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Camera Stream Controller (HKLM-x32\...\Camera Stream Controller) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.5.0.19 - Dell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
dsdminst (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.0.0.2003 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{23d8a06e-f393-465a-adb2-fd9fde978aec}) (Version:  - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4015.2206 - Intuit Inc.)
Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Recover Data for OST to PST (HKLM\...\Recover Data for OST to PST_is1) (Version:  - Recover Data)
Scalextric Track Designer v1.1.2 (HKLM-x32\...\Scalextric Track Designer_is1) (Version:  - A-Lab Software Limited)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SketchUp Viewer (HKLM-x32\...\{A64AADC2-60A3-4502-822B-91E456D5523E}) (Version: 13.0.4812 - Trimble Navigation Limited)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SSDC (HKCU\...\5e2ce37c4574cb64) (Version: 5.8.8.0 - Jackaments Software)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
VIVOTEK ST7501 (HKLM-x32\...\ST7501) (Version: 1.7.7.201 - VIVOTEK, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Password Recovery Tool Standard  (HKLM-x32\...\Windows Password Recovery Tool Standard) (Version:  - Tenorshare, Inc.)
X10 Hardware™ (HKLM-x32\...\X10Hardware) (Version:  - )
X10nets version 3.318 (HKLM-x32\...\{409B1715-3198-499C-B6F2-BE4AA324C2CF}_is1) (Version: 3.318 - X10WTI)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-11-2014 01:43:29 Installed Symantec Endpoint Protection.
05-11-2014 02:12:42 Windows Update
06-11-2014 07:00:25 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-11-03 10:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {057F100D-E6FB-4291-B48F-CB82DC72DCEA} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\AlienAutopsy\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {176984AA-0705-4AAC-9EFE-44AE00973BC5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {23FBAF61-73FD-4977-A2BD-30E6F90D9E6C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {445F6AB2-F2B7-4D64-96FD-79E5C3AF0798} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)
Task: {8D1A61CD-4194-4B81-BEED-B6AA0DD58A3E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {95423B8C-C2C3-4E0A-A98F-A6299365261A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {D4864E82-0582-4A1B-A3D9-DA38D62B6C6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)
Task: {D7E57A3A-6415-4642-86F2-3829F55CFA97} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Darrel-PC-Darrel Darrel-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {DA01FC65-4ACB-490B-BD7A-C6EF39F7EE34} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {DDCFF0C0-D02E-4223-8597-1B38C8029C9E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F43A6ADE-0485-4C8C-A3E3-9F553EECA76C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\AlienAutopsy\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\AlienAutopsy\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-02-13 17:17 - 2013-12-19 10:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-16 13:50 - 2014-09-16 13:50 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-25 01:29 - 2013-10-25 01:29 - 02638848 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSServiceControl.exe
2013-10-25 01:30 - 2013-10-25 01:30 - 00288664 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe
2013-01-29 06:20 - 2012-01-26 19:49 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-10-25 01:30 - 2013-10-25 01:30 - 00783768 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSConfigurationServer.exe
2013-10-25 01:30 - 2013-10-25 01:30 - 00541080 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSStreamingServer.exe
2013-10-25 01:30 - 2013-10-25 01:30 - 01138584 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSRecordingServer.exe
2013-10-25 01:30 - 2013-10-25 01:30 - 00809368 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSQueryServer.exe
2013-10-25 01:30 - 2013-10-25 01:30 - 00548760 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSEventServer.exe
2013-10-25 01:30 - 2013-10-25 01:30 - 00871320 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSBackupServer.exe
2014-09-16 13:50 - 2014-09-16 13:50 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-08-20 10:35 - 2009-08-20 10:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 10:35 - 2009-08-20 10:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 10:35 - 2009-08-20 10:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-06-19 05:09 - 2013-06-19 05:09 - 00128512 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\NetScheduler.dll
2013-06-19 05:10 - 2013-06-19 05:10 - 00093184 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\DBMSI_ODBC.dll
2013-06-19 05:10 - 2013-06-19 05:10 - 00211968 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\DBMSI_PostgreSQL.dll
2013-06-19 05:10 - 2013-06-19 05:10 - 00160256 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\LIBPQ.dll
2013-06-19 05:09 - 2013-06-19 05:09 - 00151552 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\libexpat.dll
2013-10-25 01:18 - 2013-10-25 01:18 - 00699392 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\OpenSSLWrapper.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.dll
2012-06-05 05:56 - 2012-06-05 05:56 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00380744 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00138568 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00400200 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\FeaturesBridge.dll
2013-11-08 05:49 - 2013-11-08 05:49 - 00121672 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\ReportBridge.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00070472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QB2WPFBridge.dll
2013-11-08 05:49 - 2013-11-08 05:49 - 00110920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\Webification.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00083272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\IPDWidgetBridge.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00093512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\IPDWidgetInterop.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00058184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\htmlhelper.dll
2014-11-04 19:29 - 2014-11-04 19:29 - 00098816 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32api.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00110080 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\pywintypes27.dll
2014-11-04 19:29 - 2014-11-04 19:29 - 00364544 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\pythoncom27.dll
2014-11-04 19:29 - 2014-11-04 19:29 - 00045568 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\_socket.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 01160704 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\_ssl.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00320512 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32com.shell.shell.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00713216 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\_hashlib.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 01175040 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._core_.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00805888 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._gdi_.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00811008 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._windows_.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 01062400 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._controls_.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00735232 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._misc_.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00128512 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\_elementtree.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00127488 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\pyexpat.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00557056 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\pysqlite2._sqlite.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00087552 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\_ctypes.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00119808 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32file.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00108544 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32security.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00007168 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\hashobjs_ext.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00167936 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32gui.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00018432 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32event.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00038912 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32inet.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00011264 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32crypt.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00070656 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._html2.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00027136 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\_multiprocessing.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00035840 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32process.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00686080 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\unicodedata.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00122368 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._wizard.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00024064 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32pipe.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00025600 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32pdh.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00525640 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\windows._lib_cacheinvalidation.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00010240 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\select.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00017408 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32profile.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00022528 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\win32ts.pyd
2014-11-04 19:29 - 2014-11-04 19:29 - 00078336 _____ () C:\Users\Darrel\AppData\Local\Temp\_MEI36042\wx._animate.pyd
2014-11-04 19:25 - 2014-11-04 19:25 - 01146984 ____R () C:\Users\Darrel\AppData\Local\Temp\STSFX1991\SmrDll.dll
2013-10-25 01:28 - 2013-10-25 01:28 - 00298496 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VNDPTunnel.dll
2013-10-25 01:13 - 2013-10-25 01:13 - 00058880 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\MessageParser.dll
2013-10-25 01:18 - 2013-10-25 01:18 - 00424448 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\mongoose.dll
2013-06-19 05:07 - 2013-06-19 05:07 - 03915264 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ffmpeg.dll
2013-07-03 01:12 - 2013-07-03 01:12 - 01261056 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\Gaea.dll
2013-10-25 01:18 - 2013-10-25 01:18 - 00057344 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\SocketRelayer.dll
2013-10-25 01:21 - 2013-10-25 01:21 - 01614848 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ConfigurationCmdModule.dll
2013-10-25 01:14 - 2013-10-25 01:14 - 00366080 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\AccountFacade.dll
2013-10-25 01:13 - 2013-10-25 01:13 - 00746496 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\CameraConfig.dll
2013-06-19 04:56 - 2013-06-19 04:56 - 00967680 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\libxml2.dll
2013-06-19 04:56 - 2013-06-19 04:56 - 00059904 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\zlib1.dll
2013-06-19 05:07 - 2013-06-19 05:07 - 00059904 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\DRMControl.dll
2013-06-19 05:07 - 2013-06-19 05:07 - 00087552 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ServerChannelWrapper.dll
2013-06-19 05:07 - 2013-06-19 05:07 - 00381440 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ServerChannel.dll
2013-07-26 00:24 - 2013-07-26 00:24 - 00068608 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\SrvDepResource.dll
2013-10-25 01:16 - 2013-10-25 01:16 - 01163264 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ServerModules.dll
2013-07-05 05:22 - 2013-07-05 05:22 - 00966656 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\DataBroker.dll
2013-10-25 01:19 - 2013-10-25 01:19 - 00138240 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\SDKModules\VIVOTEKCameraSDK.dll
2013-07-26 00:24 - 2013-07-26 00:24 - 00046080 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ServerControllerLoader.DLL
2013-06-19 05:07 - 2013-06-19 05:07 - 00044032 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\ServerUtilityLoader.DLL
2013-10-25 01:27 - 2013-10-25 01:27 - 00819200 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\QTSSModules\QTSSVivotekModule.dll
2013-10-25 01:17 - 2013-10-25 01:17 - 00056832 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\MistRetriever.dll
2013-06-19 05:10 - 2013-06-19 05:10 - 00115712 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\Mario.dll
2013-06-19 05:10 - 2013-06-19 05:10 - 00112128 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\DBMSI_SQLite.dll
2013-06-19 05:10 - 2013-06-19 05:10 - 00612664 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\sqlite3.dll
2013-10-25 01:21 - 2013-10-25 01:21 - 01610240 _____ () C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\EventCmdModule.dll
2014-11-04 19:09 - 2014-11-04 19:09 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\a5bfede4913fbe449324aca2627e3974\PSIClient.ni.dll
2013-12-22 20:45 - 2013-05-14 04:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-25 13:31 - 2014-09-25 13:31 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2014-01-23 14:55 - 2014-01-23 14:55 - 01030312 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3125001501-1962380850-1972986946-500 - Administrator - Disabled)
Darrel (S-1-5-21-3125001501-1962380850-1972986946-1001 - Administrator - Enabled) => C:\Users\Darrel
Guest (S-1-5-21-3125001501-1962380850-1972986946-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: HP Color LaserJet 3800
Description: HP Color LaserJet 3800
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVR0FLASHDev
Description: NVR0FLASHDev
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NVR0FLASHDev
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 01:55:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ComboFix.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (11/06/2014 00:02:35 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:darrel@ru4.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (11/05/2014 11:58:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/05/2014 08:01:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QBCFMonitorService.exe, version: 4.0.5060.8720, time stamp: 0x527cde21
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xe80
Faulting application start time: 0xQBCFMonitorService.exe0
Faulting application path: QBCFMonitorService.exe1
Faulting module path: QBCFMonitorService.exe2
Report Id: QBCFMonitorService.exe3

Error: (11/05/2014 08:01:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: QBCFMonitorService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.File.InternalDelete(System.String, Boolean)
   at System.IO.File.Delete(System.String)
   at Intuit.SBM.DataHelper.CFScan.CFWatcher.DeleteNdFile(System.String)
   at Intuit.SBM.DataHelper.CFScan.CFWatcher.OnDeleted(System.Object, System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.OnDeleted(System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (11/05/2014 07:48:27 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/05/2014 07:48:27 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Quickbooks\DAGS2008R.QBW;ENG=QB_data_engine_22;DBN=0d080d7759da42c99419d23159955588

Error: (11/05/2014 07:48:27 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
Connection Error:Invalid user ID or password

Error: (11/05/2014 01:05:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2014 07:35:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (11/06/2014 06:11:15 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (11/05/2014 08:01:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/04/2014 11:26:57 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15F671A7-6350-4B26-B7E9-289075A12DDA}.
The backup browser is stopping.

Error: (11/04/2014 07:31:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/04/2014 07:29:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVR0FLASHDev service failed to start due to the following error:
%%2

Error: (11/04/2014 07:28:18 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (11/04/2014 07:28:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (11/04/2014 07:03:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/04/2014 07:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVR0FLASHDev service failed to start due to the following error:
%%2

Error: (11/04/2014 07:01:23 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Microsoft Office Sessions:
=========================
Error: (11/06/2014 01:55:44 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ComboFix.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (11/06/2014 00:02:35 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:darrel@ru4.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (11/05/2014 11:58:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (11/05/2014 08:01:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: QBCFMonitorService.exe4.0.5060.8720527cde21KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42de8001cff8a8af6f7565C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Windows\syswow64\KERNELBASE.dllf78de1f7-6504-11e4-9501-d4bed9fd3561

Error: (11/05/2014 08:01:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: QBCFMonitorService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.File.InternalDelete(System.String, Boolean)
   at System.IO.File.Delete(System.String)
   at Intuit.SBM.DataHelper.CFScan.CFWatcher.DeleteNdFile(System.String)
   at Intuit.SBM.DataHelper.CFScan.CFWatcher.OnDeleted(System.Object, System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.OnDeleted(System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (11/05/2014 07:48:27 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2012DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/05/2014 07:48:27 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2012Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Quickbooks\DAGS2008R.QBW;ENG=QB_data_engine_22;DBN=0d080d7759da42c99419d23159955588

Error: (11/05/2014 07:48:27 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2012Connection Error:Invalid user ID or password

Error: (11/05/2014 01:05:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1

Error: (11/04/2014 07:35:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

CodeIntegrity Errors:
===================================
  Date: 2014-11-03 10:48:56.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-03 10:48:56.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-03 10:48:56.177
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-03 10:48:56.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-02 13:28:35.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 17:36:56.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 17:31:10.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 17:24:20.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 16:16:41.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-26 15:05:24.158
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16302.17 MB
Available physical RAM: 11017.23 MB
Total Pagefile: 32602.52 MB
Available Pagefile: 27229.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.44 GB) (Free:769.56 GB) NTFS
Drive e: (Video3) (Fixed) (Total:465.73 GB) (Free:1.99 GB) NTFS
Drive f: (Video1) (Fixed) (Total:465.72 GB) (Free:1.99 GB) NTFS
Drive g: (Video2) (Fixed) (Total:465.73 GB) (Free:2.02 GB) NTFS
Drive h: (Video4) (Fixed) (Total:465.76 GB) (Free:1.99 GB) NTFS
Drive i: (Video5) (Fixed) (Total:1862.98 GB) (Free:126.6 GB) NTFS
Drive n: (My Book) (Fixed) (Total:1862.98 GB) (Free:1162.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 64595D4A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 1EBF09A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 18681867)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 9D47E52F)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: 2C0E2C0D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0B627B72)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 AM

Posted 06 November 2014 - 03:28 PM

Hi,

 

Do you still have any problems? I didn't notice any active malware in the logs above.

 

Ok, it's time to check for leftovers:

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

1.png
2.png

 

 

 

STEP 7

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#5 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 06 November 2014 - 07:15 PM

Looks like your throwing everything at it in shotgun fashion and not trying to specifically eliminate the problem. I'll run these 7 d8ifferent programs you post, but this is not what I expected from this forum.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 AM

Posted 07 November 2014 - 03:22 AM

Hi,

 

I think you misunderstand the way I work, don't you? I need information since both logs above are CLEAN and there is no indication of any active threats. I asked you to scan with multiple scanners to gather information of the current condition of the system and to save time (since there are a lot of users who need help). I know what I am doing and Poweliks is easy to be removed (if it still around we will deal with it)! The tools are not random chosen but very precise selected...

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 07 November 2014 - 03:26 AM.

cXfZ4wS.png


#7 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 07 November 2014 - 06:31 PM

Step 1 complete

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/07/2014 12:05:20 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Darrel\AppData\Local\Apps\2.0\OO37L7B4.JLR\78YLQ0CH.7WP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (PID: 3760) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Empty HKLM\...\Winlogon: [Shell]! Value reset to explorer.exe

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/07/2014 12:05:58 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)

 

Step 2 Complete

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Darrel [Administrator]
Mode : Scan -- Date : 11/07/2014  12:18:53

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 32 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTIOLib_Flash (\??\C:\Users\Darrel\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVR0FLASHDev (\??\C:\Windows\nvflsh64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIOLib_Flash (\??\C:\Users\Darrel\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVR0FLASHDev (\??\C:\Windows\nvflsh64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NTIOLib_Flash (\??\C:\Users\Darrel\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0FLASHDev (\??\C:\Windows\nvflsh64.sys) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49394;https=127.0.0.1:49394  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49394;https=127.0.0.1:49394  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.29.16 209.242.128.101 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.29.16 209.242.128.101 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.29.16 209.242.128.101 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15F671A7-6350-4B26-B7E9-289075A12DDA} | DhcpNameServer : 68.105.29.16 209.242.128.101 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15F671A7-6350-4B26-B7E9-289075A12DDA} | DhcpNameServer : 68.105.29.16 209.242.128.101 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{15F671A7-6350-4B26-B7E9-289075A12DDA} | DhcpNameServer : 68.105.29.16 209.242.128.101 [UNITED STATES (US)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA WDC WD10EZEX-75Z SCSI Disk Device +++++
--- User ---
[MBR] 119599cfc8271c84c879468595277ed7
[BSP] 7ecd62377e8e40b9260b67b610d82484 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA WDC WD5000AAKS-7 SCSI Disk Device +++++
--- User ---
[MBR] df672753ca00ecfc89868ca59ce21485
[BSP] 1af4d28bb70c03811e78e660b7f2fd28 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 476898 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ATA WDC WD5003ABYX-0 SCSI Disk Device +++++
--- User ---
[MBR] e4b942f732c66294b5318f423780c8c6
[BSP] d8da860f528e8bd6aa44e86d40663f0e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 65536 | Size: 476906 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: ATA WDC WD5003ABYX-0 SCSI Disk Device +++++
--- User ---
[MBR] 0beeb417fb59573ba995de8554274e62
[BSP] 63fad3d90a7174bbd85c8e514fa01364 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 65536 | Size: 476906 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: ATA WDC WD5000AAKS-0 SCSI Disk Device +++++
--- User ---
[MBR] efe27bdbcada6434afde3886ea1879c8
[BSP] 055aabd1a92a21dae51e621a8f5ac929 : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive5: WD My Book 1140 USB Device +++++
--- User ---
[MBR] 826c768e1d647d67f8545950a13d16a5
[BSP] 717dd44c70d9301a3f6f6f49130ee44d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: WD My Book 1140 USB Device +++++
--- User ---
[MBR] f25dfa6b0be02883531f09c7cf47359d
[BSP] 0c05dc267faac6f0608b757eacac8ff9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive8: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive9: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive10: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive11: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )



#8 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 07 November 2014 - 06:37 PM

Step 3  Part one Completed 

 

12:20:40.0600 0x44a4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:20:40.0600 0x44a4  UEFI system
12:20:44.0210 0x44a4  ============================================================
12:20:44.0210 0x44a4  Current date / time: 2014/11/07 12:20:44.0210
12:20:44.0210 0x44a4  SystemInfo:
12:20:44.0210 0x44a4
12:20:44.0210 0x44a4  OS Version: 6.1.7601 ServicePack: 1.0
12:20:44.0210 0x44a4  Product type: Workstation
12:20:44.0210 0x44a4  ComputerName: DARREL-PC
12:20:44.0210 0x44a4  UserName: Darrel
12:20:44.0210 0x44a4  Windows directory: C:\Windows
12:20:44.0210 0x44a4  System windows directory: C:\Windows
12:20:44.0210 0x44a4  Running under WOW64
12:20:44.0210 0x44a4  Processor architecture: Intel x64
12:20:44.0210 0x44a4  Number of processors: 8
12:20:44.0210 0x44a4  Page size: 0x1000
12:20:44.0210 0x44a4  Boot type: Normal boot
12:20:44.0210 0x44a4  ============================================================
12:20:46.0090 0x44a4  KLMD registered as C:\Windows\system32\drivers\54788427.sys
12:20:46.0360 0x44a4  System UUID: {F40D7541-4748-4DD5-7BDC-8C77BF0D422D}
12:20:46.0860 0x44a4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:46.0875 0x44a4  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:46.0875 0x44a4  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:46.0875 0x44a4  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:46.0895 0x44a4  Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:20:46.0910 0x44a4  Drive \Device\Harddisk5\DR5 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:20:46.0910 0x44a4  Drive \Device\Harddisk7\DR7 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:20:46.0955 0x44a4  ============================================================
12:20:46.0955 0x44a4  \Device\Harddisk0\DR0:
12:20:46.0955 0x44a4  GPT partitions:
12:20:46.0975 0x44a4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {8E0724B6-4E56-4583-9D07-7C6A9ED80A08}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
12:20:46.0975 0x44a4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {B45034B3-21D2-4516-8F1B-FF2F11D06E28}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x14000
12:20:46.0975 0x44a4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A350EEF1-0C47-409B-99D4-98BA04AE034F}, Name: Microsoft reserved partition, StartLBA 0xAA800, BlocksNum 0x40000
12:20:46.0975 0x44a4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9C976EC9-0964-4F98-B64D-8AC24DBF19C0}, Name: Basic data partition, StartLBA 0xEA800, BlocksNum 0x213B000
12:20:46.0975 0x44a4  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {258B8EDC-10ED-4887-966B-553BFBA7DED9}, Name: Basic data partition, StartLBA 0x2225800, BlocksNum 0x724E1000
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk1\DR1:
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3A371000
12:20:46.0975 0x44a4  \Device\Harddisk2\DR2:
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x10000, BlocksNum 0x3A375000
12:20:46.0975 0x44a4  \Device\Harddisk3\DR3:
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x10000, BlocksNum 0x3A375000
12:20:46.0975 0x44a4  \Device\Harddisk4\DR4:
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
12:20:46.0975 0x44a4  \Device\Harddisk5\DR5:
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
12:20:46.0975 0x44a4  \Device\Harddisk7\DR7:
12:20:46.0975 0x44a4  MBR partitions:
12:20:46.0975 0x44a4  \Device\Harddisk7\DR7\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
12:20:46.0975 0x44a4  ============================================================
12:20:47.0005 0x44a4  C: <-> \Device\Harddisk0\DR0\Partition5
12:20:47.0020 0x44a4  H: <-> \Device\Harddisk4\DR4\Partition1
12:20:47.0055 0x44a4  F: <-> \Device\Harddisk1\DR1\Partition1
12:20:47.0065 0x44a4  E: <-> \Device\Harddisk2\DR2\Partition1
12:20:47.0085 0x44a4  G: <-> \Device\Harddisk3\DR3\Partition1
12:20:47.0100 0x44a4  N: <-> \Device\Harddisk5\DR5\Partition1
12:20:47.0105 0x44a4  I: <-> \Device\Harddisk7\DR7\Partition1
12:20:47.0105 0x44a4  ============================================================
12:20:47.0105 0x44a4  Initialize success
12:20:47.0105 0x44a4  ============================================================
12:21:10.0420 0x20a0  KLMD registered as C:\Windows\system32\drivers\68082312.sys
12:21:11.0585 0x20a0  Deinitialize success

12:40:06.0236 0x0b94  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:40:06.0236 0x0b94  UEFI system
12:40:06.0771 0x0b94  ============================================================
12:40:06.0771 0x0b94  Current date / time: 2014/11/07 12:40:06.0771
12:40:06.0771 0x0b94  SystemInfo:
12:40:06.0771 0x0b94
12:40:06.0771 0x0b94  OS Version: 6.1.7601 ServicePack: 1.0
12:40:06.0771 0x0b94  Product type: Workstation
12:40:06.0771 0x0b94  ComputerName: DARREL-PC
12:40:06.0771 0x0b94  UserName: Darrel
12:40:06.0771 0x0b94  Windows directory: C:\Windows
12:40:06.0771 0x0b94  System windows directory: C:\Windows
12:40:06.0771 0x0b94  Running under WOW64
12:40:06.0771 0x0b94  Processor architecture: Intel x64
12:40:06.0771 0x0b94  Number of processors: 8
12:40:06.0771 0x0b94  Page size: 0x1000
12:40:06.0771 0x0b94  Boot type: Normal boot
12:40:06.0771 0x0b94  ============================================================
12:40:06.0771 0x0b94  BG loaded
12:40:07.0451 0x0b94  System UUID: {F40D7541-4748-4DD5-7BDC-8C77BF0D422D}
12:40:08.0364 0x0b94  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:40:08.0384 0x0b94  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:40:08.0384 0x0b94  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:40:08.0384 0x0b94  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:40:08.0389 0x0b94  Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:40:08.0399 0x0b94  Drive \Device\Harddisk5\DR5 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:40:08.0439 0x0b94  Drive \Device\Harddisk6\DR6 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:40:08.0459 0x0b94  ============================================================
12:40:08.0459 0x0b94  \Device\Harddisk0\DR0:
12:40:08.0459 0x0b94  GPT partitions:
12:40:08.0589 0x0b94  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {8E0724B6-4E56-4583-9D07-7C6A9ED80A08}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
12:40:08.0589 0x0b94  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {B45034B3-21D2-4516-8F1B-FF2F11D06E28}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x14000
12:40:08.0589 0x0b94  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A350EEF1-0C47-409B-99D4-98BA04AE034F}, Name: Microsoft reserved partition, StartLBA 0xAA800, BlocksNum 0x40000
12:40:08.0589 0x0b94  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9C976EC9-0964-4F98-B64D-8AC24DBF19C0}, Name: Basic data partition, StartLBA 0xEA800, BlocksNum 0x213B000
12:40:08.0589 0x0b94  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {258B8EDC-10ED-4887-966B-553BFBA7DED9}, Name: Basic data partition, StartLBA 0x2225800, BlocksNum 0x724E1000
12:40:08.0589 0x0b94  MBR partitions:
12:40:08.0589 0x0b94  \Device\Harddisk1\DR1:
12:40:08.0589 0x0b94  MBR partitions:
12:40:08.0589 0x0b94  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3A371000
12:40:08.0589 0x0b94  \Device\Harddisk2\DR2:
12:40:08.0589 0x0b94  MBR partitions:
12:40:08.0589 0x0b94  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x10000, BlocksNum 0x3A375000
12:40:08.0599 0x0b94  \Device\Harddisk3\DR3:
12:40:08.0599 0x0b94  MBR partitions:
12:40:08.0599 0x0b94  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x10000, BlocksNum 0x3A375000
12:40:08.0599 0x0b94  \Device\Harddisk4\DR4:
12:40:08.0599 0x0b94  MBR partitions:
12:40:08.0599 0x0b94  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
12:40:08.0599 0x0b94  \Device\Harddisk5\DR5:
12:40:08.0599 0x0b94  MBR partitions:
12:40:08.0599 0x0b94  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
12:40:08.0599 0x0b94  \Device\Harddisk6\DR6:
12:40:08.0599 0x0b94  MBR partitions:
12:40:08.0599 0x0b94  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
12:40:08.0599 0x0b94  ============================================================
12:40:08.0694 0x0b94  C: <-> \Device\Harddisk0\DR0\Partition5
12:40:08.0699 0x0b94  H: <-> \Device\Harddisk4\DR4\Partition1
12:40:08.0709 0x0b94  F: <-> \Device\Harddisk1\DR1\Partition1
12:40:08.0724 0x0b94  E: <-> \Device\Harddisk2\DR2\Partition1
12:40:08.0744 0x0b94  G: <-> \Device\Harddisk3\DR3\Partition1
12:40:08.0769 0x0b94  N: <-> \Device\Harddisk5\DR5\Partition1
12:40:08.0774 0x0b94  I: <-> \Device\Harddisk6\DR6\Partition1
12:40:08.0774 0x0b94  ============================================================
12:40:08.0774 0x0b94  Initialize success
12:40:08.0774 0x0b94  ============================================================
12:40:18.0829 0x2108  ============================================================
12:40:18.0829 0x2108  Scan started
12:40:18.0829 0x2108  Mode: Manual; SigCheck; TDLFS;
12:40:18.0829 0x2108  ============================================================
12:40:18.0829 0x2108  KSN ping started
12:40:21.0284 0x2108  KSN ping finished: true
12:40:33.0374 0x2108  ================ Scan system memory ========================
12:40:33.0374 0x2108  System memory - ok
12:40:33.0374 0x2108  ================ Scan services =============================
12:40:33.0464 0x2108  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:40:33.0649 0x2108  1394ohci - ok
12:40:33.0664 0x2108  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:40:33.0684 0x2108  ACPI - ok
12:40:33.0689 0x2108  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:40:33.0719 0x2108  AcpiPmi - ok
12:40:33.0794 0x2108  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:40:33.0809 0x2108  AdobeARMservice - ok
12:40:33.0864 0x2108  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:40:33.0884 0x2108  AdobeFlashPlayerUpdateSvc - ok
12:40:33.0904 0x2108  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:40:33.0929 0x2108  adp94xx - ok
12:40:33.0954 0x2108  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:40:33.0974 0x2108  adpahci - ok
12:40:33.0994 0x2108  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:40:34.0004 0x2108  adpu320 - ok
12:40:34.0024 0x2108  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:40:34.0059 0x2108  AeLookupSvc - ok
12:40:34.0109 0x2108  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
12:40:34.0119 0x2108  AERTFilters - ok
12:40:34.0144 0x2108  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:40:34.0189 0x2108  AFD - ok
12:40:34.0204 0x2108  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:40:34.0214 0x2108  agp440 - ok
12:40:34.0229 0x2108  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:40:34.0279 0x2108  ALG - ok
12:40:34.0309 0x2108  [ 6E3300EC67EDB3485D96E81CED73089A, 6463F088894E07611438F4B330C4EF44BA8137BD849FAAC5B54653B200A52B50 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
12:40:34.0314 0x2108  AlienFusionService - ok
12:40:34.0329 0x2108  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:40:34.0339 0x2108  aliide - ok
12:40:34.0349 0x2108  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:40:34.0359 0x2108  amdide - ok
12:40:34.0369 0x2108  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:40:34.0379 0x2108  AmdK8 - ok
12:40:34.0389 0x2108  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:40:34.0424 0x2108  AmdPPM - ok
12:40:34.0434 0x2108  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:40:34.0449 0x2108  amdsata - ok
12:40:34.0459 0x2108  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:40:34.0474 0x2108  amdsbs - ok
12:40:34.0484 0x2108  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:40:34.0489 0x2108  amdxata - ok
12:40:34.0509 0x2108  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:40:34.0534 0x2108  AppID - ok
12:40:34.0544 0x2108  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:40:34.0584 0x2108  AppIDSvc - ok
12:40:34.0609 0x2108  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:40:34.0634 0x2108  Appinfo - ok
12:40:34.0649 0x2108  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:40:34.0689 0x2108  AppMgmt - ok
12:40:34.0704 0x2108  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:40:34.0714 0x2108  arc - ok
12:40:34.0724 0x2108  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:40:34.0734 0x2108  arcsas - ok
12:40:34.0794 0x2108  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:40:34.0829 0x2108  aspnet_state - ok
12:40:34.0849 0x2108  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:34.0889 0x2108  AsyncMac - ok
12:40:34.0924 0x2108  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:40:34.0929 0x2108  atapi - ok
12:40:34.0954 0x2108  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:40:35.0009 0x2108  AudioEndpointBuilder - ok
12:40:35.0034 0x2108  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:40:35.0074 0x2108  AudioSrv - ok
12:40:35.0089 0x2108  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:40:35.0154 0x2108  AxInstSV - ok
12:40:35.0179 0x2108  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:40:35.0289 0x2108  b06bdrv - ok
12:40:35.0304 0x2108  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:40:35.0334 0x2108  b57nd60a - ok
12:40:35.0354 0x2108  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:40:35.0394 0x2108  BDESVC - ok
12:40:35.0399 0x2108  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:40:35.0439 0x2108  Beep - ok
12:40:35.0469 0x2108  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:40:35.0509 0x2108  BFE - ok
12:40:35.0674 0x2108  [ B20C7345F7EAD6C5E3EFA52E044411B6, 63DC57908D77B77907A278AD219240AEDD502272D5D3D35D5339172CDE36DA86 ] BHDrvx64        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys
12:40:35.0739 0x2108  BHDrvx64 - ok
12:40:35.0774 0x2108  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
12:40:35.0809 0x2108  BITS - ok
12:40:35.0819 0x2108  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:40:35.0834 0x2108  blbdrive - ok
12:40:35.0854 0x2108  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:40:35.0879 0x2108  bowser - ok
12:40:35.0959 0x2108  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:40:35.0974 0x2108  BrFiltLo - ok
12:40:35.0984 0x2108  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:40:35.0994 0x2108  BrFiltUp - ok
12:40:36.0074 0x2108  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:40:36.0119 0x2108  BridgeMP - ok
12:40:36.0184 0x2108  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:40:36.0229 0x2108  Browser - ok
12:40:36.0289 0x2108  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:40:36.0349 0x2108  Brserid - ok
12:40:36.0364 0x2108  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:40:36.0409 0x2108  BrSerWdm - ok
12:40:36.0429 0x2108  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:40:36.0439 0x2108  BrUsbMdm - ok
12:40:36.0449 0x2108  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:40:36.0494 0x2108  BrUsbSer - ok
12:40:36.0519 0x2108  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:40:36.0544 0x2108  BTHMODEM - ok
12:40:36.0564 0x2108  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:40:36.0614 0x2108  bthserv - ok
12:40:36.0614 0x2108  catchme - ok
12:40:36.0674 0x2108  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279} C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys
12:40:36.0684 0x2108  ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279} - ok
12:40:36.0694 0x2108  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:40:36.0719 0x2108  cdfs - ok
12:40:36.0739 0x2108  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:40:36.0754 0x2108  cdrom - ok
12:40:36.0764 0x2108  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:40:36.0799 0x2108  CertPropSvc - ok
12:40:36.0814 0x2108  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:40:36.0829 0x2108  circlass - ok
12:40:36.0844 0x2108  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:40:36.0854 0x2108  CLFS - ok
12:40:36.0904 0x2108  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:40:36.0914 0x2108  clr_optimization_v2.0.50727_32 - ok
12:40:36.0934 0x2108  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:40:36.0944 0x2108  clr_optimization_v2.0.50727_64 - ok
12:40:36.0989 0x2108  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:40:37.0024 0x2108  clr_optimization_v4.0.30319_32 - ok
12:40:37.0034 0x2108  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:40:37.0064 0x2108  clr_optimization_v4.0.30319_64 - ok
12:40:37.0074 0x2108  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:40:37.0099 0x2108  CmBatt - ok
12:40:37.0119 0x2108  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:40:37.0129 0x2108  cmdide - ok
12:40:37.0154 0x2108  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:40:37.0174 0x2108  CNG - ok
12:40:37.0184 0x2108  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:40:37.0189 0x2108  Compbatt - ok
12:40:37.0234 0x2108  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:40:37.0264 0x2108  CompositeBus - ok
12:40:37.0264 0x2108  COMSysApp - ok
12:40:37.0269 0x2108  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:40:37.0279 0x2108  crcdisk - ok
12:40:37.0319 0x2108  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:40:37.0334 0x2108  CryptSvc - ok
12:40:37.0359 0x2108  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:40:37.0429 0x2108  CSC - ok
12:40:37.0454 0x2108  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:40:37.0494 0x2108  CscService - ok
12:40:37.0519 0x2108  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:40:37.0574 0x2108  DcomLaunch - ok
12:40:37.0594 0x2108  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:40:37.0624 0x2108  defragsvc - ok
12:40:37.0629 0x2108  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:40:37.0669 0x2108  DfsC - ok
12:40:37.0699 0x2108  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:40:37.0734 0x2108  Dhcp - ok
12:40:37.0744 0x2108  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:40:37.0784 0x2108  discache - ok
12:40:37.0799 0x2108  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:40:37.0809 0x2108  Disk - ok
12:40:37.0814 0x2108  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:40:37.0859 0x2108  dmvsc - ok
12:40:37.0874 0x2108  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:40:37.0914 0x2108  Dnscache - ok
12:40:37.0929 0x2108  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:40:37.0959 0x2108  dot3svc - ok
12:40:37.0994 0x2108  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:40:38.0019 0x2108  Dot4 - ok
12:40:38.0049 0x2108  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:40:38.0064 0x2108  Dot4Print - ok
12:40:38.0074 0x2108  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:40:38.0104 0x2108  dot4usb - ok
12:40:38.0119 0x2108  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:40:38.0159 0x2108  DPS - ok
12:40:38.0179 0x2108  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:40:38.0199 0x2108  drmkaud - ok
12:40:38.0244 0x2108  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:40:38.0289 0x2108  DXGKrnl - ok
12:40:38.0304 0x2108  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:40:38.0344 0x2108  EapHost - ok
12:40:38.0424 0x2108  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:40:38.0529 0x2108  ebdrv - ok
12:40:38.0589 0x2108  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:40:38.0604 0x2108  eeCtrl - ok
12:40:38.0624 0x2108  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
12:40:38.0664 0x2108  EFS - ok
12:40:38.0704 0x2108  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:40:38.0764 0x2108  ehRecvr - ok
12:40:38.0784 0x2108  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:40:38.0794 0x2108  ehSched - ok
12:40:38.0819 0x2108  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:40:38.0834 0x2108  elxstor - ok
12:40:38.0879 0x2108  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:40:38.0889 0x2108  EraserUtilRebootDrv - ok
12:40:38.0904 0x2108  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:40:38.0924 0x2108  ErrDev - ok
12:40:38.0949 0x2108  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:40:38.0979 0x2108  EventSystem - ok
12:40:38.0999 0x2108  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:40:39.0024 0x2108  exfat - ok
12:40:39.0044 0x2108  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:40:39.0089 0x2108  fastfat - ok
12:40:39.0124 0x2108  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:40:39.0179 0x2108  Fax - ok
12:40:39.0189 0x2108  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:40:39.0254 0x2108  fdc - ok
12:40:39.0279 0x2108  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:40:39.0319 0x2108  fdPHost - ok
12:40:39.0339 0x2108  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:40:39.0374 0x2108  FDResPub - ok
12:40:39.0399 0x2108  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:40:39.0409 0x2108  FileInfo - ok
12:40:39.0419 0x2108  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:40:39.0444 0x2108  Filetrace - ok
12:40:39.0474 0x2108  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:40:39.0484 0x2108  flpydisk - ok
12:40:39.0499 0x2108  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:40:39.0514 0x2108  FltMgr - ok
12:40:39.0559 0x2108  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:40:39.0594 0x2108  FontCache - ok
12:40:39.0639 0x2108  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:40:39.0649 0x2108  FontCache3.0.0.0 - ok
12:40:39.0654 0x2108  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:40:39.0664 0x2108  FsDepends - ok
12:40:39.0674 0x2108  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:40:39.0684 0x2108  Fs_Rec - ok
12:40:39.0704 0x2108  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:40:39.0749 0x2108  fvevol - ok
12:40:39.0764 0x2108  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:40:39.0774 0x2108  gagp30kx - ok
12:40:39.0804 0x2108  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:40:39.0844 0x2108  gpsvc - ok
12:40:39.0879 0x2108  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:40:39.0894 0x2108  gupdate - ok
12:40:39.0899 0x2108  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:40:39.0909 0x2108  gupdatem - ok
12:40:39.0919 0x2108  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:40:39.0979 0x2108  hcw85cir - ok
12:40:39.0994 0x2108  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:40:40.0009 0x2108  HDAudBus - ok
12:40:40.0019 0x2108  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:40:40.0044 0x2108  HidBatt - ok
12:40:40.0059 0x2108  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:40:40.0089 0x2108  HidBth - ok
12:40:40.0104 0x2108  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:40:40.0114 0x2108  HidIr - ok
12:40:40.0119 0x2108  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
12:40:40.0159 0x2108  hidserv - ok
12:40:40.0189 0x2108  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:40:40.0199 0x2108  HidUsb - ok
12:40:40.0219 0x2108  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:40:40.0259 0x2108  hkmsvc - ok
12:40:40.0279 0x2108  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:40:40.0294 0x2108  HomeGroupListener - ok
12:40:40.0309 0x2108  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:40:40.0339 0x2108  HomeGroupProvider - ok
12:40:40.0434 0x2108  [ 97AAC45A375168C6A2297BEEB9692E31, 9C7285988D0C5DE8E3608F4E9F50A5C9398FFD0DA0F4C965C953859001FC76C8 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:40:40.0449 0x2108  hpqcxs08 - ok
12:40:40.0469 0x2108  [ 19A4FB67B1C97EA18EDFF44340973CD9, F1B6A7C1E450FF9A1D10F315F17D42DFE8390E88FF1AED4DE35237C4B81FC81D ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:40:40.0479 0x2108  hpqddsvc - ok
12:40:40.0489 0x2108  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:40:40.0499 0x2108  HpSAMD - ok
12:40:40.0524 0x2108  [ 1BE48B0542C91487BB8A94BF2278F55D, B6081FD1E8BB95B2D5369A814EE80FCE36A8190CD00FD90D65339CB4C54E1AFD ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:40:40.0549 0x2108  HPSLPSVC - ok
12:40:40.0569 0x2108  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:40:40.0624 0x2108  HTTP - ok
12:40:40.0639 0x2108  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:40:40.0649 0x2108  hwpolicy - ok
12:40:40.0664 0x2108  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:40:40.0684 0x2108  i8042prt - ok
12:40:40.0714 0x2108  [ BC14E2C46AECD17D22D3356CA0A2DD4B, B325BC739019AEE9BA787BD936A660439CA861F84A3289788ADB2DD7756F632B ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
12:40:40.0729 0x2108  iaStorA - ok
12:40:40.0769 0x2108  [ 10F228CC634E74B47FD48FDBFE0126D9, 1A761E43C4ABFCBDBD4CC1CA5630408DBFF470208E09D4A388B3B5B16CE677D1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
12:40:40.0789 0x2108  IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:40:43.0669 0x2108  Detect skipped due to KSN trusted
12:40:43.0669 0x2108  IAStorDataMgrSvc - ok
12:40:43.0669 0x2108  [ 0475F003D7F3A949CA5BFC56C6B1DF43, 45A586407FF543DC4135E9601D647287A0355E0D0AF9E244C6B23CE7729EF6BD ] iaStorF         C:\Windows\system32\drivers\iaStorF.sys
12:40:43.0679 0x2108  iaStorF - ok
12:40:43.0694 0x2108  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:40:43.0709 0x2108  iaStorV - ok
12:40:43.0769 0x2108  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:40:43.0794 0x2108  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:40:46.0574 0x2108  Detect skipped due to KSN trusted
12:40:46.0574 0x2108  IDriverT - ok
12:40:46.0614 0x2108  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:40:46.0639 0x2108  idsvc - ok
12:40:46.0684 0x2108  [ 47D561365913893120FC651419745FDA, B1D61C40A2EA1CF2440FF8C154C085600B2E6B68F4376B4D33B5AC1E87D9181E ] IDSVia64        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141106.011\IDSvia64.sys
12:40:46.0709 0x2108  IDSVia64 - ok
12:40:46.0714 0x2108  IEEtwCollectorService - ok
12:40:46.0724 0x2108  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:40:46.0729 0x2108  iirsp - ok
12:40:46.0769 0x2108  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:40:46.0804 0x2108  IKEEXT - ok
12:40:46.0879 0x2108  [ ABA41EE6F5EEFC034F3BBD025506B37E, 06751C79C4390555292FAB994B7D4CB8B55DDF0846D0CC8900215A65758332EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:40:46.0954 0x2108  IntcAzAudAddService - ok
12:40:47.0074 0x2108  [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:40:47.0114 0x2108  Intel® Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
12:40:49.0884 0x2108  Detect skipped due to KSN trusted
12:40:49.0884 0x2108  Intel® Capability Licensing Service Interface - ok
12:40:49.0914 0x2108  [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
12:40:49.0934 0x2108  Intel® Capability Licensing Service TCP IP Interface - ok
12:40:49.0959 0x2108  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:40:49.0969 0x2108  intelide - ok
12:40:49.0994 0x2108  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:40:50.0004 0x2108  intelppm - ok
12:40:50.0019 0x2108  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:40:50.0059 0x2108  IPBusEnum - ok
12:40:50.0074 0x2108  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:40:50.0119 0x2108  IpFilterDriver - ok
12:40:50.0144 0x2108  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:40:50.0164 0x2108  iphlpsvc - ok
12:40:50.0179 0x2108  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:40:50.0209 0x2108  IPMIDRV - ok
12:40:50.0224 0x2108  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:40:50.0274 0x2108  IPNAT - ok
12:40:50.0294 0x2108  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:40:50.0304 0x2108  IRENUM - ok
12:40:50.0314 0x2108  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:40:50.0324 0x2108  isapnp - ok
12:40:50.0344 0x2108  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:40:50.0359 0x2108  iScsiPrt - ok
12:40:50.0419 0x2108  [ 924019BC58FEDDE04A08C45EC1CF1847, F18C581FE5C25C5BE4514185AD44C561EB715B98AFBE81EF0D673E103EA8E8EE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
12:40:50.0429 0x2108  jhi_service - ok
12:40:50.0449 0x2108  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:40:50.0459 0x2108  kbdclass - ok
12:40:50.0469 0x2108  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:40:50.0479 0x2108  kbdhid - ok
12:40:50.0484 0x2108  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:40:50.0494 0x2108  KeyIso - ok
12:40:50.0514 0x2108  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:40:50.0524 0x2108  KSecDD - ok
12:40:50.0534 0x2108  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:40:50.0549 0x2108  KSecPkg - ok
12:40:50.0554 0x2108  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:40:50.0579 0x2108  ksthunk - ok
12:40:50.0604 0x2108  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:40:50.0644 0x2108  KtmRm - ok
12:40:50.0659 0x2108  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:40:50.0689 0x2108  LanmanServer - ok
12:40:50.0699 0x2108  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:40:50.0724 0x2108  LanmanWorkstation - ok
12:40:50.0754 0x2108  [ 2238B91AC1A12CC6CC4C4FED41258B2A, 11DEBFAC8D6B23415928C635981E3378DE7C1F361F2B7A1390D86B0D782C22C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:40:50.0759 0x2108  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
12:40:53.0419 0x2108  Detect skipped due to KSN trusted
12:40:53.0419 0x2108  LightScribeService - ok
12:40:53.0639 0x2108  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:40:53.0749 0x2108  lltdio - ok
12:40:53.0779 0x2108  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:40:53.0809 0x2108  lltdsvc - ok
12:40:53.0819 0x2108  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:40:53.0844 0x2108  lmhosts - ok
12:40:53.0879 0x2108  [ DFDA113036AABEA0525700925E984F50, DE43EA4E151CD0E7CE052BCF3C5E2EA5296BB15851964EB0059FBA00A4144E6A ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:40:53.0894 0x2108  LMS - ok
12:40:53.0929 0x2108  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:40:53.0939 0x2108  LSI_FC - ok
12:40:53.0949 0x2108  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:40:53.0959 0x2108  LSI_SAS - ok
12:40:53.0964 0x2108  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:40:53.0974 0x2108  LSI_SAS2 - ok
12:40:53.0989 0x2108  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:40:53.0999 0x2108  LSI_SCSI - ok
12:40:54.0014 0x2108  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:40:54.0044 0x2108  luafv - ok
12:40:54.0059 0x2108  [ D3311B31C470E7681B14D9B014CBF9ED, 8F7053B92E0354D779988ABDADA265C102F13FD56F825054F21721BA36A15EA8 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
12:40:54.0069 0x2108  mbamchameleon - ok
12:40:54.0109 0x2108  [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:40:54.0114 0x2108  MBAMProtector - ok
12:40:54.0194 0x2108  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
12:40:54.0234 0x2108  MBAMScheduler - ok
12:40:54.0259 0x2108  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
12:40:54.0279 0x2108  MBAMService - ok
12:40:54.0304 0x2108  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:40:54.0314 0x2108  MBAMSwissArmy - ok
12:40:54.0334 0x2108  [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:40:54.0344 0x2108  MBAMWebAccessControl - ok
12:40:54.0349 0x2108  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:40:54.0359 0x2108  Mcx2Svc - ok
12:40:54.0374 0x2108  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:40:54.0379 0x2108  megasas - ok
12:40:54.0394 0x2108  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:40:54.0409 0x2108  MegaSR - ok
12:40:54.0414 0x2108  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:40:54.0424 0x2108  MEIx64 - ok
12:40:54.0429 0x2108  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:40:54.0479 0x2108  MMCSS - ok
12:40:54.0499 0x2108  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:40:54.0524 0x2108  Modem - ok
12:40:54.0549 0x2108  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:40:54.0584 0x2108  monitor - ok
12:40:54.0599 0x2108  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:40:54.0604 0x2108  mouclass - ok
12:40:54.0614 0x2108  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:40:54.0639 0x2108  mouhid - ok
12:40:54.0654 0x2108  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:40:54.0664 0x2108  mountmgr - ok
12:40:54.0669 0x2108  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:40:54.0684 0x2108  mpio - ok
12:40:54.0694 0x2108  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:40:54.0719 0x2108  mpsdrv - ok
12:40:54.0744 0x2108  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:40:54.0794 0x2108  MpsSvc - ok
12:40:54.0819 0x2108  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:40:54.0844 0x2108  MRxDAV - ok
12:40:54.0859 0x2108  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:40:54.0869 0x2108  mrxsmb - ok
12:40:54.0884 0x2108  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:40:54.0899 0x2108  mrxsmb10 - ok
12:40:54.0909 0x2108  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:40:54.0934 0x2108  mrxsmb20 - ok
12:40:54.0949 0x2108  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:40:54.0959 0x2108  msahci - ok
12:40:54.0974 0x2108  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:40:54.0989 0x2108  msdsm - ok
12:40:55.0004 0x2108  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:40:55.0019 0x2108  MSDTC - ok
12:40:55.0044 0x2108  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:40:55.0069 0x2108  Msfs - ok
12:40:55.0079 0x2108  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:40:55.0104 0x2108  mshidkmdf - ok
12:40:55.0109 0x2108  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:40:55.0119 0x2108  msisadrv - ok
12:40:55.0144 0x2108  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:40:55.0174 0x2108  MSiSCSI - ok
12:40:55.0174 0x2108  msiserver - ok
12:40:55.0194 0x2108  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:40:55.0269 0x2108  MSKSSRV - ok
12:40:55.0294 0x2108  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:40:55.0329 0x2108  MSPCLOCK - ok
12:40:55.0439 0x2108  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:40:55.0489 0x2108  MSPQM - ok
12:40:55.0514 0x2108  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:40:55.0529 0x2108  MsRPC - ok
12:40:55.0569 0x2108  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:40:55.0579 0x2108  mssmbios - ok
12:40:55.0654 0x2108  MSSQLSERVER - ok
12:40:55.0689 0x2108  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:40:55.0714 0x2108  MSSQLServerADHelper - ok
12:40:55.0724 0x2108  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:40:55.0749 0x2108  MSTEE - ok
12:40:55.0764 0x2108  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:40:55.0774 0x2108  MTConfig - ok
12:40:55.0789 0x2108  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:40:55.0799 0x2108  Mup - ok
12:40:55.0814 0x2108  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:40:55.0859 0x2108  napagent - ok
12:40:55.0889 0x2108  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:40:55.0909 0x2108  NativeWifiP - ok
12:40:55.0994 0x2108  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141107.002\ENG64.SYS
12:40:56.0009 0x2108  NAVENG - ok
12:40:56.0064 0x2108  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141107.002\EX64.SYS
12:40:56.0129 0x2108  NAVEX15 - ok
12:40:56.0159 0x2108  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:40:56.0179 0x2108  NDIS - ok
12:40:56.0199 0x2108  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:40:56.0224 0x2108  NdisCap - ok
12:40:56.0234 0x2108  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:40:56.0259 0x2108  NdisTapi - ok
12:40:56.0269 0x2108  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:40:56.0304 0x2108  Ndisuio - ok
12:40:56.0319 0x2108  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:40:56.0364 0x2108  NdisWan - ok
12:40:56.0379 0x2108  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:40:56.0404 0x2108  NDProxy - ok
12:40:56.0464 0x2108  [ B90E093E7A7250906F1054418B5339C0, F9A0BAC5B4B29F14B5CACA1047F8928A495EFD56E485492BF71C856B296476D6 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:40:56.0484 0x2108  Nero BackItUp Scheduler 4.0 - ok
12:40:56.0519 0x2108  [ DC6530A291D4BDF6DF399F1F128E7F8F, 85123D802063383646EEBC60F4ABBCDBA2AE3180E99A8A99C024B1EBB0C6690E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:40:56.0539 0x2108  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
12:40:59.0819 0x2108  Detect skipped due to KSN trusted
12:40:59.0819 0x2108  Net Driver HPZ12 - ok
12:40:59.0844 0x2108  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:40:59.0869 0x2108  NetBIOS - ok
12:40:59.0879 0x2108  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:40:59.0909 0x2108  NetBT - ok
12:40:59.0914 0x2108  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:40:59.0924 0x2108  Netlogon - ok
12:40:59.0944 0x2108  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:40:59.0974 0x2108  Netman - ok
 



#9 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 07 November 2014 - 06:40 PM

Step 3 Part 2

12:41:00.0014 0x2108  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:00.0034 0x2108  NetMsmqActivator - ok
12:41:00.0034 0x2108  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:00.0049 0x2108  NetPipeActivator - ok
12:41:00.0064 0x2108  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:41:00.0109 0x2108  netprofm - ok
12:41:00.0114 0x2108  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:00.0124 0x2108  NetTcpActivator - ok
12:41:00.0129 0x2108  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:00.0139 0x2108  NetTcpPortSharing - ok
12:41:00.0169 0x2108  [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
12:41:00.0204 0x2108  netvsc - ok
12:41:00.0229 0x2108  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:41:00.0234 0x2108  nfrd960 - ok
12:41:00.0304 0x2108  [ 91CE3F9C53AB08ADAFBAAE443BA0AD1A, 33FC0D2D843EFFC602617789D2ED2342F5E830F06A7D33E5F281F0D129B66F83 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
12:41:00.0319 0x2108  NitroReaderDriverReadSpool3 - ok
12:41:00.0334 0x2108  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:41:00.0359 0x2108  NlaSvc - ok
12:41:00.0374 0x2108  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:41:00.0399 0x2108  Npfs - ok
12:41:00.0414 0x2108  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:41:00.0444 0x2108  nsi - ok
12:41:00.0464 0x2108  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:41:00.0489 0x2108  nsiproxy - ok
12:41:00.0539 0x2108  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:41:00.0594 0x2108  Ntfs - ok
12:41:00.0624 0x2108  NTIOLib_Flash - ok
12:41:00.0644 0x2108  nTuneService - ok
12:41:00.0644 0x2108  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:41:00.0669 0x2108  Null - ok
12:41:00.0679 0x2108  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:41:00.0689 0x2108  NVHDA - ok
12:41:00.0959 0x2108  [ 0218E1CE8F7B5D404980192B9112D03A, 30BFBDC8F4BFF9DCAE71940AFD3F3E8CCC71C950F3B4A9717A70FF667F6DDC9E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:41:01.0309 0x2108  nvlddmkm - ok
12:41:01.0394 0x2108  [ 903A40C958D471F9D30D29FA6D2800A4, 4641F8E8B20EE9AF8AB61E61AD74D41A4E9F51C906EC5F3BDC484FFAFB540E69 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:41:01.0424 0x2108  NvNetworkService - ok
12:41:01.0429 0x2108  NVR0FLASHDev - ok
12:41:01.0449 0x2108  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:41:01.0459 0x2108  nvraid - ok
12:41:01.0479 0x2108  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:41:01.0489 0x2108  nvstor - ok
12:41:01.0804 0x2108  [ 68DE8D996D8FF628AB6B3D422035F862, 239CE5BE15F39966AE5243971FE75BDFB35359F92C8294C61155C863F4B3C40E ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
12:41:02.0079 0x2108  NvStreamSvc - ok
12:41:02.0089 0x2108  NvStUSB - ok
12:41:02.0124 0x2108  [ B7973C405247C5A44BA46B12A4B7AEEA, DF25E4CB7093EFF528C47A51C68CD1B0A93AE273D078804B7E09E74163753AA8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:41:02.0144 0x2108  nvsvc - ok
12:41:02.0159 0x2108  [ 09216A70CC364D0974F606F6F2109210, 60877154D4DF5287D1989CDAA9863CD6DACA528D06233238498854A10C868C20 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:41:02.0169 0x2108  nvvad_WaveExtensible - ok
12:41:02.0179 0x2108  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:41:02.0189 0x2108  nv_agp - ok
12:41:02.0199 0x2108  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:41:02.0214 0x2108  ohci1394 - ok
12:41:02.0284 0x2108  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:41:02.0294 0x2108  ose - ok
12:41:02.0404 0x2108  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:41:02.0504 0x2108  osppsvc - ok
12:41:02.0529 0x2108  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:41:02.0554 0x2108  p2pimsvc - ok
12:41:02.0574 0x2108  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:41:02.0599 0x2108  p2psvc - ok
12:41:02.0609 0x2108  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:41:02.0619 0x2108  Parport - ok
12:41:02.0624 0x2108  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:41:02.0634 0x2108  partmgr - ok
12:41:02.0649 0x2108  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:41:02.0679 0x2108  PcaSvc - ok
12:41:02.0694 0x2108  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:41:02.0704 0x2108  pci - ok
12:41:02.0724 0x2108  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:41:02.0734 0x2108  pciide - ok
12:41:02.0744 0x2108  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:41:02.0759 0x2108  pcmcia - ok
12:41:02.0769 0x2108  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:41:02.0774 0x2108  pcw - ok
12:41:02.0794 0x2108  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:41:02.0854 0x2108  PEAUTH - ok
12:41:02.0899 0x2108  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:41:02.0974 0x2108  PeerDistSvc - ok
12:41:03.0009 0x2108  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:41:03.0034 0x2108  PerfHost - ok
12:41:03.0059 0x2108  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:41:03.0114 0x2108  pla - ok
12:41:03.0144 0x2108  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:41:03.0194 0x2108  PlugPlay - ok
12:41:03.0374 0x2108  [ 71F62C51DFDFBC04C83C5C64B2B8058E, CAB12E6D27BE421BD5A3CB04066EA50303A3210332ECC4B5C03B5F19735FC857 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:41:03.0394 0x2108  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
12:41:08.0639 0x2108  Detect skipped due to KSN trusted
12:41:08.0639 0x2108  Pml Driver HPZ12 - ok
12:41:08.0654 0x2108  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:41:08.0689 0x2108  PNRPAutoReg - ok
12:41:08.0714 0x2108  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:41:08.0734 0x2108  PNRPsvc - ok
12:41:08.0764 0x2108  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:41:08.0804 0x2108  PolicyAgent - ok
12:41:08.0824 0x2108  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
12:41:08.0869 0x2108  Power - ok
12:41:08.0889 0x2108  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:41:08.0929 0x2108  PptpMiniport - ok
12:41:08.0944 0x2108  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:41:08.0959 0x2108  Processor - ok
12:41:08.0984 0x2108  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:41:09.0029 0x2108  ProfSvc - ok
12:41:09.0049 0x2108  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:41:09.0059 0x2108  ProtectedStorage - ok
12:41:09.0074 0x2108  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:41:09.0114 0x2108  Psched - ok
12:41:09.0184 0x2108  [ 25999297E5224CD3047A52D5AEA40A44, 33756ED9C921D96D0D3E2440D52A3C35E2ECCC597EB5EDBB1B999EE3DF7C1990 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:41:09.0189 0x2108  QBCFMonitorService - detected UnsignedFile.Multi.Generic ( 1 )
12:41:13.0074 0x2108  Detect skipped due to KSN trusted
12:41:13.0074 0x2108  QBCFMonitorService - ok
12:41:13.0134 0x2108  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:41:13.0154 0x2108  QBFCService - detected UnsignedFile.Multi.Generic ( 1 )
12:41:15.0839 0x2108  Detect skipped due to KSN trusted
12:41:15.0839 0x2108  QBFCService - ok
12:41:15.0894 0x2108  [ 556EF21A96D296357D7BA075095E0A0A, 6645EAF5C1D52DCB97817789B0EF63A2ACD5BAF3DD180595A8764041C2378C86 ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
12:41:15.0934 0x2108  QBVSS - detected UnsignedFile.Multi.Generic ( 1 )
12:41:18.0789 0x2108  Detect skipped due to KSN trusted
12:41:18.0789 0x2108  QBVSS - ok
12:41:18.0839 0x2108  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:41:18.0899 0x2108  ql2300 - ok
12:41:18.0914 0x2108  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:41:18.0929 0x2108  ql40xx - ok
12:41:18.0954 0x2108  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:41:18.0974 0x2108  QWAVE - ok
12:41:18.0979 0x2108  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:41:19.0004 0x2108  QWAVEdrv - ok
12:41:19.0014 0x2108  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:41:19.0039 0x2108  RasAcd - ok
12:41:19.0064 0x2108  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:41:19.0089 0x2108  RasAgileVpn - ok
12:41:19.0099 0x2108  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:41:19.0139 0x2108  RasAuto - ok
12:41:19.0159 0x2108  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:41:19.0189 0x2108  Rasl2tp - ok
12:41:19.0239 0x2108  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:41:19.0279 0x2108  RasMan - ok
12:41:19.0314 0x2108  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:41:19.0514 0x2108  RasPppoe - ok
12:41:19.0534 0x2108  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:41:19.0579 0x2108  RasSstp - ok
12:41:19.0604 0x2108  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:41:19.0649 0x2108  rdbss - ok
12:41:19.0649 0x2108  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:41:19.0669 0x2108  rdpbus - ok
12:41:19.0679 0x2108  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:41:19.0724 0x2108  RDPCDD - ok
12:41:19.0749 0x2108  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:41:19.0764 0x2108  RDPDR - ok
12:41:19.0774 0x2108  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:41:19.0809 0x2108  RDPENCDD - ok
12:41:19.0829 0x2108  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:41:19.0854 0x2108  RDPREFMP - ok
12:41:19.0889 0x2108  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:41:19.0929 0x2108  RdpVideoMiniport - ok
12:41:19.0949 0x2108  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:41:19.0964 0x2108  RDPWD - ok
12:41:19.0979 0x2108  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:41:19.0989 0x2108  rdyboost - ok
12:41:19.0999 0x2108  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:41:20.0044 0x2108  RemoteAccess - ok
12:41:20.0059 0x2108  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:41:20.0089 0x2108  RemoteRegistry - ok
12:41:20.0104 0x2108  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:41:20.0129 0x2108  RpcEptMapper - ok
12:41:20.0134 0x2108  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:41:20.0164 0x2108  RpcLocator - ok
12:41:20.0189 0x2108  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:41:20.0224 0x2108  RpcSs - ok
12:41:20.0234 0x2108  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:41:20.0264 0x2108  rspndr - ok
12:41:20.0294 0x2108  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:41:20.0314 0x2108  RTL8167 - ok
12:41:20.0329 0x2108  [ CAB06CA598638E0457E1DCF8CA824EC2, 0193FC501E19104A1F71B240CD4E7093742F910A1A3CC3852CBCCE146C2167DB ] rusb3hub        C:\Windows\system32\DRIVERS\rusb3hub.sys
12:41:20.0339 0x2108  rusb3hub - ok
12:41:20.0354 0x2108  [ F47E2920F2A8C34562AAE24B73800C5C, AE18CB3DD00A6C0582E561B22D1BE3ABF0A48E78A7536486102095E20A102844 ] rusb3xhc        C:\Windows\system32\DRIVERS\rusb3xhc.sys
12:41:20.0364 0x2108  rusb3xhc - ok
12:41:20.0374 0x2108  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:41:20.0394 0x2108  s3cap - ok
12:41:20.0414 0x2108  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
12:41:20.0424 0x2108  SamSs - ok
12:41:20.0434 0x2108  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:41:20.0444 0x2108  sbp2port - ok
12:41:20.0454 0x2108  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:41:20.0494 0x2108  SCardSvr - ok
12:41:20.0494 0x2108  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:41:20.0534 0x2108  scfilter - ok
12:41:20.0574 0x2108  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:41:20.0619 0x2108  Schedule - ok
12:41:20.0634 0x2108  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:41:20.0659 0x2108  SCPolicySvc - ok
12:41:20.0674 0x2108  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:41:20.0689 0x2108  SDRSVC - ok
12:41:20.0699 0x2108  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:41:20.0724 0x2108  secdrv - ok
12:41:20.0729 0x2108  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:41:20.0754 0x2108  seclogon - ok
12:41:20.0764 0x2108  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
12:41:20.0789 0x2108  SENS - ok
12:41:20.0804 0x2108  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:41:20.0839 0x2108  SensrSvc - ok
12:41:20.0954 0x2108  [ 16416812F7DBBE9852FD1469215CA06A, 0769A7D11BAE15D9B1012789A23E4B519901EE555C9130CEE166B12DA48C95CF ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
12:41:20.0964 0x2108  SepMasterService - ok
12:41:20.0984 0x2108  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:41:21.0009 0x2108  Serenum - ok
12:41:21.0024 0x2108  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:41:21.0034 0x2108  Serial - ok
12:41:21.0044 0x2108  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:41:21.0054 0x2108  sermouse - ok
12:41:21.0069 0x2108  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:41:21.0104 0x2108  SessionEnv - ok
12:41:21.0119 0x2108  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:41:21.0139 0x2108  sffdisk - ok
12:41:21.0164 0x2108  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:41:21.0174 0x2108  sffp_mmc - ok
12:41:21.0184 0x2108  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:41:21.0204 0x2108  sffp_sd - ok
12:41:21.0254 0x2108  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:41:21.0529 0x2108  sfloppy - ok
12:41:21.0629 0x2108  [ 4215C271D6E6898C3F4DABAB4F387DC9, 10D845466AC239E18A381FA3BCF1DA1CDCF7CC4363D3A6B4695D6562B3EF7541 ] SftService      C:\Program Files (x86)\AlienRespawn\sftservice.EXE
12:41:21.0664 0x2108  SftService - ok
12:41:21.0689 0x2108  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:41:21.0734 0x2108  SharedAccess - ok
12:41:21.0754 0x2108  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:41:21.0784 0x2108  ShellHWDetection - ok
12:41:21.0799 0x2108  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:41:21.0814 0x2108  SiSRaid2 - ok
12:41:21.0819 0x2108  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:41:21.0829 0x2108  SiSRaid4 - ok
12:41:21.0834 0x2108  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:41:21.0859 0x2108  Smb - ok
12:41:21.0924 0x2108  [ AF05520F5C192F35908DA0D8EB87220F, 9717170F6FF08DD0D1BCAF95CF226AF28ADCF18AE7D8292BD35FAE889816B951 ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
12:41:21.0939 0x2108  SNAC - ok
12:41:21.0954 0x2108  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:41:21.0964 0x2108  SNMPTRAP - ok
12:41:21.0964 0x2108  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:41:21.0974 0x2108  spldr - ok
12:41:21.0994 0x2108  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:41:22.0019 0x2108  Spooler - ok
12:41:22.0094 0x2108  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:41:22.0189 0x2108  sppsvc - ok
12:41:22.0209 0x2108  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:41:22.0244 0x2108  sppuinotify - ok
12:41:22.0304 0x2108  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:41:22.0314 0x2108  SQLBrowser - ok
12:41:22.0374 0x2108  [ 3C432A96363097870995E2A3C8B66ABD, AA0AE0935FC5317FE93D7D3C3B9A6B2E026915D07704AF3E36F14FEA8595F4A6 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:41:22.0384 0x2108  SQLWriter - ok
12:41:22.0434 0x2108  [ 1EDDCBC683A90AC7E186ABF22B760839, 2929FDBF50EF80A315A556599A2A5123138FAA35F95E93A8C1CF470C7FBF1C27 ] SRTSP           C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS
12:41:22.0464 0x2108  SRTSP - ok
12:41:22.0474 0x2108  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS
12:41:22.0484 0x2108  SRTSPX - ok
12:41:22.0504 0x2108  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:41:22.0534 0x2108  srv - ok
12:41:22.0559 0x2108  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:41:22.0599 0x2108  srv2 - ok
12:41:22.0614 0x2108  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:41:22.0629 0x2108  srvnet - ok
12:41:22.0644 0x2108  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:41:22.0674 0x2108  SSDPSRV - ok
12:41:22.0684 0x2108  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:41:22.0709 0x2108  SstpSvc - ok
12:41:22.0789 0x2108  [ 9479C6048A757333E0035CB15F12F8B4, 6A8B53B8F76E3DD7AD9BBB0019D59F91C34120F003A0E0C4A5ADB6BC47E07D38 ] ST7501 Uranus Watch Dog C:\Program Files (x86)\VIVOTEK Inc\ST7501\Server\VMSUranusWatchDog.exe
12:41:22.0799 0x2108  ST7501 Uranus Watch Dog - ok
12:41:22.0844 0x2108  [ 3F0826F632F66906CB3ED62202A6BAD7, CA21B038DD1A1BED7293A8DEEBE19D43D1C12378ED5C6B82D36900CD4FFF23B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:41:22.0864 0x2108  Steam Client Service - ok
12:41:22.0954 0x2108  [ EACEC497A6496E2A280348AD67ACF280, DAC7141A072FC83274612BC228DA6E014C371707FC76832470604ACDD5BF4BE3 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:41:22.0969 0x2108  Stereo Service - ok
12:41:22.0989 0x2108  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:41:22.0999 0x2108  stexstor - ok
12:41:23.0039 0x2108  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:41:23.0084 0x2108  StillCam - ok
12:41:23.0109 0x2108  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:41:23.0134 0x2108  stisvc - ok
12:41:23.0149 0x2108  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
12:41:23.0174 0x2108  StorSvc - ok
12:41:23.0189 0x2108  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:41:23.0199 0x2108  storvsc - ok
12:41:23.0249 0x2108  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:41:23.0264 0x2108  swenum - ok
12:41:23.0379 0x2108  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:41:23.0429 0x2108  swprv - ok
12:41:24.0174 0x2108  [ 6E61AFF94BC6556268C6F51431F9497E, 3F21FEEF5EA9BBF24246731A0C4BDD88622A30A31CB54832784419825084FF7A ] SymEFASI        C:\Windows\system32\drivers\symefasi\0500010.01F\symefasi.sys
12:41:24.0214 0x2108  SymEFASI - ok
12:41:24.0234 0x2108  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:41:24.0244 0x2108  SymEvent - ok
12:41:24.0264 0x2108  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS
12:41:24.0274 0x2108  SymIRON - ok
12:41:24.0304 0x2108  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SYMNETS         C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS
12:41:24.0324 0x2108  SYMNETS - ok
12:41:24.0334 0x2108  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
12:41:24.0354 0x2108  SynthVid - ok
12:41:24.0414 0x2108  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:41:24.0469 0x2108  SysMain - ok
12:41:24.0489 0x2108  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:41:24.0509 0x2108  TabletInputService - ok
12:41:24.0524 0x2108  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:41:24.0569 0x2108  TapiSrv - ok
12:41:24.0589 0x2108  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:41:24.0614 0x2108  TBS - ok
12:41:24.0669 0x2108  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:41:24.0729 0x2108  Tcpip - ok
12:41:24.0764 0x2108  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:41:24.0814 0x2108  TCPIP6 - ok
12:41:24.0829 0x2108  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:41:24.0839 0x2108  tcpipreg - ok
12:41:24.0849 0x2108  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:41:24.0879 0x2108  TDPIPE - ok
12:41:24.0899 0x2108  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:41:24.0914 0x2108  TDTCP - ok
12:41:24.0934 0x2108  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:41:24.0959 0x2108  tdx - ok
12:41:24.0989 0x2108  [ B15F3E10FA0D1EF28E845F4530CD0BB7, 71C0B9FF40D26DFB7AF6B813E6AC42C71F65028DAAEA1E1CFB3EE8B157C97958 ] Teefer2         C:\Windows\system32\DRIVERS\Teefer.sys
12:41:24.0999 0x2108  Teefer2 - ok
 



#10 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 07 November 2014 - 06:43 PM

there are about 2,000 more lines in Step 3 - do you really need all of them?? The forum keeps telling me "An error occurred" "post_too_long"

 

 

Step 4 Completed

Step 4

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/7/2014
Scan Time: 12:48:17 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.07.05
Rootkit Database: v2014.11.01.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Darrel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345665
Time Elapsed: 6 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Step 5 Completed

 

HitmanPro 3.7.9.232
www.hitmanpro.com
   Computer name . . . . : DARREL-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Darrel-PC\Darrel
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-11-07 12:58:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 7
   Objects scanned . . . : 1,713,838
   Files scanned . . . . : 37,689
   Remnants scanned  . . : 416,873 files / 1,259,276 keys
Suspicious files ____________________________________________________________
   C:\Users\Darrel\Downloads\FRST64.exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 1.3 days (2014-11-06 06:38:01)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9A92493668D313771DB011C6FD2BF7B894B97281BC5E3C3DEE5C104372A33DCA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

Potential Unwanted Programs _________________________________________________
   ask.com
   C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Web Data
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32\ (BrowserSafeguard)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS\ (BrowserSafeguard)
Cookies _____________________________________________________________________
   C:\Users\Darrel\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Darrel\AppData\Roaming\Microsoft\Windows\Cookies\ST89VED8.txt
   C:\Users\Darrel\AppData\Roaming\Microsoft\Windows\Cookies\ZQ4X5Q91.txt

Step 6

No report No PoweLikes on system

Step 7

Your hyperlink is no good but I found the program via google search

 Results of screen317's Security Check version 0.99.89
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!
Symantec Endpoint Protection 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71
 Java version out of Date!
 Adobe Flash Player 15.0.0.152
 Adobe Reader 10.1.8 Adobe Reader out of Date!
 Google Chrome 38.0.2125.104
 Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe
 Malwarebytes Anti-Malware mbam.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Alienware Command Center ThermalController.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

I ran all 7 steps as described and I still have a slow sluggish system, there are still 10 Processes called conhost.exe using various amounts of memory and various amounts of CPU, 2 are being run from my user account and 8 are being run by the system, there is also 2 csrss.exe processes running.

I had to uninstall bitdefender because it finally killed access to the internet all together, I have reinstalled Symantec End Point v 12.1.5337.5000, I still have MalwareBytes licensed copy installed.

 



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 AM

Posted 08 November 2014 - 03:04 AM

Hello,

 

Thank you for the logs. I am sorry if my manner of working is a little confusing for you. Be sure that I am focused on resolving the problem.

 

In the logs above I don't see any evidence of Poweliks on board. Ok. before we continue further I have a few questions for you.

 

1. Did you set these proxy settings?

 

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49394;https=127.0.0.1:49394  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3125001501-1962380850-1972986946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49394;https=127.0.0.1:49394  -> Found

 

2. Can you please zip the TDSSKiller log and upload it at http://www.zippyshare.com/ and then post the link in your next reply?

 

That's it for now. Thank you!

 

 

Regards,

Georgi

 


cXfZ4wS.png


#12 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 08 November 2014 - 01:07 PM

I'm not sure I appreciate your comment "a little confusing for you". I followed your steps exactly as you posted, the only problem I had was posting step 3 to the forum because the forum will not accept the long log file, I was going to have to divide the log file into 10 or more parts so I asked a question. I am not confused at all - maybe someone who had ever ran TDSSKILLER in the manner directed would have known it was too long to post here and sent instructions to post elsewhere in the beginning.

 

No I have not set a Proxy or proxy server - I have a normal cable Internet Service Provider with a fixed IP and DNS

 

tdsskiller file is at:

http://www40.zippyshare.com/v/712393/file.html
 



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 AM

Posted 08 November 2014 - 02:14 PM

Hi,

 

You're doing a great work so far. I think that you misunderstood me again. I didn't intend to accuse you of anything. I meant i'm sorry for causing you some extra work earlier when I asked you to run so many tools.

 

Please download the following file => [attachment=157580:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Also can you please upload the following file: C:\Windows\Minidump\conhost.dmp at http://www.zippyshare.com/ and then post the link in your next reply?

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 08 November 2014 - 02:14 PM.

cXfZ4wS.png


#14 dagscomputers

dagscomputers
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 08 November 2014 - 03:23 PM

The word confusing is hard to misunderstand.

 

file is at

http://www19.zippyshare.com/v/23614500/file.html

 

I also put up a screenshot of task manager processes (after the reboot)

http://www19.zippyshare.com/v/13317097/file.html

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
Ran by Darrel at 2014-11-08 12:07:15 Run:1
Running from N:\Flash Drives\Primary\Spyware Tools
Loaded Profile: Darrel (Available profiles: Darrel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
ProxyServer: http=127.0.0.1:49394;https=127.0.0.1:49394
Reg: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /s
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3125001501-1962380850-1972986946-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKCU - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
cmd: type C:\tasklist.txt
cmd: type C:\ComboFix.txt
2014-11-04 16:26 - 2014-11-04 16:26 - 00265635 _____ () C:\ProgramData\1415147026.bdinstall.bin
2014-10-29 14:16 - 2014-10-29 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-10-29 14:06 - 2014-10-29 14:06 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-10-29 14:06 - 2014-10-29 14:06 - 00000385 _____ () C:\Users\Darrel\AppData\Roaminguser_gensett.xml
2014-10-29 14:05 - 2014-10-29 14:18 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-29 14:04 - 2013-11-04 14:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-10-29 14:01 - 2014-11-04 16:27 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-29 14:01 - 2014-11-04 16:25 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-10-29 14:01 - 2014-10-29 14:01 - 00000000 ____D () C:\Users\Darrel\AppData\Roaming\QuickScan
2014-10-29 14:01 - 2013-11-04 14:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-10-29 14:01 - 2013-11-04 14:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-10-29 13:49 - 2014-10-29 13:49 - 06770080 _____ () C:\Users\Darrel\Downloads\bitdefender_isecurity.exe
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS
end
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher => value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    IE5_UA_Backup_Flag    REG_SZ    5.0
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    EmailName    REG_SZ    IEUser@
    PrivDiscUiShown    REG_DWORD    0x1
    EnableHttp1_1    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
    AutoConfigProxy    REG_SZ    wininet.dll
    UseSchannelDirectly    REG_BINARY    01000000
    WarnOnPost    REG_BINARY    01000000
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xaa0
    PrivacyAdvanced    REG_DWORD    0x0
    ZonesSecurityUpgrade    REG_BINARY    F6DC6C3AF5FFCE01
    DisableCachingOfSSLPages    REG_DWORD    0x0
    WarnonZoneCrossing    REG_DWORD    0x0
    CertificateRevocation    REG_DWORD    0x1
    EnableNegotiate    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x0
    ProxyOverride    REG_SZ    <-loopback>
    WarnonBadCertRecving    REG_DWORD    0x1
    WarnOnPostRedirect    REG_DWORD    0x0
    WarnOnHTTPSToHTTPRedirect    REG_DWORD    0x1
    EnableAutodial    REG_DWORD    0x0
    NoNetAutodial    REG_DWORD    0x0
    ProxyHttp1.1    REG_DWORD    0x1
    EnableSPDY3_0    REG_DWORD    0x0
    BackgroundConnections    REG_DWORD    0x1
    EnablePunycode    REG_DWORD    0x1
    ShowPunycode    REG_DWORD    0x0
    CreateUriCacheSize    REG_DWORD    0x50
    CoInternetCombineIUriCacheSize    REG_DWORD    0x50
    SecurityIdIUriCacheSize    REG_DWORD    0x1e
    SpecialFoldersCacheSize    REG_DWORD    0x8
    SyncMode5    REG_DWORD    0x4

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WebSocket
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /s =========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings    REG_BINARY    4600000073060000090000002A000000687474703D3132372E302E302E313A34393339343B68747470733D3132372E302E302E313A34393339340B0000003C2D6C6F6F706261636B3E000000000400000000000000B3F0412CA1FFCE010000000000000000000000000200000002000000C0A800B00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D70C3E19A73F57FF4F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    460000006D0F0000090000002A000000687474703D3132372E302E302E313A34393339343B68747470733D3132372E302E302E313A34393339340B0000003C2D6C6F6F706261636B3E000000000400000000000000B3F0412CA1FFCE010000000000000000000000000200000002000000C0A800B00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D70C3E19A73F57FF4F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

 

========= End of Reg: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3125001501-1962380850-1972986946-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value deleted successfully.
"HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => Key not found.
catchme => Service deleted successfully.

=========  type C:\tasklist.txt =========

The system cannot find the file specified.

========= End of CMD: =========

=========  type C:\ComboFix.txt =========

The system cannot find the file specified.

========= End of CMD: =========

C:\ProgramData\1415147026.bdinstall.bin => Moved successfully.
C:\Windows\system32\bdsandboxuiskin32.dll => Moved successfully.
C:\Windows\system32\user_gensett.xml => Moved successfully.
C:\Users\Darrel\AppData\Roaminguser_gensett.xml => Moved successfully.
C:\ProgramData\BDLogging => Moved successfully.
C:\Windows\SysWOW64\bdsandboxuiskin32.dll => Moved successfully.
C:\Program Files\Bitdefender => Moved successfully.
C:\Program Files\Common Files\Bitdefender => Moved successfully.
C:\Users\Darrel\AppData\Roaming\QuickScan => Moved successfully.
C:\Windows\system32\BDSandBoxUISkin.dll => Moved successfully.
C:\Windows\system32\BDSandBoxUH.dll => Moved successfully.
C:\Users\Darrel\Downloads\bitdefender_isecurity.exe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32 => Key Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS => Key Deleted successfully.

The system needed a reboot.

==== End of Fixlog ====



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:48 AM

Posted 08 November 2014 - 04:23 PM

Hi,

 

The word confusing is hard to misunderstand.

 

Yeah, right. However, since english is not my maternal language, please excuse me if I make some mistakes... :)

 

Please go ahead and kill all instances of conhost.exe in Task Manager.

 

Next please download Process Monitor and save it to your desktop. Extract the archive to your desktop and run the file procmon.exe

 

Process Monitor will begin logging from the moment it starts running. To stop this, click the "Capture" icon (ico-01.png).
 
01.png

 

Clear all the events that Process Monitor recorded by clicking the "Clear" icon (ico-03.png)

 

03.png

 

Now go in to the Options menu and select Enable Boot Logging
 
04.png

 

You will be presented with the following dialog. Ensure that profiling events are generated every second and click OK.
 
05.png

 

Reboot the computer.

 

Allow the system to fully load windows and any associated startup programs and wait for the conhost.exe to start multiplying again.

 

Next double-click on the Procmon.exe file to run Process Monitor again.

 

Upon opening Procmon.exe, you will be presented with the following dialog.
 
07.png

 

Click Yes to save the collected data. Insert in the “File name” field the desired name for the output and select the "Save" button.

 

Close Process Monitor.

 

Compress and archive (zip) the PML file and upload it here then post the link to the file in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users