Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Toolbar Removal and More


  • This topic is locked This topic is locked
21 replies to this topic

#1 ichy076

ichy076

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 11 December 2014 - 10:45 PM

Hello, This is a repost because I failed to reply to previous topic in a timely manner and it was closed. Now, I can't PM a moderator because I can't find them. So, here it is. I am also posting my MBAM log in a few minutes.

 

Hi, I definitely cannot remove the AVG toolbar after trying many different ways including REVO Uninstaller. Nothing works. Also, my computer is showing many processes running now and that was not the case before. The PC worked very fast but now is super slow. It cannot be just coincidence that it happened by itself or because of dust. Can you please help me remove AVG and anything else you see? Also, I use no toolbars, so if there is anything else, let's get rid of it. Here is my log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:15:54 PM, on 11/27/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16592)

FIREFOX: 14.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mark\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com
O2 - BHO: Browser Extensions - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Mark\AppData\Roaming\BrowserExtensions\Coupons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Browser Extensions] "C:\Users\Mark\AppData\Roaming\BrowserExtensions\BEHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-476263150-473887440-2589625196-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-476263150-473887440-2589625196-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater17.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe



BC AdBot (Login to Remove)

 


#2 ichy076

ichy076
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 11 December 2014 - 11:17 PM

MBAM Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/11/2014
Scan Time: 9:48:23 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.12.01
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364433
Time Elapsed: 25 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#3 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 14 December 2014 - 08:43 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#4 ichy076

ichy076
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 14 December 2014 - 04:50 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014
Ran by Mark (administrator) on M-PC on 14-12-2014 15:45:55
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O&O Software GmbH) C:\Windows\System32\oodag.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(O&O Software GmbH) C:\Windows\System32\oodtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Windows\system32\oodtray.exe [2553088 2009-02-25] (O&O Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-12-13] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1813928 2013-10-08] (Valve Corporation)
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {1b8041b3-c556-11e0-b87e-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {38e5aae6-926e-11dd-9faf-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {c59ecbbc-2a3c-11de-ae7d-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {d4ff2024-4f77-11e2-9eb2-00219b0a777b} - H:\Xkey_launcher.exe
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {e2287ae3-7bb4-11dd-81e5-002215ef673b} - G:\steambackup.EXE
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080828
HKU\S-1-5-21-476263150-473887440-2589625196-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> DefaultScope {1A2461E4-CAB9-4E03-B2EE-EDDECB685D70} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> {1A2461E4-CAB9-4E03-B2EE-EDDECB685D70} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=242154&p=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\user.js
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-16]
FF Extension: Test Pilot - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-07]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-11-16]
FF Extension: No Name - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [Not Found]
FF Extension: No Name - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.9.799\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 O&O Defrag; C:\Windows\system32\oodag.exe [1352960 2009-02-25] (O&O Software GmbH)
R2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-19] (AVG Secure Search)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [81936 2011-06-06] (Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-10-30] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-09-05] () [File not signed]
U3 ahqm8b43; C:\Windows\system32\Drivers\ahqm8b43.sys [0 ] (Microsoft Corporation)
S3 CamDrL; system32\DRIVERS\Camdrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 15:41 - 2014-12-14 15:46 - 00015292 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-12-14 15:41 - 2014-12-14 15:45 - 00000000 ____D () C:\FRST
2014-12-14 15:41 - 2014-12-14 15:41 - 01111552 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2014-12-13 18:38 - 2014-12-13 18:38 - 00076120 _____ () C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 18:38 - 2014-12-13 18:38 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-12-13 18:35 - 2014-12-13 18:51 - 00029414 _____ () C:\Windows\PFRO.log
2014-12-13 18:35 - 2014-12-13 18:36 - 00303336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-12 00:42 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 00:42 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 00:36 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-11 22:15 - 2014-12-11 22:15 - 00001091 _____ () C:\Users\Mark\Desktop\malware.txt
2014-12-11 22:03 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 22:03 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 22:03 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 22:03 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 22:03 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 22:03 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 22:03 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 22:03 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 22:03 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 22:03 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-11 22:03 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-11 21:47 - 2014-12-11 21:48 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 21:47 - 2014-12-11 21:47 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 21:47 - 2014-12-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 21:46 - 2014-12-11 21:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-11 21:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 21:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 21:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 17:15 - 2014-11-27 17:15 - 00008870 _____ () C:\Users\Mark\Desktop\hijackthis.log
2014-11-27 17:14 - 2014-11-27 17:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mark\Desktop\HijackThis.exe
2014-11-27 16:50 - 2014-12-14 15:35 - 00000000 ____D () C:\Users\Mark\AppData\Local\AVG Secure Search
2014-11-27 16:49 - 2014-12-14 15:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-11-22 00:33 - 2014-10-23 19:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-16 12:56 - 2014-11-16 12:56 - 00002109 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-11-16 12:56 - 2014-11-16 12:56 - 00001034 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-11-16 12:56 - 2014-11-16 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-16 12:56 - 2014-11-16 12:56 - 00000000 ____D () C:\Program Files\Free Codec Pack
2014-11-16 12:56 - 2014-11-16 12:56 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-11-16 12:56 - 2014-11-16 12:56 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-11-16 12:50 - 2014-11-16 12:51 - 00000000 ____D () C:\Users\Mark\Documents\iSkysoft Video Converter Ultimate
2014-11-16 12:50 - 2014-11-16 12:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-11-16 12:48 - 2014-10-09 19:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-16 12:48 - 2014-10-09 19:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-16 12:48 - 2014-10-09 19:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-16 12:48 - 2014-10-09 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-16 12:47 - 2014-10-23 19:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-16 12:47 - 2014-08-26 18:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-16 12:47 - 2014-08-26 18:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-16 12:46 - 2014-08-11 20:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-16 12:44 - 2014-10-17 19:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-16 12:44 - 2014-10-02 19:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-16 12:44 - 2014-10-02 19:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-16 12:44 - 2014-10-02 19:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-16 12:44 - 2014-10-02 19:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-16 12:39 - 2014-10-12 17:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-16 12:38 - 2014-11-16 12:38 - 00000000 ____D () C:\Users\Mark\AppData\Local\iSkysoft
2014-11-16 12:37 - 2014-11-16 12:54 - 00000000 ____D () C:\ProgramData\iSkysoft
2014-11-16 12:37 - 2014-11-16 12:54 - 00000000 ____D () C:\Program Files\iSkysoft
2014-11-16 12:37 - 2014-11-16 12:51 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2014-11-16 12:37 - 2014-11-16 12:37 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-11-16 12:37 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\system32\ISCM32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 15:45 - 2014-11-02 13:56 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 15:45 - 2013-10-29 19:29 - 00000000 ____D () C:\Program Files\Steam
2014-12-14 15:45 - 2006-11-02 06:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 15:45 - 2006-11-02 06:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 15:44 - 2013-05-30 07:46 - 00000332 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-12-14 15:44 - 2009-05-26 07:04 - 02644667 _____ () C:\Windows\system32\oodbs.lor
2014-12-14 15:44 - 2008-09-05 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-14 15:44 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 15:43 - 2012-02-26 09:11 - 01842034 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 15:43 - 2006-11-02 07:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-14 15:35 - 2014-11-02 13:56 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 15:35 - 2009-08-09 16:07 - 00000446 _____ () C:\Windows\Tasks\Driver Robot.job
2014-12-13 19:08 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2014-12-13 18:59 - 2006-11-02 04:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 00:43 - 2008-10-05 01:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 00:41 - 2013-08-12 22:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 00:38 - 2006-11-02 04:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-11 22:30 - 2014-11-02 14:16 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 21:46 - 2009-10-17 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 09:49 - 2012-03-02 18:53 - 00000000 ____D () C:\Users\Mark\Desktop\Limewire
2014-12-06 09:40 - 2009-09-26 12:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Azureus
2014-12-06 09:39 - 2011-04-15 20:21 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-06 09:39 - 2008-11-25 00:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-27 17:14 - 2008-09-05 17:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\VirtualStore
2014-11-21 22:41 - 2013-10-13 19:36 - 00015872 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-21 21:37 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-21 21:29 - 2009-09-26 12:30 - 00000000 ____D () C:\Program Files\Vuze
2014-11-16 13:02 - 2011-04-15 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-16 13:02 - 2008-11-25 00:32 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-16 12:57 - 2011-08-13 08:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\DVDVideoSoft
2014-11-16 12:37 - 2014-11-02 14:53 - 00000000 ____D () C:\Users\Public\Documents\iSkysoft

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-13 18:58

==================== End Of Log ============================

 

Addition


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2014
Ran by Mark at 2014-12-14 15:47:23
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DFX for Winamp (HKLM\...\DFX for Winamp) (Version: 8.405.0.0 - Power Technology)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fable III (Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.1.1.805 - Foxit Software Company)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
GEAR 32bit Driver Installer (HKLM\...\{E89B484C-B913-49A0-959B-89E836001658}) (Version: 2.005.1 - GEAR Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HydraVision (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
join.me (HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\JoinMe) (Version: 1.9.1.204 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MixMeister CD-R Drivers (HKLM\...\{4367BF53-8748-4122-8516-85E4375925AF}) (Version: 3.54.26.1 - MixMeister Technology)
MixMeister Fusion + Video 7.0.5 (HKLM\...\mmfvsetup_is1) (Version:  - MixMeister Technology LLC)
Mozilla Firefox 14.0 (x86 en-US) (HKLM\...\Mozilla Firefox 14.0 (x86 en-US)) (Version: 14.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{F530581E-12FE-43B4-A28D-E5257AAD63E6}) (Version: 11.5.4065 - O&O Software GmbH)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version:  - Vuze Inc.)
Winamp (HKLM\...\Winamp) (Version: 5.531  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

27-11-2014 23:00:23 Windows Update
27-11-2014 23:06:09 Revo Uninstaller's restore point - AVG Security Toolbar
27-11-2014 23:07:02 Revo Uninstaller's restore point - AVG Security Toolbar
28-11-2014 19:01:35 Scheduled Checkpoint
06-12-2014 15:49:30 Windows Update
07-12-2014 17:20:21 Scheduled Checkpoint
12-12-2014 04:03:06 Windows Update
12-12-2014 06:36:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2009-11-02 08:48 - 00000151 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
91.212.127.226 winguard2009.microsoft.com
91.212.127.226 winguard-2009.com
91.212.127.226 www.winguard-2009.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0568F2CF-59E5-421C-8AE1-52ADF5B8C61B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {1456B2D9-FA1F-48C7-A4B2-567954B3D7E5} - System32\Tasks\Driver Robot => C:\Program Files\Driver Robot\1.0.9.5\DriverRobot.exe
Task: {1481F30E-31C4-4B65-AF57-DCAE19B1BEE3} - System32\Tasks\{B5D5E79B-86A5-4682-877B-21F2DBFA59DC} => pcalua.exe -a C:\Users\Mark\Desktop\daemon4120-lite.exe -d C:\Users\Mark\Desktop
Task: {24F3BEC8-6A0A-4F9D-A708-A1D0026B6402} - System32\Tasks\{A0861753-969E-4DC0-89B9-54ABC642FBCC} => pcalua.exe -a "C:\ProgramData\iSkysoft\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\iSkysoft\Video Converter Ultimate" -c "i" "chrome"
Task: {93E59FC9-1EA6-4AED-9B5B-71C0B51B2848} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C4D216C8-CE78-4E83-A471-9D8A45BA14AC} - System32\Tasks\{F0FD58DF-2043-472F-9DB6-8C85E5A18393} => pcalua.exe -a "C:\ProgramData\iSkysoft\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\iSkysoft\Video Converter Ultimate" -c "i" "firefox"
Task: {CEC993ED-025A-4320-8341-45EA0651607E} - System32\Tasks\{DB1CF908-521A-42D2-B1CE-4E7820F9FD71} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {D229E32D-D548-48B8-90BE-9354D143D27B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {EDF7C010-FA86-4411-994B-7F7E566A165A} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_MAY2013_TB.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.0.9.5\DriverRobot.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-05 01:23 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-16 12:37 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\System32\ISCM32.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 20:13 - 2014-10-30 20:12 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-10-30 20:13 - 2014-10-30 20:12 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-11-16 12:37 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-11-16 12:37 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2014-12-13 18:38 - 2014-12-13 18:37 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2013-08-21 13:18 - 2013-08-21 16:18 - 00687104 _____ () C:\Program Files\Steam\SDL2.dll
2013-10-08 17:19 - 2013-10-08 20:19 - 01121704 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2013-09-10 13:20 - 2013-09-10 16:20 - 20625832 _____ () C:\Program Files\Steam\bin\libcef.dll
2013-06-14 14:49 - 2013-06-14 17:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2013-06-14 14:49 - 2013-06-14 17:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2013-06-14 14:49 - 2013-06-14 17:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-476263150-473887440-2589625196-500 - Administrator - Disabled)
Guest (S-1-5-21-476263150-473887440-2589625196-501 - Limited - Disabled)
Mark (S-1-5-21-476263150-473887440-2589625196-1000 - Administrator - Enabled) => C:\Users\Mark
UpdatusUser (S-1-5-21-476263150-473887440-2589625196-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 03:45:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 06:53:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 06:37:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 00:40:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/12/2014 00:40:53 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (12/11/2014 11:14:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16592 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1764
Start Time: 01d015bd8c005a60
Termination Time: 0

Error: (12/11/2014 09:40:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7, faulting module IEFRAME.dll, version 9.0.8112.16592, time stamp 0x544e96b4, exception code 0xc00000fd, fault offset 0x0000fe95,
process id 0x1078, application start time 0xiexplore.exe0.

Error: (12/11/2014 09:40:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7, faulting module IEFRAME.dll, version 9.0.8112.16592, time stamp 0x544e96b4, exception code 0xc00000fd, fault offset 0x0000fe95,
process id 0x13f4, application start time 0xiexplore.exe0.

Error: (12/07/2014 10:54:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7, faulting module IEFRAME.dll, version 9.0.8112.16592, time stamp 0x544e96b4, exception code 0xc00000fd, fault offset 0x0000fe95,
process id 0xcc0, application start time 0xiexplore.exe0.

Error: (12/06/2014 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 11.3.0.54, time stamp 0x53bc1265, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3fb504f3,
process id 0xadc, application start time 0xiTunes.exe0.

System errors:
=============
Error: (12/14/2014 03:47:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (12/14/2014 03:47:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (12/14/2014 03:45:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LogMeIn Kernel Information Provider%%3

Error: (12/13/2014 07:08:27 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.9 for the Network Card with network address 002215EF673B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/13/2014 07:04:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.189.1916.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (12/13/2014 06:55:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (12/13/2014 06:55:22 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (12/13/2014 06:53:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LogMeIn Kernel Information Provider%%3

Error: (12/13/2014 06:51:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.189.1916.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (12/13/2014 06:39:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-14 15:47:11.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:11.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:11.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:10.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:10.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:10.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:09.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:47:09.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:42:00.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 15:41:59.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3197.27 MB
Available physical RAM: 2073.9 MB
Total Pagefile: 6587.53 MB
Available Pagefile: 5479.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:400.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.12 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:682 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: FE869A65)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 14 December 2014 - 08:29 PM

Hi, let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

We'll remove the remnants of the AVG junk and give your machine a good going over to tidy up and make sure nothing is lurking. :thumbsup2:


Step 1: P2P Information


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (Vuze) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\AVG Secure Search
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-12-13] ()
C:\Program Files\AVG Secure Search
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {1b8041b3-c556-11e0-b87e-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {38e5aae6-926e-11dd-9faf-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {c59ecbbc-2a3c-11de-ae7d-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {d4ff2024-4f77-11e2-9eb2-00219b0a777b} - H:\Xkey_launcher.exe
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {e2287ae3-7bb4-11dd-81e5-002215ef673b} - G:\steambackup.EXE
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: No Name - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [Not Found]
FF Extension: No Name - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [Not Found]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.9.799\avg.crx [Not Found]
R2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-19] (AVG Secure Search)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
2014-11-27 16:50 - 2014-12-14 15:35 - 00000000 ____D () C:\Users\Mark\AppData\Local\AVG Secure Search
2014-11-27 16:49 - 2014-12-14 15:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-14 15:44 - 2013-05-30 07:46 - 00000332 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
Task: {EDF7C010-FA86-4411-994B-7F7E566A165A} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_MAY2013_TB.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

How is the machine running?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 17 December 2014 - 06:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 20 December 2014 - 04:24 AM

User returned. Please proceed with the instructions and post the logs at your convenience. :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 ichy076

ichy076
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 21 December 2014 - 12:20 AM

I will post all the logs in a second. The machine appears to be running similarly as before. Perhaps faster, but I can't tell. There are still a bunch of processes running in the task manager, but I don't see AVG there anymore. Do you see anything else that's slowing it down? I have not yet tried anything too memory-consuming so I'm not sure what's there or not.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014
Ran by Mark at 2014-12-20 22:43:27 Run:1
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\AVG Secure Search
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-12-13] ()
C:\Program Files\AVG Secure Search
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {1b8041b3-c556-11e0-b87e-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {38e5aae6-926e-11dd-9faf-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {c59ecbbc-2a3c-11de-ae7d-00219b0a777b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {d4ff2024-4f77-11e2-9eb2-00219b0a777b} - H:\Xkey_launcher.exe
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {e2287ae3-7bb4-11dd-81e5-002215ef673b} - G:\steambackup.EXE
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: No Name - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [Not Found]
FF Extension: No Name - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [Not Found]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.9.799\avg.crx [Not Found]
R2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-19] (AVG Secure Search)
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
2014-11-27 16:50 - 2014-12-14 15:35 - 00000000 ____D () C:\Users\Mark\AppData\Local\AVG Secure Search
2014-11-27 16:49 - 2014-12-14 15:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-14 15:44 - 2013-05-30 07:46 - 00000332 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
Task: {EDF7C010-FA86-4411-994B-7F7E566A165A} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_MAY2013_TB.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End

*****************

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe => No running process found
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => No running process found
"C:\Program Files\Common Files\AVG Secure Search" => File/Directory not found.
C:\Program Files\AVG Secure Search\vprot.exe => No running process found
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
"C:\Program Files\AVG Secure Search" => File/Directory not found.
"HKU\S-1-5-21-476263150-473887440-2589625196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b8041b3-c556-11e0-b87e-00219b0a777b}" => Key deleted successfully.
HKCR\CLSID\{1b8041b3-c556-11e0-b87e-00219b0a777b} => Key not found.
"HKU\S-1-5-21-476263150-473887440-2589625196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38e5aae6-926e-11dd-9faf-00219b0a777b}" => Key deleted successfully.
HKCR\CLSID\{38e5aae6-926e-11dd-9faf-00219b0a777b} => Key not found.
"HKU\S-1-5-21-476263150-473887440-2589625196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59ecbbc-2a3c-11de-ae7d-00219b0a777b}" => Key deleted successfully.
HKCR\CLSID\{c59ecbbc-2a3c-11de-ae7d-00219b0a777b} => Key not found.
"HKU\S-1-5-21-476263150-473887440-2589625196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4ff2024-4f77-11e2-9eb2-00219b0a777b}" => Key deleted successfully.
HKCR\CLSID\{d4ff2024-4f77-11e2-9eb2-00219b0a777b} => Key not found.
"HKU\S-1-5-21-476263150-473887440-2589625196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2287ae3-7bb4-11dd-81e5-002215ef673b}" => Key deleted successfully.
HKCR\CLSID\{e2287ae3-7bb4-11dd-81e5-002215ef673b} => Key not found.
HKU\S-1-5-21-476263150-473887440-2589625196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key not found.
"C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml" => not found.
"C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml" => not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml" => not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.
C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found.
C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key not found.
vToolbarUpdater17.2.0 => Service deleted successfully.
RoxLiveShare9 => Service deleted successfully.
"C:\Users\Mark\AppData\Local\AVG Secure Search" => File/Directory not found.
"C:\ProgramData\AVG Secure Search" => File/Directory not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDF7C010-FA86-4411-994B-7F7E566A165A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDF7C010-FA86-4411-994B-7F7E566A165A}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_MAY2013_TB_rel" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job not found.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 345.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Mark on Sat 12/20/2014 at 22:47:28.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/20/2014 at 22:49:27.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Adware log:

 

# AdwCleaner v4.105 - Report created 20/12/2014 at 22:51:59
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Mark - M-PC
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v14.0 (en-US)

-\\ Google Chrome v39.0.2171.95

*************************

AdwCleaner[R0].txt - [6979 octets] - [20/12/2014 22:32:56]
AdwCleaner[R1].txt - [905 octets] - [20/12/2014 22:50:17]
AdwCleaner[S0].txt - [7192 octets] - [20/12/2014 22:35:03]
AdwCleaner[S1].txt - [827 octets] - [20/12/2014 22:51:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [886 octets] ##########

 

TDSS Log:

 

23:09:22.0491 0x09f8  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
23:09:24.0176 0x09f8  ============================================================
23:09:24.0176 0x09f8  Current date / time: 2014/12/20 23:09:24.0176
23:09:24.0176 0x09f8  SystemInfo:
23:09:24.0176 0x09f8 
23:09:24.0176 0x09f8  OS Version: 6.0.6002 ServicePack: 2.0
23:09:24.0176 0x09f8  Product type: Workstation
23:09:24.0176 0x09f8  ComputerName: M-PC
23:09:24.0176 0x09f8  UserName: Mark
23:09:24.0176 0x09f8  Windows directory: C:\Windows
23:09:24.0176 0x09f8  System windows directory: C:\Windows
23:09:24.0176 0x09f8  Processor architecture: Intel x86
23:09:24.0176 0x09f8  Number of processors: 4
23:09:24.0176 0x09f8  Page size: 0x1000
23:09:24.0176 0x09f8  Boot type: Normal boot
23:09:24.0176 0x09f8  ============================================================
23:09:26.0017 0x09f8  KLMD registered as C:\Windows\system32\drivers\38418992.sys
23:09:26.0173 0x09f8  System UUID: {44964E26-EBE9-2BD5-D1C1-2BA6C369EDFD}
23:09:26.0719 0x09f8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:26.0719 0x09f8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:26.0719 0x09f8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:09:26.0719 0x09f8  ============================================================
23:09:26.0719 0x09f8  \Device\Harddisk0\DR0:
23:09:26.0719 0x09f8  MBR partitions:
23:09:26.0719 0x09f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
23:09:26.0719 0x09f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000
23:09:26.0719 0x09f8  \Device\Harddisk1\DR1:
23:09:26.0719 0x09f8  MBR partitions:
23:09:26.0719 0x09f8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:09:26.0719 0x09f8  \Device\Harddisk2\DR2:
23:09:26.0719 0x09f8  MBR partitions:
23:09:26.0719 0x09f8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
23:09:26.0719 0x09f8  ============================================================
23:09:26.0750 0x09f8  C: <-> \Device\Harddisk0\DR0\Partition2
23:09:26.0781 0x09f8  D: <-> \Device\Harddisk0\DR0\Partition1
23:09:27.0359 0x09f8  H: <-> \Device\Harddisk2\DR2\Partition1
23:09:27.0374 0x09f8  F: <-> \Device\Harddisk1\DR1\Partition1
23:09:27.0374 0x09f8  ============================================================
23:09:27.0374 0x09f8  Initialize success
23:09:27.0374 0x09f8  ============================================================
23:09:30.0915 0x0cb4  ============================================================
23:09:30.0915 0x0cb4  Scan started
23:09:30.0915 0x0cb4  Mode: Manual; SigCheck; TDLFS;
23:09:30.0915 0x0cb4  ============================================================
23:09:30.0915 0x0cb4  KSN ping started
23:09:33.0349 0x0cb4  KSN ping finished: true
23:09:33.0942 0x0cb4  ================ Scan system memory ========================
23:09:33.0942 0x0cb4  System memory - ok
23:09:33.0942 0x0cb4  ================ Scan services =============================
23:09:34.0051 0x0cb4  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:09:34.0145 0x0cb4  ACPI - ok
23:09:34.0191 0x0cb4  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:09:34.0223 0x0cb4  adp94xx - ok
23:09:34.0254 0x0cb4  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:09:34.0269 0x0cb4  adpahci - ok
23:09:34.0301 0x0cb4  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:09:34.0301 0x0cb4  adpu160m - ok
23:09:34.0332 0x0cb4  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:09:34.0347 0x0cb4  adpu320 - ok
23:09:34.0410 0x0cb4  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:09:34.0425 0x0cb4  AeLookupSvc - ok
23:09:34.0457 0x0cb4  [ 330A1E4DF07C2E29949ED8631CD8828E, 139127405B2D635B0252FF8D7308D671546F20B051C93C50A9013E7AB9D54835 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
23:09:34.0472 0x0cb4  AERTFilters - ok
23:09:34.0503 0x0cb4  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
23:09:34.0535 0x0cb4  AFD - ok
23:09:34.0550 0x0cb4  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:09:34.0566 0x0cb4  agp440 - ok
23:09:34.0581 0x0cb4  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:09:34.0597 0x0cb4  aic78xx - ok
23:09:34.0613 0x0cb4  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
23:09:34.0644 0x0cb4  ALG - ok
23:09:34.0644 0x0cb4  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
23:09:34.0659 0x0cb4  aliide - ok
23:09:34.0691 0x0cb4  [ 89DD6104E542552DAF25F42A30F75E08, 14B22F88CF161CD9B322A2287CA1DC3C17FC02980A4CA39685D205D0FABA012B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:09:34.0722 0x0cb4  AMD External Events Utility - ok
23:09:34.0737 0x0cb4  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:09:34.0737 0x0cb4  amdagp - ok
23:09:34.0753 0x0cb4  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
23:09:34.0769 0x0cb4  amdide - ok
23:09:34.0784 0x0cb4  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:09:34.0815 0x0cb4  AmdK7 - ok
23:09:34.0815 0x0cb4  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:09:34.0847 0x0cb4  AmdK8 - ok
23:09:35.0159 0x0cb4  [ 03AC6735672F15CEAAB502E4349286E0, 5467294DD3BFBC91C34F4339126BB3420D1CE3F6A4F4388685E3A26530DAC456 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:09:35.0455 0x0cb4  amdkmdag - ok
23:09:35.0502 0x0cb4  [ F566C90E4BBE387E905130B6E490DCCD, 0124F512BF69F791188287FAFDB2A88CBDA1640E5C56596EBAF01FF46D581BC2 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:09:35.0533 0x0cb4  amdkmdap - ok
23:09:35.0564 0x0cb4  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
23:09:35.0580 0x0cb4  Appinfo - ok
23:09:35.0673 0x0cb4  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:09:35.0673 0x0cb4  Apple Mobile Device - ok
23:09:35.0705 0x0cb4  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
23:09:35.0720 0x0cb4  arc - ok
23:09:35.0736 0x0cb4  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:09:35.0751 0x0cb4  arcsas - ok
23:09:35.0829 0x0cb4  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:09:35.0845 0x0cb4  aspnet_state - ok
23:09:35.0861 0x0cb4  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:35.0892 0x0cb4  AsyncMac - ok
23:09:35.0907 0x0cb4  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
23:09:35.0923 0x0cb4  atapi - ok
23:09:35.0970 0x0cb4  [ F71B6EE018EADF4CFD52F3C83847E5F6, B352ABF13B1593E6D4CE61548DA298BF588765630759E9726553F2D29CC8158F ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
23:09:35.0985 0x0cb4  AtiHDAudioService - ok
23:09:36.0017 0x0cb4  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:09:36.0048 0x0cb4  AudioEndpointBuilder - ok
23:09:36.0063 0x0cb4  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:09:36.0079 0x0cb4  Audiosrv - ok
23:09:36.0141 0x0cb4  [ D15D2E9F5567075740B88F16F01810D6, 09086182352B0901D886B1F588F141DFC1E68CF0CA62BA399F841E1C96DFDFEF ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
23:09:36.0157 0x0cb4  avgtp - ok
23:09:36.0219 0x0cb4  [ E3D7BC2DD538C9029E3849B129062AA2, 4E8E55E442862575CBA72B614AA7B3D62E8E72850DD4AB17438EEA285AEA4E3A ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
23:09:36.0251 0x0cb4  BCM43XX - ok
23:09:36.0282 0x0cb4  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:09:36.0313 0x0cb4  Beep - ok
23:09:36.0329 0x0cb4  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
23:09:36.0360 0x0cb4  BFE - ok
23:09:36.0438 0x0cb4  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
23:09:36.0485 0x0cb4  BITS - ok
23:09:36.0485 0x0cb4  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:09:36.0516 0x0cb4  blbdrive - ok
23:09:36.0578 0x0cb4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:09:36.0609 0x0cb4  Bonjour Service - ok
23:09:36.0625 0x0cb4  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:09:36.0641 0x0cb4  bowser - ok
23:09:36.0656 0x0cb4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:09:36.0672 0x0cb4  BrFiltLo - ok
23:09:36.0687 0x0cb4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:09:36.0703 0x0cb4  BrFiltUp - ok
23:09:36.0734 0x0cb4  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
23:09:36.0750 0x0cb4  Browser - ok
23:09:36.0781 0x0cb4  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:09:36.0812 0x0cb4  Brserid - ok
23:09:36.0828 0x0cb4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:09:36.0875 0x0cb4  BrSerWdm - ok
23:09:36.0875 0x0cb4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:09:36.0921 0x0cb4  BrUsbMdm - ok
23:09:36.0921 0x0cb4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:09:36.0968 0x0cb4  BrUsbSer - ok
23:09:36.0984 0x0cb4  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:09:37.0015 0x0cb4  BTHMODEM - ok
23:09:37.0031 0x0cb4  CamDrL - ok
23:09:37.0046 0x0cb4  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:09:37.0062 0x0cb4  cdfs - ok
23:09:37.0093 0x0cb4  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:09:37.0109 0x0cb4  cdrom - ok
23:09:37.0140 0x0cb4  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
23:09:37.0171 0x0cb4  CertPropSvc - ok
23:09:37.0187 0x0cb4  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:09:37.0218 0x0cb4  circlass - ok
23:09:37.0249 0x0cb4  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
23:09:37.0265 0x0cb4  CLFS - ok
23:09:37.0311 0x0cb4  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:09:37.0311 0x0cb4  clr_optimization_v2.0.50727_32 - ok
23:09:37.0358 0x0cb4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:09:37.0374 0x0cb4  clr_optimization_v4.0.30319_32 - ok
23:09:37.0389 0x0cb4  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:09:37.0389 0x0cb4  cmdide - ok
23:09:37.0405 0x0cb4  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:09:37.0405 0x0cb4  Compbatt - ok
23:09:37.0405 0x0cb4  COMSysApp - ok
23:09:37.0421 0x0cb4  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:09:37.0436 0x0cb4  crcdisk - ok
23:09:37.0436 0x0cb4  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:09:37.0467 0x0cb4  Crusoe - ok
23:09:37.0499 0x0cb4  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:09:37.0514 0x0cb4  CryptSvc - ok
23:09:37.0561 0x0cb4  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:09:37.0608 0x0cb4  DcomLaunch - ok
23:09:37.0639 0x0cb4  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:09:37.0655 0x0cb4  DfsC - ok
23:09:37.0748 0x0cb4  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
23:09:37.0826 0x0cb4  DFSR - ok
23:09:37.0873 0x0cb4  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:09:37.0889 0x0cb4  Dhcp - ok
23:09:37.0920 0x0cb4  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
23:09:37.0935 0x0cb4  disk - ok
23:09:37.0967 0x0cb4  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:09:37.0982 0x0cb4  Dnscache - ok
23:09:38.0013 0x0cb4  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
23:09:38.0029 0x0cb4  dot3svc - ok
23:09:38.0045 0x0cb4  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
23:09:38.0076 0x0cb4  DPS - ok
23:09:38.0107 0x0cb4  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:09:38.0123 0x0cb4  drmkaud - ok
23:09:38.0154 0x0cb4  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:09:38.0185 0x0cb4  DXGKrnl - ok
23:09:38.0216 0x0cb4  [ 04944F4FC4F0477185F5D26AE0DDB90E, 2D67A90905871A26FA227AF0B31F7A0026E100E3253BF3B6791F593E56619F9E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
23:09:38.0216 0x0cb4  e1express - ok
23:09:38.0263 0x0cb4  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:09:38.0279 0x0cb4  E1G60 - ok
23:09:38.0310 0x0cb4  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
23:09:38.0341 0x0cb4  EapHost - ok
23:09:38.0372 0x0cb4  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:09:38.0388 0x0cb4  Ecache - ok
23:09:38.0435 0x0cb4  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:09:38.0450 0x0cb4  ehRecvr - ok
23:09:38.0450 0x0cb4  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
23:09:38.0466 0x0cb4  ehSched - ok
23:09:38.0481 0x0cb4  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
23:09:38.0497 0x0cb4  ehstart - ok
23:09:38.0528 0x0cb4  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:09:38.0544 0x0cb4  elxstor - ok
23:09:38.0591 0x0cb4  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:09:38.0622 0x0cb4  EMDMgmt - ok
23:09:38.0653 0x0cb4  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:09:38.0669 0x0cb4  ErrDev - ok
23:09:38.0700 0x0cb4  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
23:09:38.0731 0x0cb4  EventSystem - ok
23:09:38.0762 0x0cb4  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:09:38.0778 0x0cb4  exfat - ok
23:09:38.0809 0x0cb4  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:09:38.0825 0x0cb4  fastfat - ok
23:09:38.0840 0x0cb4  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:09:38.0856 0x0cb4  fdc - ok
23:09:38.0887 0x0cb4  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
23:09:38.0903 0x0cb4  fdPHost - ok
23:09:38.0903 0x0cb4  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:09:38.0949 0x0cb4  FDResPub - ok
23:09:38.0965 0x0cb4  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:09:38.0981 0x0cb4  FileInfo - ok
23:09:38.0981 0x0cb4  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:09:39.0012 0x0cb4  Filetrace - ok
23:09:39.0074 0x0cb4  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:09:39.0105 0x0cb4  FLEXnet Licensing Service - ok
23:09:39.0137 0x0cb4  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:09:39.0168 0x0cb4  flpydisk - ok
23:09:39.0183 0x0cb4  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:09:39.0199 0x0cb4  FltMgr - ok
23:09:39.0261 0x0cb4  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
23:09:39.0293 0x0cb4  FontCache - ok
23:09:39.0324 0x0cb4  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:09:39.0324 0x0cb4  FontCache3.0.0.0 - ok
23:09:39.0355 0x0cb4  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:09:39.0371 0x0cb4  Fs_Rec - ok
23:09:39.0386 0x0cb4  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:09:39.0402 0x0cb4  gagp30kx - ok
23:09:39.0433 0x0cb4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\drivers\gearaspiwdm.sys
23:09:39.0449 0x0cb4  GEARAspiWDM - ok
23:09:39.0480 0x0cb4  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
23:09:39.0511 0x0cb4  gpsvc - ok
23:09:39.0605 0x0cb4  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:09:39.0605 0x0cb4  gupdate - ok
23:09:39.0620 0x0cb4  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:09:39.0636 0x0cb4  gupdatem - ok
23:09:39.0651 0x0cb4  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:09:39.0683 0x0cb4  HdAudAddService - ok
23:09:39.0714 0x0cb4  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:09:39.0761 0x0cb4  HDAudBus - ok
23:09:39.0776 0x0cb4  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:09:39.0807 0x0cb4  HidBth - ok
23:09:39.0823 0x0cb4  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:09:39.0854 0x0cb4  HidIr - ok
23:09:39.0885 0x0cb4  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
23:09:39.0901 0x0cb4  hidserv - ok
23:09:39.0917 0x0cb4  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:09:39.0932 0x0cb4  HidUsb - ok
23:09:39.0948 0x0cb4  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:09:39.0963 0x0cb4  hkmsvc - ok
23:09:39.0979 0x0cb4  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:09:39.0995 0x0cb4  HpCISSs - ok
23:09:40.0041 0x0cb4  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:09:40.0057 0x0cb4  HTTP - ok
23:09:40.0073 0x0cb4  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:09:40.0088 0x0cb4  i2omp - ok
23:09:40.0119 0x0cb4  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:09:40.0135 0x0cb4  i8042prt - ok
23:09:40.0151 0x0cb4  [ 997E8F5939F2D12CD9F2E6B395724C16, C22F10BADE29DA6F7EB79D9F5D81D9FBEC17D4D4F8B25E0AF4E5CEAE28E8ABF6 ] iaStor          C:\Windows\system32\drivers\iastor.sys
23:09:40.0166 0x0cb4  iaStor - ok
23:09:40.0182 0x0cb4  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:09:40.0197 0x0cb4  iaStorV - ok
23:09:40.0260 0x0cb4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:09:40.0260 0x0cb4  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
23:09:42.0990 0x0cb4  Detect skipped due to KSN trusted
23:09:42.0990 0x0cb4  IDriverT - ok
23:09:43.0052 0x0cb4  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:09:43.0083 0x0cb4  idsvc - ok
23:09:43.0177 0x0cb4  [ C134E69CE901422D1F2D7EA8D69098FE, 38D7AB6C85C0BCE34B8F52DDBD6F0371DF551003DF6BAE20A2AB1D1349128890 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:09:43.0239 0x0cb4  igfx - ok
23:09:43.0271 0x0cb4  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:09:43.0286 0x0cb4  iirsp - ok
23:09:43.0317 0x0cb4  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:09:43.0333 0x0cb4  IKEEXT - ok
23:09:43.0427 0x0cb4  [ F8F53C5449F15B23D4C61D51D2701DA8, BDAE41E3A5798FA11E979DAE84EB5F21D9C271196A757429ED1DACD732822CF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:09:43.0489 0x0cb4  IntcAzAudAddService - ok
23:09:43.0567 0x0cb4  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:09:43.0567 0x0cb4  intelide - ok
23:09:43.0598 0x0cb4  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:09:43.0614 0x0cb4  intelppm - ok
23:09:43.0645 0x0cb4  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:09:43.0661 0x0cb4  IPBusEnum - ok
23:09:43.0676 0x0cb4  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:43.0707 0x0cb4  IpFilterDriver - ok
23:09:43.0723 0x0cb4  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:09:43.0739 0x0cb4  iphlpsvc - ok
23:09:43.0754 0x0cb4  IpInIp - ok
23:09:43.0770 0x0cb4  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:09:43.0785 0x0cb4  IPMIDRV - ok
23:09:43.0801 0x0cb4  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:09:43.0832 0x0cb4  IPNAT - ok
23:09:43.0895 0x0cb4  [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:09:43.0926 0x0cb4  iPod Service - ok
23:09:43.0926 0x0cb4  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:09:43.0957 0x0cb4  IRENUM - ok
23:09:43.0973 0x0cb4  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:09:43.0988 0x0cb4  isapnp - ok
23:09:44.0019 0x0cb4  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:09:44.0035 0x0cb4  iScsiPrt - ok
23:09:44.0051 0x0cb4  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:09:44.0051 0x0cb4  iteatapi - ok
23:09:44.0066 0x0cb4  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:09:44.0082 0x0cb4  iteraid - ok
23:09:44.0082 0x0cb4  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:44.0097 0x0cb4  kbdclass - ok
23:09:44.0129 0x0cb4  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:09:44.0144 0x0cb4  kbdhid - ok
23:09:44.0160 0x0cb4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
23:09:44.0175 0x0cb4  KeyIso - ok
23:09:44.0207 0x0cb4  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:09:44.0238 0x0cb4  KSecDD - ok
23:09:44.0269 0x0cb4  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:09:44.0300 0x0cb4  KtmRm - ok
23:09:44.0316 0x0cb4  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:09:44.0331 0x0cb4  LanmanServer - ok
23:09:44.0363 0x0cb4  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:09:44.0378 0x0cb4  LanmanWorkstation - ok
23:09:44.0394 0x0cb4  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:09:44.0425 0x0cb4  lltdio - ok
23:09:44.0441 0x0cb4  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:09:44.0472 0x0cb4  lltdsvc - ok
23:09:44.0487 0x0cb4  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:09:44.0519 0x0cb4  lmhosts - ok
23:09:44.0550 0x0cb4  LMIInfo - ok
23:09:44.0581 0x0cb4  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
23:09:44.0581 0x0cb4  lmimirr - ok
23:09:44.0597 0x0cb4  LMIRfsClientNP - ok
23:09:44.0612 0x0cb4  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
23:09:44.0628 0x0cb4  LMIRfsDriver - ok
23:09:44.0643 0x0cb4  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:09:44.0659 0x0cb4  LSI_FC - ok
23:09:44.0675 0x0cb4  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:09:44.0675 0x0cb4  LSI_SAS - ok
23:09:44.0690 0x0cb4  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:09:44.0706 0x0cb4  LSI_SCSI - ok
23:09:44.0721 0x0cb4  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:09:44.0737 0x0cb4  luafv - ok
23:09:44.0753 0x0cb4  LVUSBSta - ok
23:09:44.0768 0x0cb4  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:09:44.0784 0x0cb4  Mcx2Svc - ok
23:09:44.0799 0x0cb4  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
23:09:44.0799 0x0cb4  megasas - ok
23:09:44.0831 0x0cb4  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:09:44.0862 0x0cb4  MegaSR - ok
23:09:44.0877 0x0cb4  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
23:09:44.0909 0x0cb4  MMCSS - ok
23:09:44.0924 0x0cb4  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
23:09:44.0940 0x0cb4  Modem - ok
23:09:44.0971 0x0cb4  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:09:44.0987 0x0cb4  monitor - ok
23:09:45.0002 0x0cb4  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:09:45.0018 0x0cb4  mouclass - ok
23:09:45.0018 0x0cb4  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:09:45.0049 0x0cb4  mouhid - ok
23:09:45.0049 0x0cb4  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:09:45.0065 0x0cb4  MountMgr - ok
23:09:45.0111 0x0cb4  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
23:09:45.0127 0x0cb4  MpFilter - ok
23:09:45.0143 0x0cb4  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:09:45.0158 0x0cb4  mpio - ok
23:09:45.0174 0x0cb4  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:09:45.0189 0x0cb4  mpsdrv - ok
23:09:45.0236 0x0cb4  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:09:45.0267 0x0cb4  MpsSvc - ok
23:09:45.0267 0x0cb4  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:09:45.0283 0x0cb4  Mraid35x - ok
23:09:45.0299 0x0cb4  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:09:45.0314 0x0cb4  MRxDAV - ok
23:09:45.0330 0x0cb4  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:09:45.0345 0x0cb4  mrxsmb - ok
23:09:45.0361 0x0cb4  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:09:45.0392 0x0cb4  mrxsmb10 - ok
23:09:45.0392 0x0cb4  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:09:45.0408 0x0cb4  mrxsmb20 - ok
23:09:45.0439 0x0cb4  [ F70590424EEFBF5C27A40C67AFDB8383, 1F2AC1DA12F7E6F09D8F6622EF1366ABD4B86EBE51DD1915E803D56A568A3412 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:09:45.0439 0x0cb4  msahci - ok
23:09:45.0455 0x0cb4  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:09:45.0470 0x0cb4  msdsm - ok
23:09:45.0486 0x0cb4  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
23:09:45.0501 0x0cb4  MSDTC - ok
23:09:45.0517 0x0cb4  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:09:45.0548 0x0cb4  Msfs - ok
23:09:45.0564 0x0cb4  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:09:45.0579 0x0cb4  msisadrv - ok
23:09:45.0595 0x0cb4  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:09:45.0611 0x0cb4  MSiSCSI - ok
23:09:45.0626 0x0cb4  msiserver - ok
23:09:45.0642 0x0cb4  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:09:45.0657 0x0cb4  MSKSSRV - ok
23:09:45.0704 0x0cb4  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:09:45.0720 0x0cb4  MsMpSvc - ok
23:09:45.0720 0x0cb4  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:09:45.0751 0x0cb4  MSPCLOCK - ok
23:09:45.0751 0x0cb4  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:09:45.0767 0x0cb4  MSPQM - ok
23:09:45.0813 0x0cb4  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:09:45.0829 0x0cb4  MsRPC - ok
23:09:45.0845 0x0cb4  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:09:45.0860 0x0cb4  mssmbios - ok
23:09:45.0860 0x0cb4  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:09:45.0891 0x0cb4  MSTEE - ok
23:09:45.0907 0x0cb4  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:09:45.0923 0x0cb4  Mup - ok
23:09:45.0954 0x0cb4  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
23:09:45.0969 0x0cb4  napagent - ok
23:09:46.0016 0x0cb4  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:09:46.0032 0x0cb4  NativeWifiP - ok
23:09:46.0079 0x0cb4  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:09:46.0094 0x0cb4  NDIS - ok
23:09:46.0125 0x0cb4  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:09:46.0141 0x0cb4  NdisTapi - ok
23:09:46.0157 0x0cb4  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:09:46.0172 0x0cb4  Ndisuio - ok
23:09:46.0203 0x0cb4  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:09:46.0235 0x0cb4  NdisWan - ok
23:09:46.0250 0x0cb4  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:09:46.0266 0x0cb4  NDProxy - ok
23:09:46.0281 0x0cb4  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:09:46.0297 0x0cb4  NetBIOS - ok
23:09:46.0313 0x0cb4  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:09:46.0328 0x0cb4  netbt - ok
23:09:46.0344 0x0cb4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
23:09:46.0359 0x0cb4  Netlogon - ok
23:09:46.0375 0x0cb4  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
23:09:46.0406 0x0cb4  Netman - ok
23:09:46.0453 0x0cb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:46.0469 0x0cb4  NetMsmqActivator - ok
23:09:46.0469 0x0cb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:46.0484 0x0cb4  NetPipeActivator - ok
23:09:46.0515 0x0cb4  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
23:09:46.0547 0x0cb4  netprofm - ok
23:09:46.0562 0x0cb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:46.0578 0x0cb4  NetTcpActivator - ok
23:09:46.0578 0x0cb4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:09:46.0593 0x0cb4  NetTcpPortSharing - ok
23:09:46.0625 0x0cb4  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:09:46.0625 0x0cb4  nfrd960 - ok
23:09:46.0671 0x0cb4  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:09:46.0687 0x0cb4  NisDrv - ok
23:09:46.0703 0x0cb4  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
23:09:46.0718 0x0cb4  NisSrv - ok
23:09:46.0734 0x0cb4  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:09:46.0765 0x0cb4  NlaSvc - ok
23:09:46.0781 0x0cb4  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:09:46.0812 0x0cb4  Npfs - ok
23:09:46.0812 0x0cb4  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
23:09:46.0843 0x0cb4  nsi - ok
23:09:46.0859 0x0cb4  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:09:46.0874 0x0cb4  nsiproxy - ok
23:09:46.0937 0x0cb4  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:09:46.0968 0x0cb4  Ntfs - ok
23:09:46.0999 0x0cb4  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:09:47.0030 0x0cb4  ntrigdigi - ok
23:09:47.0046 0x0cb4  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
23:09:47.0061 0x0cb4  Null - ok
23:09:47.0108 0x0cb4  [ 3D7FB57354703809B5F0C23287FAC1D6, C50F170E53C27691CD60DFA2EA980576E7DEFC4136F15A0A29DEEE3B9548022D ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
23:09:47.0124 0x0cb4  NVHDA - ok
23:09:47.0436 0x0cb4  [ B69E6F70CE1151C8D62ABC9DEF64DFBE, B7BD731D1CCF4E71EF1CF4AFA9189C1831306483B4BF57B12B89113A5230871B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:09:47.0717 0x0cb4  nvlddmkm - ok
23:09:47.0779 0x0cb4  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:09:47.0779 0x0cb4  nvraid - ok
23:09:47.0795 0x0cb4  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:09:47.0810 0x0cb4  nvstor - ok
23:09:47.0857 0x0cb4  [ E4284FCF99FEA13A7E1836F87AE356F6, 541C40DD3483810632320E8F23427BB52593D156E876C6023BE7F7A8589383E8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:09:47.0888 0x0cb4  nvsvc - ok
23:09:47.0982 0x0cb4  [ 03E60E0BFA53ED15DC984FA34B44BB0F, 50ABF2E303B9A2B6DDD0DB411C24C3CD6CC30AFA664B5682CF9189F96548CC10 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:09:48.0013 0x0cb4  nvUpdatusService - ok
23:09:48.0044 0x0cb4  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:09:48.0060 0x0cb4  nv_agp - ok
23:09:48.0060 0x0cb4  NwlnkFlt - ok
23:09:48.0060 0x0cb4  NwlnkFwd - ok
23:09:48.0138 0x0cb4  [ 18829AA33A092728ECCD5B5F40EE06B0, 534D779F02AF4A05EA4607B8ED1CCE5D156667783C64D434F8F8560D865A1328 ] O&O Defrag      C:\Windows\system32\oodag.exe
23:09:48.0185 0x0cb4  O&O Defrag - ok
23:09:48.0278 0x0cb4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:09:48.0294 0x0cb4  odserv - ok
23:09:48.0341 0x0cb4  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:09:48.0372 0x0cb4  ohci1394 - ok
23:09:48.0403 0x0cb4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:09:48.0419 0x0cb4  ose - ok
23:09:48.0465 0x0cb4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:09:48.0497 0x0cb4  p2pimsvc - ok
23:09:48.0528 0x0cb4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:09:48.0559 0x0cb4  p2psvc - ok
23:09:48.0590 0x0cb4  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
23:09:48.0621 0x0cb4  Parport - ok
23:09:48.0653 0x0cb4  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:09:48.0668 0x0cb4  partmgr - ok
23:09:48.0668 0x0cb4  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:09:48.0715 0x0cb4  Parvdm - ok
23:09:48.0731 0x0cb4  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:09:48.0746 0x0cb4  PcaSvc - ok
23:09:48.0762 0x0cb4  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
23:09:48.0777 0x0cb4  pci - ok
23:09:48.0793 0x0cb4  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
23:09:48.0793 0x0cb4  pciide - ok
23:09:48.0809 0x0cb4  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:09:48.0824 0x0cb4  pcmcia - ok
23:09:48.0871 0x0cb4  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:09:48.0949 0x0cb4  PEAUTH - ok
23:09:49.0027 0x0cb4  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
23:09:49.0089 0x0cb4  pla - ok
23:09:49.0121 0x0cb4  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:09:49.0152 0x0cb4  PlugPlay - ok
23:09:49.0183 0x0cb4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:09:49.0214 0x0cb4  PNRPAutoReg - ok
23:09:49.0261 0x0cb4  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:09:49.0292 0x0cb4  PNRPsvc - ok
23:09:49.0323 0x0cb4  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:09:49.0339 0x0cb4  PolicyAgent - ok
23:09:49.0370 0x0cb4  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:09:49.0386 0x0cb4  PptpMiniport - ok
23:09:49.0401 0x0cb4  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
23:09:49.0433 0x0cb4  Processor - ok
23:09:49.0448 0x0cb4  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
23:09:49.0479 0x0cb4  ProfSvc - ok
23:09:49.0479 0x0cb4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
23:09:49.0495 0x0cb4  ProtectedStorage - ok
23:09:49.0526 0x0cb4  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:09:49.0542 0x0cb4  PSched - ok
23:09:49.0573 0x0cb4  [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
23:09:49.0589 0x0cb4  PxHelp20 - ok
23:09:49.0651 0x0cb4  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:09:49.0698 0x0cb4  ql2300 - ok
23:09:49.0729 0x0cb4  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:09:49.0745 0x0cb4  ql40xx - ok
23:09:49.0760 0x0cb4  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
23:09:49.0791 0x0cb4  QWAVE - ok
23:09:49.0791 0x0cb4  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:09:49.0807 0x0cb4  QWAVEdrv - ok
23:09:50.0119 0x0cb4  [ 03AC6735672F15CEAAB502E4349286E0, 5467294DD3BFBC91C34F4339126BB3420D1CE3F6A4F4388685E3A26530DAC456 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
23:09:50.0415 0x0cb4  R300 - ok
23:09:50.0462 0x0cb4  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:09:50.0478 0x0cb4  RasAcd - ok
23:09:50.0493 0x0cb4  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
23:09:50.0509 0x0cb4  RasAuto - ok
23:09:50.0525 0x0cb4  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:09:50.0556 0x0cb4  Rasl2tp - ok
23:09:50.0587 0x0cb4  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
23:09:50.0618 0x0cb4  RasMan - ok
23:09:50.0634 0x0cb4  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:09:50.0649 0x0cb4  RasPppoe - ok
23:09:50.0681 0x0cb4  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:09:50.0696 0x0cb4  RasSstp - ok
23:09:50.0727 0x0cb4  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:09:50.0743 0x0cb4  rdbss - ok
23:09:50.0774 0x0cb4  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:09:50.0790 0x0cb4  RDPCDD - ok
23:09:50.0821 0x0cb4  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:09:50.0837 0x0cb4  rdpdr - ok
23:09:50.0852 0x0cb4  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:09:50.0868 0x0cb4  RDPENCDD - ok
23:09:50.0899 0x0cb4  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:09:50.0915 0x0cb4  RDPWD - ok
23:09:50.0946 0x0cb4  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:09:50.0961 0x0cb4  RemoteAccess - ok
23:09:50.0993 0x0cb4  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:09:51.0008 0x0cb4  RemoteRegistry - ok
23:09:51.0024 0x0cb4  RimUsb - ok
23:09:51.0055 0x0cb4  [ D9B34325EE5DF78B8F28A3DE9F577C7D, 20E5655B79A252E012B6FB6DA5F4419DBF2577A9737D4A04BFE6A769D507E00B ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
23:09:51.0055 0x0cb4  RimVSerPort - ok
23:09:51.0071 0x0cb4  [ 75E8A6BFA7374ABA833AE92BF41AE4E6, 5A4CF4CDEFFCC4892D01FF4A5918D91193AA44AA29469B52E83824E6BCC877A5 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
23:09:51.0102 0x0cb4  ROOTMODEM - ok
23:09:51.0102 0x0cb4  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
23:09:51.0117 0x0cb4  RpcLocator - ok
23:09:51.0149 0x0cb4  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
23:09:51.0180 0x0cb4  RpcSs - ok
23:09:51.0195 0x0cb4  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:09:51.0211 0x0cb4  rspndr - ok
23:09:51.0227 0x0cb4  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
23:09:51.0242 0x0cb4  SamSs - ok
23:09:51.0258 0x0cb4  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:09:51.0258 0x0cb4  sbp2port - ok
23:09:51.0289 0x0cb4  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:09:51.0305 0x0cb4  SCardSvr - ok
23:09:51.0351 0x0cb4  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
23:09:51.0383 0x0cb4  Schedule - ok
23:09:51.0398 0x0cb4  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:09:51.0414 0x0cb4  SCPolicySvc - ok
23:09:51.0445 0x0cb4  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:09:51.0461 0x0cb4  SDRSVC - ok
23:09:51.0476 0x0cb4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:09:51.0507 0x0cb4  secdrv - ok
23:09:51.0523 0x0cb4  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
23:09:51.0554 0x0cb4  seclogon - ok
23:09:51.0554 0x0cb4  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
23:09:51.0585 0x0cb4  SENS - ok
23:09:51.0585 0x0cb4  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:09:51.0617 0x0cb4  Serenum - ok
23:09:51.0632 0x0cb4  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
23:09:51.0679 0x0cb4  Serial - ok
23:09:51.0679 0x0cb4  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:09:51.0710 0x0cb4  sermouse - ok
23:09:51.0726 0x0cb4  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:09:51.0757 0x0cb4  SessionEnv - ok
23:09:51.0773 0x0cb4  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:09:51.0788 0x0cb4  sffdisk - ok
23:09:51.0788 0x0cb4  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:09:51.0819 0x0cb4  sffp_mmc - ok
23:09:51.0835 0x0cb4  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:09:51.0851 0x0cb4  sffp_sd - ok
23:09:51.0851 0x0cb4  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:09:51.0897 0x0cb4  sfloppy - ok
23:09:51.0929 0x0cb4  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:09:51.0960 0x0cb4  SharedAccess - ok
23:09:51.0991 0x0cb4  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:09:52.0007 0x0cb4  ShellHWDetection - ok
23:09:52.0022 0x0cb4  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:09:52.0038 0x0cb4  sisagp - ok
23:09:52.0053 0x0cb4  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:09:52.0069 0x0cb4  SiSRaid2 - ok
23:09:52.0069 0x0cb4  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:09:52.0085 0x0cb4  SiSRaid4 - ok
23:09:52.0209 0x0cb4  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
23:09:52.0334 0x0cb4  slsvc - ok
23:09:52.0412 0x0cb4  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:09:52.0428 0x0cb4  SLUINotify - ok
23:09:52.0459 0x0cb4  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:09:52.0475 0x0cb4  Smb - ok
23:09:52.0490 0x0cb4  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:09:52.0506 0x0cb4  SNMPTRAP - ok
23:09:52.0521 0x0cb4  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:09:52.0537 0x0cb4  spldr - ok
23:09:52.0568 0x0cb4  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
23:09:52.0584 0x0cb4  Spooler - ok
23:09:52.0631 0x0cb4  [ 71E276F6D189413266EA22171806597B, AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF ] sptd            C:\Windows\system32\Drivers\sptd.sys
23:09:52.0631 0x0cb4  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B, sha256: AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF
23:09:52.0631 0x0cb4  sptd - detected LockedFile.Multi.Generic ( 1 )
23:09:55.0064 0x0cb4  Detect skipped due to KSN trusted
23:09:55.0064 0x0cb4  sptd - ok
23:09:55.0095 0x0cb4  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:09:55.0127 0x0cb4  srv - ok
23:09:55.0142 0x0cb4  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:09:55.0158 0x0cb4  srv2 - ok
23:09:55.0189 0x0cb4  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:09:55.0189 0x0cb4  srvnet - ok
23:09:55.0220 0x0cb4  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:09:55.0251 0x0cb4  SSDPSRV - ok
23:09:55.0283 0x0cb4  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:09:55.0298 0x0cb4  SstpSvc - ok
23:09:55.0345 0x0cb4  [ BC76D75A372BC02831A6A6AEA66510F8, 98EABF22D16E5326CE4FD4B7092E7A6BD52118698792D98A25C477ACCFDE7FF6 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
23:09:55.0376 0x0cb4  Steam Client Service - ok
23:09:55.0439 0x0cb4  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:09:55.0454 0x0cb4  Stereo Service - ok
23:09:55.0485 0x0cb4  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
23:09:55.0517 0x0cb4  stisvc - ok
23:09:55.0548 0x0cb4  [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:09:55.0563 0x0cb4  stllssvr - ok
23:09:55.0579 0x0cb4  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:09:55.0595 0x0cb4  swenum - ok
23:09:55.0626 0x0cb4  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
23:09:55.0657 0x0cb4  swprv - ok
23:09:55.0657 0x0cb4  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:09:55.0673 0x0cb4  Symc8xx - ok
23:09:55.0688 0x0cb4  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:09:55.0688 0x0cb4  Sym_hi - ok
23:09:55.0704 0x0cb4  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:09:55.0719 0x0cb4  Sym_u3 - ok
23:09:55.0766 0x0cb4  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
23:09:55.0797 0x0cb4  SysMain - ok
23:09:55.0829 0x0cb4  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:09:55.0844 0x0cb4  TabletInputService - ok
23:09:55.0860 0x0cb4  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:09:55.0891 0x0cb4  TapiSrv - ok
23:09:55.0907 0x0cb4  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
23:09:55.0922 0x0cb4  TBS - ok
23:09:55.0985 0x0cb4  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:09:56.0016 0x0cb4  Tcpip - ok
23:09:56.0063 0x0cb4  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:09:56.0094 0x0cb4  Tcpip6 - ok
23:09:56.0125 0x0cb4  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:09:56.0125 0x0cb4  tcpipreg - ok
23:09:56.0156 0x0cb4  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:09:56.0172 0x0cb4  TDPIPE - ok
23:09:56.0172 0x0cb4  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:09:56.0203 0x0cb4  TDTCP - ok
23:09:56.0234 0x0cb4  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:09:56.0250 0x0cb4  tdx - ok
23:09:56.0265 0x0cb4  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:09:56.0281 0x0cb4  TermDD - ok
23:09:56.0328 0x0cb4  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
23:09:56.0343 0x0cb4  TermService - ok
23:09:56.0359 0x0cb4  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
23:09:56.0390 0x0cb4  Themes - ok
23:09:56.0390 0x0cb4  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:09:56.0421 0x0cb4  THREADORDER - ok
23:09:56.0437 0x0cb4  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
23:09:56.0468 0x0cb4  TrkWks - ok
23:09:56.0499 0x0cb4  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:09:56.0531 0x0cb4  TrustedInstaller - ok
23:09:56.0546 0x0cb4  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:56.0562 0x0cb4  tssecsrv - ok
23:09:56.0577 0x0cb4  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:09:56.0593 0x0cb4  tunmp - ok
23:09:56.0624 0x0cb4  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:09:56.0640 0x0cb4  tunnel - ok
23:09:56.0655 0x0cb4  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:09:56.0655 0x0cb4  uagp35 - ok
23:09:56.0687 0x0cb4  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:09:56.0718 0x0cb4  udfs - ok
23:09:56.0718 0x0cb4  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:09:56.0749 0x0cb4  UI0Detect - ok
23:09:56.0765 0x0cb4  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:09:56.0780 0x0cb4  uliagpkx - ok
23:09:56.0796 0x0cb4  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:09:56.0811 0x0cb4  uliahci - ok
23:09:56.0843 0x0cb4  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:09:56.0858 0x0cb4  UlSata - ok
23:09:56.0874 0x0cb4  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:09:56.0874 0x0cb4  ulsata2 - ok
23:09:56.0889 0x0cb4  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:09:56.0905 0x0cb4  umbus - ok
23:09:56.0936 0x0cb4  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
23:09:56.0967 0x0cb4  upnphost - ok
23:09:56.0999 0x0cb4  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:09:57.0014 0x0cb4  USBAAPL - ok
23:09:57.0045 0x0cb4  [ 32DB9517628FF0D070682AAB61E688F0, F9EF8D0D55DABF00E79B0EFE689C6662430B59093A6C7EACB2069DC70B1FDCC5 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:09:57.0061 0x0cb4  usbaudio - ok
23:09:57.0077 0x0cb4  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:57.0092 0x0cb4  usbccgp - ok
23:09:57.0123 0x0cb4  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:09:57.0155 0x0cb4  usbcir - ok
23:09:57.0186 0x0cb4  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:09:57.0201 0x0cb4  usbehci - ok
23:09:57.0217 0x0cb4  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:09:57.0233 0x0cb4  usbhub - ok
23:09:57.0248 0x0cb4  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:09:57.0295 0x0cb4  usbohci - ok
23:09:57.0295 0x0cb4  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:09:57.0326 0x0cb4  usbprint - ok
23:09:57.0357 0x0cb4  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:09:57.0373 0x0cb4  usbscan - ok
23:09:57.0389 0x0cb4  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:09:57.0404 0x0cb4  USBSTOR - ok
23:09:57.0435 0x0cb4  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:09:57.0451 0x0cb4  usbuhci - ok
23:09:57.0467 0x0cb4  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
23:09:57.0482 0x0cb4  UxSms - ok
23:09:57.0513 0x0cb4  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
23:09:57.0545 0x0cb4  vds - ok
23:09:57.0591 0x0cb4  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:57.0607 0x0cb4  vga - ok
23:09:57.0623 0x0cb4  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:09:57.0638 0x0cb4  VgaSave - ok
23:09:57.0654 0x0cb4  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:09:57.0669 0x0cb4  viaagp - ok
23:09:57.0685 0x0cb4  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:09:57.0701 0x0cb4  ViaC7 - ok
23:09:57.0701 0x0cb4  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
23:09:57.0716 0x0cb4  viaide - ok
23:09:57.0732 0x0cb4  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:09:57.0747 0x0cb4  volmgr - ok
23:09:57.0779 0x0cb4  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:09:57.0794 0x0cb4  volmgrx - ok
23:09:57.0810 0x0cb4  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:09:57.0825 0x0cb4  volsnap - ok
23:09:57.0841 0x0cb4  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:09:57.0857 0x0cb4  vsmraid - ok
23:09:57.0903 0x0cb4  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
23:09:57.0950 0x0cb4  VSS - ok
23:09:57.0981 0x0cb4  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
23:09:58.0013 0x0cb4  W32Time - ok
23:09:58.0028 0x0cb4  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:09:58.0059 0x0cb4  WacomPen - ok
23:09:58.0075 0x0cb4  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:09:58.0091 0x0cb4  Wanarp - ok
23:09:58.0106 0x0cb4  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:09:58.0122 0x0cb4  Wanarpv6 - ok
23:09:58.0153 0x0cb4  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:09:58.0184 0x0cb4  wcncsvc - ok
23:09:58.0215 0x0cb4  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:09:58.0231 0x0cb4  WcsPlugInService - ok
23:09:58.0247 0x0cb4  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
23:09:58.0262 0x0cb4  Wd - ok
23:09:58.0293 0x0cb4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:09:58.0325 0x0cb4  Wdf01000 - ok
23:09:58.0340 0x0cb4  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:09:58.0371 0x0cb4  WdiServiceHost - ok
23:09:58.0371 0x0cb4  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:09:58.0403 0x0cb4  WdiSystemHost - ok
23:09:58.0434 0x0cb4  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
23:09:58.0449 0x0cb4  WebClient - ok
23:09:58.0465 0x0cb4  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:09:58.0496 0x0cb4  Wecsvc - ok
23:09:58.0512 0x0cb4  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:09:58.0527 0x0cb4  wercplsupport - ok
23:09:58.0559 0x0cb4  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:09:58.0574 0x0cb4  WerSvc - ok
23:09:58.0621 0x0cb4  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:09:58.0637 0x0cb4  WinDefend - ok
23:09:58.0652 0x0cb4  WinHttpAutoProxySvc - ok
23:09:58.0683 0x0cb4  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:09:58.0699 0x0cb4  Winmgmt - ok
23:09:58.0761 0x0cb4  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:09:58.0808 0x0cb4  WinRM - ok
23:09:58.0871 0x0cb4  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:09:58.0902 0x0cb4  Wlansvc - ok
23:09:58.0995 0x0cb4  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:09:59.0042 0x0cb4  wlidsvc - ok
23:09:59.0105 0x0cb4  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:09:59.0120 0x0cb4  WmiAcpi - ok
23:09:59.0151 0x0cb4  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:09:59.0167 0x0cb4  wmiApSrv - ok
23:09:59.0229 0x0cb4  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:09:59.0276 0x0cb4  WMPNetworkSvc - ok
23:09:59.0323 0x0cb4  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:09:59.0339 0x0cb4  WPCSvc - ok
23:09:59.0354 0x0cb4  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:09:59.0370 0x0cb4  WPDBusEnum - ok
23:09:59.0401 0x0cb4  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:09:59.0417 0x0cb4  WpdUsb - ok
23:09:59.0479 0x0cb4  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:09:59.0510 0x0cb4  WPFFontCache_v0400 - ok
23:09:59.0541 0x0cb4  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:09:59.0557 0x0cb4  ws2ifsl - ok
23:09:59.0588 0x0cb4  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:09:59.0604 0x0cb4  wscsvc - ok
23:09:59.0604 0x0cb4  WSearch - ok
23:09:59.0697 0x0cb4  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:09:59.0760 0x0cb4  wuauserv - ok
23:09:59.0807 0x0cb4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:09:59.0822 0x0cb4  WudfPf - ok
23:09:59.0900 0x0cb4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:59.0916 0x0cb4  WUDFRd - ok
23:09:59.0978 0x0cb4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:09:59.0994 0x0cb4  wudfsvc - ok
23:10:00.0041 0x0cb4  ================ Scan global ===============================
23:10:00.0056 0x0cb4  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:10:00.0103 0x0cb4  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:10:00.0181 0x0cb4  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:10:00.0259 0x0cb4  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
23:10:00.0275 0x0cb4  [ Global ] - ok
23:10:00.0275 0x0cb4  ================ Scan MBR ==================================
23:10:00.0290 0x0cb4  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:10:01.0055 0x0cb4  \Device\Harddisk0\DR0 - ok
23:10:01.0055 0x0cb4  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
23:10:01.0117 0x0cb4  \Device\Harddisk1\DR1 - ok
23:10:01.0117 0x0cb4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:10:01.0757 0x0cb4  \Device\Harddisk2\DR2 - ok
23:10:01.0757 0x0cb4  ================ Scan VBR ==================================
23:10:01.0788 0x0cb4  [ 8F5E274BE430BB5D1329DB5134B8AD71 ] \Device\Harddisk0\DR0\Partition1
23:10:01.0803 0x0cb4  \Device\Harddisk0\DR0\Partition1 - ok
23:10:01.0835 0x0cb4  [ 3860EE19E1CFF336712AB8A5E48A0572 ] \Device\Harddisk0\DR0\Partition2
23:10:01.0850 0x0cb4  \Device\Harddisk0\DR0\Partition2 - ok
23:10:01.0850 0x0cb4  [ A73A8CFF34EBC922196E6FC318EA96DC ] \Device\Harddisk1\DR1\Partition1
23:10:01.0850 0x0cb4  \Device\Harddisk1\DR1\Partition1 - ok
23:10:01.0850 0x0cb4  [ 5DB2964D79F1D8BF196A1BFF5708EE05 ] \Device\Harddisk2\DR2\Partition1
23:10:01.0944 0x0cb4  \Device\Harddisk2\DR2\Partition1 - ok
23:10:01.0944 0x0cb4  ================ Scan generic autorun ======================
23:10:01.0991 0x0cb4  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:10:02.0022 0x0cb4  Windows Defender - ok
23:10:02.0209 0x0cb4  [ B503285B5D1CAC5AE445D60C690DCFF9, FE62BEC9A594B1D7BFE597EF1F4713C038E7F4A6231A307D5FF3A70AF8BC01A1 ] C:\Windows\RtHDVCpl.exe
23:10:02.0365 0x0cb4  RtHDVCpl - ok
23:10:02.0396 0x0cb4  [ 806DB5F4FC5185AFC608E881979CC25F, B4991488DB86C84D5B2EB7F900541CBB094A87877DD82CB39411B59DA174B3F2 ] C:\Windows\system32\igfxtray.exe
23:10:02.0412 0x0cb4  IgfxTray - ok
23:10:02.0427 0x0cb4  [ D4975555E91636FCF4809E51731F80D8, 5A24C4C38B3ADD25F04A9E327314B23F1A7C63C44C4EB78AC234049FBFB60217 ] C:\Windows\system32\hkcmd.exe
23:10:02.0443 0x0cb4  HotKeysCmds - ok
23:10:02.0459 0x0cb4  [ CD12A46AE81306C2F14B19A58E1058B0, 699573D9C5C109813EFDA73283F9274300888002239831073FB164F91640EF65 ] C:\Windows\system32\igfxpers.exe
23:10:02.0474 0x0cb4  Persistence - ok
23:10:02.0568 0x0cb4  [ C881A5E34F0D897B680B45D5539D2260, 8B7A106DF08918932CF22114FCFA22A1E7006DCC7BAB526FF56B7452065F2443 ] C:\Windows\system32\oodtray.exe
23:10:02.0646 0x0cb4  OODefragTray - ok
23:10:02.0724 0x0cb4  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\QTTask.exe
23:10:02.0739 0x0cb4  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
23:10:05.0204 0x0cb4  Detect skipped due to KSN trusted
23:10:05.0204 0x0cb4  QuickTime Task - ok
23:10:05.0282 0x0cb4  [ F0CE006E1D14F45959985A05F8E81204, D9FE67DB4CEDB3B09A48C305DDE983A15695EE41C68CE222880D002C0D5D7688 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:10:05.0298 0x0cb4  APSDaemon - ok
23:10:05.0469 0x0cb4  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] C:\Program Files\Microsoft Security Client\msseces.exe
23:10:05.0532 0x0cb4  MSC - ok
23:10:05.0703 0x0cb4  [ 60E4C77E510DD63DB51331D864CF510B, D0E6A0BCF489AF67E26F64A30F344982ED9446DA245F75F872AECDDA169B5D7A ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:10:05.0719 0x0cb4  StartCCC - ok
23:10:05.0781 0x0cb4  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files\iTunes\iTunesHelper.exe
23:10:05.0797 0x0cb4  iTunesHelper - ok
23:10:06.0125 0x0cb4  [ EA0CE8F77F1272A3D97C70BF3CE457F7, 2E9D95CE9103FBD74D3D9671341E1258C41320B6AE1BF996C41D0813BECB84CD ] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
23:10:06.0203 0x0cb4  iSkysoft Helper Compact.exe - detected UnsignedFile.Multi.Generic ( 1 )
23:10:08.0823 0x0cb4  Detect skipped due to KSN trusted
23:10:08.0823 0x0cb4  iSkysoft Helper Compact.exe - ok
23:10:08.0901 0x0cb4  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:10:08.0948 0x0cb4  Sidebar - ok
23:10:08.0948 0x0cb4  WindowsWelcomeCenter - ok
23:10:08.0995 0x0cb4  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:10:09.0042 0x0cb4  Sidebar - ok
23:10:09.0057 0x0cb4  WindowsWelcomeCenter - ok
23:10:09.0089 0x0cb4  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:10:09.0104 0x0cb4  ehTray.exe - ok
23:10:09.0198 0x0cb4  [ 4BDCB1E05064D3997B4E9DF734FC7A61, 2E90B15A28BF4AD471618987984B1A27F1BEBAD16EDF428B9715CF626F527420 ] C:\Program Files\Steam\Steam.exe
23:10:09.0260 0x0cb4  Steam - ok
23:10:09.0463 0x0cb4  [ 2E4EE47FBD9BB663A5220DBC38579986, 264A48ADA13FEC6F49F34C3118ABFFEEB569B631E9EE35168FE19DE78AF9C7C8 ] C:\Program Files\CCleaner\CCleaner.exe
23:10:09.0603 0x0cb4  CCleaner Monitoring - ok
23:10:09.0697 0x0cb4  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:10:09.0744 0x0cb4  Sidebar - ok
23:10:09.0806 0x0cb4  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:10:09.0853 0x0cb4  Sidebar - ok
23:10:09.0900 0x0cb4  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:10:09.0947 0x0cb4  Sidebar - ok
23:10:09.0947 0x0cb4  Waiting for KSN requests completion. In queue: 28
23:10:10.0961 0x0cb4  Waiting for KSN requests completion. In queue: 28
23:10:11.0975 0x0cb4  Waiting for KSN requests completion. In queue: 28
23:10:12.0989 0x0cb4  Waiting for KSN requests completion. In queue: 20
23:10:14.0003 0x0cb4  Waiting for KSN requests completion. In queue: 20
23:10:15.0017 0x0cb4  Waiting for KSN requests completion. In queue: 20
23:10:16.0031 0x0cb4  Waiting for KSN requests completion. In queue: 20
23:10:17.0045 0x0cb4  Waiting for KSN requests completion. In queue: 20
23:10:18.0059 0x0cb4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
23:10:18.0074 0x0cb4  Win FW state via NFP2: enabled
23:10:31.0085 0x0cb4  ============================================================
23:10:31.0085 0x0cb4  Scan finished
23:10:31.0085 0x0cb4  ============================================================
23:10:31.0085 0x16cc  Detected object count: 0
23:10:31.0085 0x16cc  Actual detected object count: 0
23:15:25.0535 0x0798  Deinitialize success
 

 

 



#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 21 December 2014 - 12:47 AM

The machine appears to be running similarly as before. Perhaps faster, but I can't tell. There are still a bunch of processes running in the task manager, but I don't see AVG there anymore. Do you see anything else that's slowing it down? I have not yet tried anything too memory-consuming so I'm not sure what's there or not.


Let's get a fresh look with FRST to make sure that all the running processes are legitimate before moving on. :thumbup2:

Please start FRST and press the Scan button. Once it's finished, it will produce one log called FRST.txt. Please post that log in your next reply.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 ichy076

ichy076
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 22 December 2014 - 03:06 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014
Ran by Mark (administrator) on M-PC on 22-12-2014 02:04:36
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O&O Software GmbH) C:\Windows\System32\oodag.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(O&O Software GmbH) C:\Windows\System32\oodtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Windows\system32\oodtray.exe [2553088 2009-02-25] (O&O Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1813928 2013-10-08] (Valve Corporation)
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\MountPoints2: {38e5aae6-926e-11dd-9faf-00219b0a777b} - I:\LaunchU3.exe -a
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080828
HKU\S-1-5-21-476263150-473887440-2589625196-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> DefaultScope {1A2461E4-CAB9-4E03-B2EE-EDDECB685D70} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKU\S-1-5-21-476263150-473887440-2589625196-1000 -> {1A2461E4-CAB9-4E03-B2EE-EDDECB685D70} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=242154&p=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\searchplugins\yahoo_ff.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-16]
FF Extension: Test Pilot - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\b8131voy.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-07]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF HKU\S-1-5-21-476263150-473887440-2589625196-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-11-16]

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-02]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-02]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-02]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-02]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-02]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 O&O Defrag; C:\Windows\system32\oodag.exe [1352960 2009-02-25] (O&O Software GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [81936 2011-06-06] (Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-10-30] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-09-05] () [File not signed]
U3 aqogz35t; C:\Windows\system32\Drivers\aqogz35t.sys [0 ] (Microsoft Corporation)
S3 CamDrL; system32\DRIVERS\Camdrl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 02:04 - 2014-12-22 02:04 - 00013663 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-12-21 20:27 - 2014-12-21 20:28 - 00000000 ____D () C:\Users\Mark\Desktop\30th B-day!!
2014-12-21 20:25 - 2014-12-21 20:27 - 00000000 ____D () C:\Users\Mark\Desktop\30th Bday Party (Innas)
2014-12-21 20:21 - 2014-12-21 20:24 - 00000000 ____D () C:\Users\Mark\Desktop\2014
2014-12-21 20:15 - 2014-12-21 23:20 - 00000000 ____D () C:\Users\Mark\Desktop\BM 2014
2014-12-20 23:40 - 2014-12-20 23:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-20 23:40 - 2014-12-20 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-20 23:40 - 2014-12-20 23:40 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-20 23:34 - 2014-12-20 23:34 - 00000000 ____D () C:\ProgramData\Sun
2014-12-20 23:33 - 2014-12-20 23:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-20 23:30 - 2014-12-20 23:31 - 29727656 _____ (Oracle Corporation) C:\Users\Mark\Desktop\jre-8u25-windows-i586.exe
2014-12-20 22:55 - 2014-12-20 22:55 - 00000965 _____ () C:\Users\Mark\Desktop\AdwCleaner[S1].txt
2014-12-20 22:49 - 2014-12-20 22:50 - 00000641 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-12-20 22:43 - 2014-12-20 22:43 - 00000000 ____D () C:\Users\Mark\Desktop\FRST-OlderVersion
2014-12-20 22:41 - 2014-12-20 22:41 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\tdsskiller.exe
2014-12-20 22:32 - 2014-12-20 22:52 - 00000000 ____D () C:\AdwCleaner
2014-12-20 22:32 - 2014-12-20 22:32 - 02166272 _____ () C:\Users\Mark\Desktop\AdwCleaner.exe
2014-12-20 22:27 - 2014-12-20 22:27 - 01707646 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-12-20 22:27 - 2014-12-20 22:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-14 15:47 - 2014-12-14 15:48 - 00023433 _____ () C:\Users\Mark\Desktop\Addition.txt
2014-12-14 15:41 - 2014-12-22 02:04 - 00000000 ____D () C:\FRST
2014-12-14 15:41 - 2014-12-20 22:43 - 01113600 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2014-12-13 18:38 - 2014-12-13 18:38 - 00076120 _____ () C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 18:35 - 2014-12-20 22:52 - 00030050 _____ () C:\Windows\PFRO.log
2014-12-13 18:35 - 2014-12-13 18:36 - 00303336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-12 00:42 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 00:42 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 00:36 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-11 22:15 - 2014-12-11 22:15 - 00001091 _____ () C:\Users\Mark\Desktop\malware.txt
2014-12-11 22:03 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 22:03 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 22:03 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 22:03 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 22:03 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 22:03 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 22:03 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 22:03 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 22:03 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 22:03 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 22:03 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 22:03 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-11 22:03 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-11 21:47 - 2014-12-11 21:48 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 21:47 - 2014-12-11 21:47 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 21:47 - 2014-12-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 21:46 - 2014-12-11 21:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-11 21:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 21:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 21:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 17:15 - 2014-11-27 17:15 - 00008870 _____ () C:\Users\Mark\Desktop\hijackthis.log
2014-11-27 17:14 - 2014-11-27 17:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mark\Desktop\HijackThis.exe
2014-11-22 00:33 - 2014-10-23 19:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 02:04 - 2013-10-29 19:29 - 00000000 ____D () C:\Program Files\Steam
2014-12-22 02:03 - 2014-11-02 13:56 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 02:03 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 02:03 - 2006-11-02 06:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 02:03 - 2006-11-02 06:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 02:02 - 2012-02-26 09:11 - 01956468 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 02:02 - 2009-05-26 07:04 - 02651052 _____ () C:\Windows\system32\oodbs.lor
2014-12-22 02:02 - 2008-09-05 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 02:02 - 2006-11-02 07:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 01:08 - 2014-11-02 13:56 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 20:18 - 2006-11-02 04:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 20:16 - 2009-09-26 12:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Azureus
2014-12-21 20:10 - 2013-02-01 23:32 - 00000000 ____D () C:\Users\Mark\Desktop\Souren's pix from Tahoe
2014-12-21 19:40 - 2012-03-02 18:53 - 00000000 ____D () C:\Users\Mark\Desktop\Limewire
2014-12-20 23:39 - 2008-08-27 17:18 - 00000000 ____D () C:\Program Files\Java
2014-12-20 23:33 - 2008-08-27 17:19 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-20 23:33 - 2008-08-27 17:19 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-20 23:33 - 2008-08-27 17:19 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-13 19:08 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2014-12-12 00:43 - 2008-10-05 01:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 00:41 - 2013-08-12 22:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 00:38 - 2006-11-02 04:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-11 22:30 - 2014-11-02 14:16 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 21:46 - 2009-10-17 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 09:39 - 2011-04-15 20:21 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-06 09:39 - 2008-11-25 00:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-27 17:14 - 2008-09-05 17:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\i4jdel0.exe
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe
C:\Users\Mark\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-21 19:11

==================== End Of Log ============================



#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 22 December 2014 - 07:44 AM

I will post all the logs in a second. The machine appears to be running similarly as before. Perhaps faster, but I can't tell. There are still a bunch of processes running in the task manager, but I don't see AVG there anymore. Do you see anything else that's slowing it down? I have not yet tried anything too memory-consuming so I'm not sure what's there or not.


Has there been any improvement in the performance of the macine? I don't see anything in the running processes that isn't legitimate. Let's run some more scans to search for remnants, and out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan file at VirusTotal

There's a file running that I can find no information on, even though it says it's a Microsoft file. Please follow the instructions below to upload it to VirusTotal for scanning.
  • Please go to VirusTotal.org by clicking here
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select the file that is listed in that location.

    C:\Windows\system32\Drivers\aqogz35t.sys

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please post the report in your next reply.
  • Step 2: Scan with Malwarebytes


    Please download Malwarebytes Anti-Malware to your desktop
    Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits

    MBAMsettings_zpsb6b9ada0.jpg

    Go back to the Dashboard and select Scan Now

    MBAMScan_zps8ba7d192.jpg

    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

    MBAMReboot_zps9089ab30.jpg

    MBAMLog_zpsade07f42.jpg

    On completion of the scan (or after the reboot), start MBAM,

    Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

    Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



    Step 3: Scan with ESET Online Scanner


    Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

    Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

    If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

    Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
    • Select the option YES, I accept the Terms of Use then click on Start
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Now click on Start
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • Now click on Finish
    • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Step 4: SecurityCheck Scan


    Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    Things I need to see in your next post:
    • ESET Scan Log
    • MBAM Log
    • SecurityCheck Log
    • VirusTotal Report

Edited by pystryker, 22 December 2014 - 07:48 AM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 ichy076

ichy076
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 23 December 2014 - 12:02 AM

Before I move to step two. I cannot find the file you mention in step 1. That aqogz35t.sys file is not in the drivers folder you are referring to. I do not see it at all. I did a search for that file and it does not exist either. What to do now?



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 23 December 2014 - 03:42 AM

It's ok, proceed with the next steps.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 ichy076

ichy076
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 24 December 2014 - 01:38 AM

Two problems. 1)Virus Total did not find the file you referenced per the last post I made. 2) ESET did not run properly. It froze 4 times. It just stopped continuing to scan and stood still. It did initially detect 1 file prior to freezing (some kind of toolbar file), but upon re-running it did not find it. Took 3 hours to do so and never completed the scan. I do want to note that I have run ESET on this machine in the past without issue, so I don't know why it did not complete this time. Here are two logs I could get:

 

1_ MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/23/2014
Scan Time: 9:53:49 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.24.01
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368668
Time Elapsed: 12 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

2) Security check:

 

 Results of screen317's Security Check version 0.99.93 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Mozilla Firefox 14.0 Firefox out of Date! 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 24 December 2014 - 01:41 PM

Two problems. 1)Virus Total did not find the file you referenced per the last post I made. 2) ESET did not run properly. It froze 4 times. It just stopped continuing to scan and stood still. It did initially detect 1 file prior to freezing (some kind of toolbar file), but upon re-running it did not find it. Took 3 hours to do so and never completed the scan. I do want to note that I have run ESET on this machine in the past without issue, so I don't know why it did not complete this time. Here are two logs I could get:


Some times ESET can take 24 hours or longer to run a scan, depending on the machine. But we'll take a look with a different scanner just to be sure. That MBAM log looks good, and only a couple of items need updating after we're done.

How is the machine running?


Scan with Panda Cloud Cleaner

Download Panda Cloud Cleaner and save it to your desktop.

Alternate download sites are here and here.
  • Double-click on PandaCloudCleaner.exe >> when the Setup - Panda Cloud Cleaner window has loaded >> Next > >> Next >
  • Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
  • Please be patient as the scan may take some time to complete depending on your system's specifications.
  • Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
  • Now within the GUI click on the >(or any or them if multiple) tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
  • Save this to your desktop and post the contents in your next reply.
  • Then click on Back >> Exit
Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.


Things I need to see in your next post

PCloudCleaner.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users