Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee techs cannot load my antivirus software. Am I infected?


  • This topic is locked This topic is locked
20 replies to this topic

#1 asmhatinviruses

asmhatinviruses

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 05 January 2015 - 05:48 PM

I had McAfee's Total Protection antivirus until it expired on 1/2.  I renewed the subscription on 1/3 and attempted to load it as it was a downloadable program.  The installation failed.  Subsequently, I contacted the McAfee technicials for assistance.  First one, then another, finally the tier 2 support tech each tried to help get the software loaded but it failed each time.  I have backed up my files and ran the DDS process.  Here are the results.  What do you recommend I do?  They do offer paid help but I can't understand why they would not be able to get it to run with the resources they have.  I have invested hours in getting the update loaded.  Thanks in advance for any help or guidance. 

 

Best,

Alan

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16599  BrowserJavaVersion: 10.67.2
Run by Bestbuy at 14:31:44 on 2015-01-05
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3325.1288 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Garmin\gStart.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\jusched.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\windowspowershell\v1.0\powershell.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://comcast.net/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: D-Link Toolbar: {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - c:\program files\d-link toolbar\dlinktb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
uRun: [gStart] c:\program files\garmin\gStart.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Ovbphdt] regsvr32.exe /s "c:\users\bestbuy\appdata\local\apps\Ovbphdt.dll"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [NeroCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [AmazonGSDownloaderTray] "c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}] "c:\programdata\microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mExplorerRun: [{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}] "c:\programdata\microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001055-0002-0055-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0F548ED-9E7A-49C2-BA6E-C55BF3DAF374} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DD6BD99A-744E-47FA-9627-174C8B8D5A44} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Notify: DfLogon - LogonDll.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\896\G2AWinLogon.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-3-26 317440]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2015-1-4 67584]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-11-10 1129344]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2002-9-19 528896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2014-3-11 227904]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADLTScriptFile="c:\windows\system32\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-05 09:26:06 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5745c84e-2258-4b2c-ac63-b1046f7382cb}\offreg.dll
2015-01-05 00:47:49 -------- d-----w- c:\program files\Cobian Backup 11
2015-01-04 23:18:54 179608 ------w- c:\windows\system32\mfevtps.exe.28c9.deleteme
2015-01-04 23:18:52 -------- d-----w- c:\program files\common files\McAfee
2015-01-04 06:37:37 9054624 ------w- c:\programdata\microsoft\windows defender\definition updates\{5745c84e-2258-4b2c-ac63-b1046f7382cb}\mpengine.dll
2015-01-04 05:37:02 -------- d-----w- c:\programdata\Citrix
2015-01-03 19:59:46 269369 ------w- c:\programdata\microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe
2014-12-30 20:27:56 89600 ------w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2014-12-26 08:08:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-26 08:07:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-26 08:00:52 278528 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M  ====================
.
2015-01-04 15:53:29 103832 ------w- c:\users\bestbuy\GoToAssistDownloadHelper.exe
2014-11-24 20:44:32 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40:49 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-24 19:04:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-18 19:56:48 1202848 ------w- c:\windows\system32\FM20.DLL
2014-10-24 01:04:29 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-24 01:03:40 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-12 23:34:54 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-10 01:01:27 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-10-10 01:00:34 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-10 01:00:27 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-09 23:22:16 619520 ----a-w- c:\windows\system32\adtschema.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HDT725032VLA380 rev.V54OA7BA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys USBPORT.SYS usbohci.sys win32k.sys
1 nt!IofCallDriver[0x8347915F] -> \Device\Harddisk0\DR0[0x8699D210]
3 CLASSPNP[0x8C5A28B3] -> nt!IofCallDriver[0x8347915F] -> [0x861EA918]
5 acpi[0x8BDDE6A0] -> nt!IofCallDriver[0x8347915F] -> \Device\Ide\IdeDeviceP3T1L0-4[0x861C7030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user != kernel MBR !!!
.
============= FINISH: 14:32:46.79 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 06 January 2015 - 04:57 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 09 January 2015 - 01:25 PM

Thank you Marius.  Sorry for the delay.  Your email went to my spam folder and I just saw your post last night.  I have run the scans and attachments will be posted as directed. 

 

Alan



#4 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 09 January 2015 - 01:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Bestbuy (administrator) on AR40VTBQGDH on 09-01-2015 10:52:56
Running from C:\Users\Bestbuy\Desktop
Loaded Profile: Bestbuy (Available profiles: Bestbuy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(GARMIN Corp.) C:\Program Files\Garmin\gStart.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sun Microsystems, Inc.) C:\Windows\System32\jusched.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\457\g2mmaterials.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
(Google Inc.) C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Google Inc.) C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
(Google Inc.) C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
(Google Inc.) C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\dasueoo.exe
(Farbar) C:\Users\Bestbuy\Desktop\FRST32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AmazonGSDownloaderTray] => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [246272 2009-02-02] (Amazon.com)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [220336 2010-07-01] (CyberLink Corp.)
HKLM\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-01-03] (RealNetworks, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}] => C:\ProgramData\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe [269369 2015-01-03] ()
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-10-09] (soft thinks)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
Winlogon\Notify\DfLogon: LogonDll.dll [X]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}] => C:\ProgramData\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe [269369 2015-01-03] ( ())
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-03] (Google Inc.)
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [gStart] => C:\Program Files\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [6123032 2011-06-01] (Logitech Inc.)
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Run: [Ovbphdt] => regsvr32.exe /s "C:\Users\Bestbuy\AppData\Local\Unity\Ovbphdt.dll" <===== ATTENTION
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\MountPoints2: {749ec508-96f5-11dc-8eab-806e6f6e6963} - F:\SETUP.EXE
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\MountPoints2: {952773ca-7e97-11df-93dd-001bb9fd6209} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\MountPoints2: {ebca9b72-c914-11d6-8ce4-806e6f6e6963} - F:\FF.exe
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
SearchScopes: HKLM -> {43431479-FB37-43ED-BC18-6148118F8870} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {E7BBB973-E60A-4AD3-B310-CB7C16B18DC1} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> DefaultScope {FB2008E7-72C4-4838-8A06-00A410F9438A} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140110&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> {43431479-FB37-43ED-BC18-6148118F8870} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={6601FF54-87A2-43A8-9578-500C77090486}&mid=52bc58da2bc647d29598063ef2ccad42-2e89aa1158815333cc0a980161ca33ebebd785e8&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-16 21:11:19&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> {E7BBB973-E60A-4AD3-B310-CB7C16B18DC1} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> {FB2008E7-72C4-4838-8A06-00A410F9438A} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140110&p={SearchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: D-Link Toolbar Loader -> {f01858c7-2a68-4d93-9e22-502eae3917c2} -> C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKLM - D-Link Toolbar - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
Toolbar: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000 -> D-Link Toolbar - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-03]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-16]
CHR Extension: (Google Drive) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-04]
CHR Extension: (YouTube) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Google Search) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (SiteAdvisor) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-04]
CHR Extension: (RealDownloader) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Gmail) - C:\Users\Bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [317440 2009-02-02] (Amazon.com) [File not signed]
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dump_wmimmc; \??\C:\Nexon\MapleStory Beginner Version\GameGuard\dump_wmimmc.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
S2 npkcrypt; \??\C:\Nexon\MapleStory Beginner Version\npkcrypt.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U3 mbr; \??\C:\Users\Bestbuy\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 10:52 - 2015-01-09 10:55 - 00027869 _____ () C:\Users\Bestbuy\Desktop\FRST.txt
2015-01-09 10:51 - 2015-01-09 10:53 - 00000000 ____D () C:\FRST
2015-01-09 10:47 - 2015-01-09 10:47 - 01115648 _____ (Farbar) C:\Users\Bestbuy\Desktop\FRST32.exe
2015-01-06 03:00 - 2015-01-06 03:00 - 00000000 ____D () C:\Windows\CheckSur
2015-01-05 14:34 - 2015-01-05 14:34 - 00010367 _____ () C:\Users\Bestbuy\Desktop\attach.txt
2015-01-05 14:34 - 2015-01-05 14:32 - 00017279 _____ () C:\Users\Bestbuy\Desktop\dds.txt
2015-01-05 14:30 - 2015-01-05 14:30 - 00688992 ____R (Swearware) C:\Users\Bestbuy\Desktop\dds.com
2015-01-05 13:27 - 2015-01-05 13:27 - 00074316 _____ () C:\Users\Bestbuy\Desktop\sfcdetails.txt
2015-01-04 19:48 - 2015-01-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-01-04 19:47 - 2015-01-04 19:48 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2015-01-04 19:31 - 2015-01-04 19:32 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Bestbuy\Desktop\cbSetup.exe
2015-01-04 18:18 - 2015-01-04 18:19 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-04 18:18 - 2015-01-04 18:18 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-04 18:18 - 2014-10-01 12:34 - 00179608 ____N (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.28c9.deleteme
2015-01-04 18:10 - 2015-01-04 18:10 - 00000052 ___RH () C:\Users\Bestbuy\Desktop\GetSusp.opt
2015-01-04 16:52 - 2015-01-04 16:52 - 02064751 ____N () C:\Users\Bestbuy\Desktop\gsusp_BAD01AE0C73C_010415_165250.zip
2015-01-04 15:23 - 2015-01-04 16:52 - 00001152 ____N () C:\Users\Bestbuy\Desktop\GetSusp.xml
2015-01-04 15:20 - 2015-01-04 15:20 - 01579552 ____N (McAfee Inc.) C:\Users\Bestbuy\Desktop\getsusp.exe
2015-01-04 13:13 - 2015-01-04 13:13 - 02176288 ____N (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bestbuy\Desktop\GoToAssist.exe
2015-01-04 12:51 - 2015-01-04 12:51 - 00584560 ____N (McAfee, Inc.) C:\Users\Bestbuy\Desktop\MVTInstaller2.exe
2015-01-04 12:48 - 2015-01-04 12:48 - 00584560 ____N (McAfee, Inc.) C:\Users\Bestbuy\Desktop\MVTInstaller.exe
2015-01-04 11:59 - 2015-01-04 12:00 - 00000120 ____N () C:\Users\Bestbuy\Desktop\serial number mcafee.txt
2015-01-04 11:54 - 2015-01-04 11:55 - 05292448 ____N (McAfee, Inc.) C:\Users\Bestbuy\Desktop\McAfeeSetup-AutoLogin.exe
2015-01-04 11:48 - 2015-01-04 11:48 - 04995416 ____N (Microsoft Corporation) C:\Users\Bestbuy\Desktop\vcredist_x86.exe
2015-01-04 11:09 - 2015-01-04 11:10 - 03480040 ____N (McAfee, Inc.) C:\Users\Bestbuy\Desktop\MCPR.exe
2015-01-04 08:34 - 2015-01-04 08:34 - 00262144 _____ () C:\Users\Bestbuy\AppData\Local\Apps\Ovbphdt.dll
2015-01-04 00:54 - 2015-01-04 00:54 - 00584560 ____N (McAfee, Inc.) C:\Users\Bestbuy\Downloads\MVTInstaller.exe
2015-01-04 00:54 - 2015-01-04 00:54 - 00584560 ____N (McAfee, Inc.) C:\Users\Bestbuy\Downloads\MVTInstaller (1).exe
2015-01-04 00:37 - 2015-01-04 00:37 - 00000000 ____D () C:\ProgramData\Citrix
2015-01-04 00:18 - 2015-01-04 00:18 - 02176288 ____N (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bestbuy\Downloads\GoToAssistStarter.exe
2015-01-04 00:18 - 2015-01-04 00:18 - 02176288 ____N (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Bestbuy\Downloads\GoToAssistStarter (1).exe
2015-01-03 19:54 - 2015-01-03 19:54 - 05292448 ____N (McAfee, Inc.) C:\Users\Bestbuy\Downloads\McAfeeSetup.exe
2014-12-26 03:08 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-26 03:07 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-26 03:00 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-25 14:56 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-25 14:56 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-25 14:56 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-25 14:56 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-25 14:56 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-25 14:56 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-25 14:56 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-25 14:56 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-25 14:56 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-25 14:56 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-25 14:56 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-25 14:56 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-25 14:56 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-25 14:56 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-25 14:56 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-25 14:56 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-25 14:56 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-25 14:56 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-25 14:56 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-25 14:56 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-25 14:56 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-25 14:56 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 10:53 - 2007-11-19 18:20 - 01572707 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 10:46 - 2006-11-02 07:47 - 00005136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 10:46 - 2006-11-02 07:47 - 00005136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 10:44 - 2006-11-02 05:33 - 00774242 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 10:25 - 2014-06-20 09:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 10:09 - 2014-11-13 05:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff29486573c4.job
2015-01-09 10:09 - 2014-05-07 06:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf69eaee29e89.job
2015-01-09 05:09 - 2014-06-20 10:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9fd643478d.job
2015-01-07 05:01 - 2008-02-07 18:22 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForBestbuy.job
2015-01-05 22:42 - 2008-12-27 12:05 - 00000000 ____D () C:\Users\Bestbuy\AppData\Local\Unity
2015-01-05 11:08 - 2011-03-31 15:31 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 11:08 - 2002-09-16 00:33 - 00000000 ____D () C:\found.000
2015-01-04 18:14 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 18:12 - 2006-11-02 08:01 - 00032618 ____N () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 16:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2015-01-04 15:08 - 2007-11-10 01:01 - 00000000 ____D () C:\Windows\SMINST
2015-01-04 14:17 - 2014-01-02 15:13 - 00000000 ____D () C:\Program Files\McAfee
2015-01-04 14:17 - 2011-12-27 21:20 - 00250064 ____N () C:\Windows\PFRO.log
2015-01-04 13:40 - 2010-02-06 12:51 - 00000000 ____D () C:\Users\Bestbuy\AppData\Local\Deployment
2015-01-04 12:39 - 2007-11-10 00:28 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-04 10:53 - 2010-02-06 12:52 - 00103832 _____ () C:\Users\Bestbuy\GoToAssistDownloadHelper.exe
2015-01-04 10:53 - 2008-01-03 10:16 - 00000000 ____D () C:\Users\Bestbuy
2015-01-04 01:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\config\Journal
2015-01-04 00:25 - 2006-11-02 07:50 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2015-01-03 18:41 - 2008-07-21 12:31 - 00000000 ____D () C:\Users\Bestbuy\AppData\Local\Autodesk
2014-12-26 03:34 - 2014-01-02 15:14 - 00000000 __RSD () C:\Users\Bestbuy\Documents\McAfee Vaults
2014-12-26 03:09 - 2008-05-03 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 03:06 - 2013-12-16 08:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 03:03 - 2006-11-02 05:24 - 109818608 ____N (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-25 15:12 - 2013-12-16 10:55 - 00001933 ____N () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\Bestbuy\AppData\Local\Temp\brosayy.dll
C:\Users\Bestbuy\AppData\Local\Temp\mcitinfo_1420413589.exe
C:\Users\Bestbuy\AppData\Local\Temp\mhhyvxz.dll
C:\Users\Bestbuy\AppData\Local\Temp\ose00000.exe
C:\Users\Bestbuy\AppData\Local\Temp\rootsupd.exe
C:\Users\Bestbuy\AppData\Local\Temp\VP6Install.exe
C:\Users\Bestbuy\AppData\Local\Temp\VP6VFW.dll
C:\Users\Bestbuy\AppData\Local\Temp\xpjjwcb.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 07:45

==================== End Of Log ============================


#5 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 09 January 2015 - 01:28 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Bestbuy at 2015-01-09 10:57:44
Running from C:\Users\Bestbuy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders II (Version: 2.2.0.97 - WildTangent) Hidden
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Activprimary Viewer v3.6 (HKLM\...\{919A356C-8FC7-49E2-91C4-66D25AE35121}) (Version: 3.6.22 - Promethean Ltd.)
Activstudio Flipchart Viewer v3.0.2436 (HKLM\...\{F1705BC9-D392-4502-9130-224BF0760952}) (Version: 3.0.2436 - Promethean Technologies Group LTD)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1) (Version: 2.0.0.0 - Amazon)
Amazonia (Version: 2.2.0.95 - WildTangent) Hidden
Anodyne Analytics (HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\ab022503d7e291e5) (Version: 5.0.8.2 - Anodyne Health)
Anodyne Analytics Beta (HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\015064ea783bbb6e) (Version: 5.0.10.0 - Anodyne Health)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aquitania (Version: 2.2.0.97 - WildTangent) Hidden
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
AutoCAD LT 2008 - English (HKLM\...\AutoCAD LT 2008 - English) (Version: 17.1.51.0 - Autodesk)
AutoCAD LT 2008 - English (Version: 17.1.51.0 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Bejeweled 3 (Version: 2.2.0.95 - WildTangent) Hidden
Better Homes and Gardens Landscaping and Deck Designer 7.0 (HKLM\...\{51729BDF-5ED6-41ED-9CC6-5BFC7F4A4C18}) (Version: 7.0 - ART Inc)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Snooker (Version: 2.2.0.95 - WildTangent) Hidden
Build It - Miami Beach Resort (Version: 2.2.0.87 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (Version: 2.2.0.95 - WildTangent) Hidden
BurgerTime Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Crystal Cave Classic (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1019 - CyberLink Corp.)
Deep Blue Sea (Version: 2.2.0.95 - WildTangent) Hidden
Deep Blue Sea 2: The Amulet of Light (Version: 2.2.0.95 - WildTangent) Hidden
D-Link Toolbar (HKLM\...\D-Link Toolbar) (Version:  - )
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESSBrwr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Farm Mania 2 (Version: 2.2.0.95 - WildTangent) Hidden
Farmscapes (Version: 2.2.0.97 - WildTangent) Hidden
Flower Quest (Version: 2.2.0.95 - WildTangent) Hidden
Fraps (HKLM\...\Fraps) (Version:  - )
FunPark Beach Blast (Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM\...\{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}) (Version: 3.5.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gem Shop (Version: 2.2.0.95 - WildTangent) Hidden
Gem Slider Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 6 (HKLM\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01313 - Google)
Google SketchUp 6 (Version: 6.4.112 - Google) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 4.5.0.457 (HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\GoToMeeting) (Version:  - )
H&R Block Deluxe + Efile + State 2009 (HKLM\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.6901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2010 (HKLM\...\{10964A8F-21C1-45EA-BC2D-F84B505C3848}) (Version: 10.04.6301 - HRB Technology, LLC.)
H&R Block Georgia 2009 (HKLM\...\{2BCED072-9E78-456F-B8D6-AF6DA5A5EECC}) (Version: 1.09.2301 - HRB Technology, LLC.)
H&R Block Georgia 2010 (HKLM\...\{B0DE7025-6319-4FCD-8364-095B8774BC33}) (Version: 1.10.1401 - HRB Technology, LLC.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4589.14 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AFAD41A9-9687-48A3-848F-693C11451433}) (Version: 5.4.0.2360 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP IDF Software (HKLM\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Jenguu (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Keepers: Easter Island (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Heritage (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (Version: 2.2.0.95 - WildTangent) Hidden
KODAK EASYSHARE Gallery Upload ActiveX Control (HKLM\...\OfotoEZUpload) (Version:  - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2209 - CyberLink Corp.)
Laby (Version: 2.2.0.97 - WildTangent) Hidden
Lamp of Aladdin (Version: 2.2.0.95 - WildTangent) Hidden
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribe Template Labeler (HKLM\...\{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}) (Version: 1.10.13.1 - LightScribe)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Magic Encyclopedia - Illusions (Version: 2.2.0.95 - WildTangent) Hidden
Match-2-Date (Version: 2.2.0.97 - WildTangent) Hidden
MediaCoder 0.6.1 (HKLM\...\MediaCoder) (Version: 0.6.1 - Stanley Huang)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Move Networks Player - IE) (Version:  - )
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
muvee autoProducer 6.1 (HKLM\...\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}) (Version: 6.10.050 - muvee Technologies)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OfotoXMI (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
OLYMPUS ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.1.1404 - OLYMPUS IMAGING CORP.)
OLYMPUS ib (Version: 1.1.1404 - OLYMPUS IMAGING CORP.) Hidden
PartyPoker (HKLM\...\PartyPoker) (Version: 120 - PartyGaming)
Pdf995 (installed by TaxCut) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by TaxCut) (HKLM\...\PdfEdit995) (Version:  - )
Pizza Chef 2 (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3417 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2209 - CyberLink Corp.)
PowerDirector (Version: 6.5.2209 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roblox for Bestbuy (HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Season Match 3: Curse of the Witch Crow (Version: 2.2.0.97 - WildTangent) Hidden
SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.0.0.4 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.0.0 - Shutterfly, Inc.) Hidden
skin0001 (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Smilebox (HKU\S-1-5-21-2904036567-3763645971-1745593985-1000\...\Smilebox) (Version:  - )
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Sparkle (Version: 2.2.0.95 - WildTangent) Hidden
Starcraft (HKLM\...\Starcraft) (Version:  - )
staticcr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Super Collapse Puzzle Gallery (Version: 2.2.0.95 - WildTangent) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TaxCut Georgia 2007 (HKLM\...\{68D04E15-1F15-485F-B8CA-914444618EEF}) (Version: 1.07.4601 - H&R Block Digital Tax Solutions LLC.)
TaxCut Georgia 2008 (HKLM\...\{E6A64398-84A0-4499-B44B-2DBD3D1E9E7E}) (Version: 1.08.2901 - H&R Block Digital Tax Solutions LLC.)
TaxCut Premium + State + Efile 2007 (HKLM\...\{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}) (Version: 07.05.0000 - H & R Block)
TaxCut Premium + State + Efile 2008 (HKLM\...\{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}) (Version: 08.07.7101 - H & R Block)
Text Express 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1b3_716 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Virtual Earth 3D (Beta) (HKLM\...\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}) (Version: 3.0.808.29001 - Microsoft Corporation)
VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
Wheel of Fortune 2 (Version: 2.2.0.95 - WildTangent) Hidden
WildGames (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.52 - WildTangent)
WildTangent Games App for HP (Version: 4.0.11.7 - WildTangent) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WIRELESS (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
World Mosaics 4 (Version: 2.2.0.97 - WildTangent) Hidden
Zulu Gems (Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\MP3Writer.dll ()
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\AutoCAD LT 2008\acadltficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Bestbuy\AppData\Local\Roblox\Versions\version-6a73d67cd7ac4f7a\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD LT 2008\acadlt.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\MP3Encoder.dll ()
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 -> C:\Program Files\HP Games\Shooting Stars Pool\WebDriver\webdriver.dll (WildTangent)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Bestbuy\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2904036567-3763645971-1745593985-1000_Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}\localserver32 -> C:\Users\Bestbuy\AppData\Local\Roblox\Versions\version-6a73d67cd7ac4f7a\RobloxApp.exe (ROBLOX Corporation)

==================== Restore Points  =========================

02-01-2015 01:15:01 Scheduled Checkpoint
03-01-2015 00:34:26 Scheduled Checkpoint
04-01-2015 01:34:40 Windows Update
04-01-2015 11:25:49 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
04-01-2015 12:31:50 Removed HP Advisor.
04-01-2015 14:49:02 Windows Update
06-01-2015 03:00:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2009-12-11 14:18 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B36CA18-A01D-4DE1-B048-8CD591B59E4D} - System32\Tasks\{814A1E4F-49FA-458A-AB1B-E7675C6E398F} => pcalua.exe -a "C:\Users\Bestbuy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K8P5MPC\CommunicatorPlugin_291[1].exe" -d C:\Users\Bestbuy\Desktop
Task: {56821D33-502A-4DA1-822E-DC66BBC48301} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2904036567-3763645971-1745593985-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {56AB3B24-9A43-4CD3-8EF1-735D65E08A9F} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff29486573c4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {5A7B50A0-10EA-41FF-AEA5-134B76079655} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {626493DE-D810-4129-B142-61CEE49C9C5C} - System32\Tasks\{FF87C8CF-9CFE-46CB-8945-E0D544468318} => pcalua.exe -a C:\Users\Bestbuy\Downloads\install_easyshare.exe -d C:\Users\Bestbuy\Desktop
Task: {6F331FE0-3757-4402-BC71-1F5A9DE82318} - System32\Tasks\GoogleUpdateTaskMachineUA1cf69eaee29e89 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {7A309542-DAFD-4EF2-83CB-6582FF2FE9C2} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8c9fd643478d => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {805FB8E3-E980-4785-93A6-33F051F322DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {84511120-9D2C-498C-9DCB-5B134AD286F9} - System32\Tasks\JavaUpdateBestbuy => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {96F91E56-F666-406A-98EC-8134BB0CFDF1} - System32\Tasks\PC-Doctor\Scheduled Maintanence => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-06-25] (PC-Doctor, Inc.)
Task: {99283078-A7F6-43B3-B4E2-32A3DA76B7E1} - System32\Tasks\JavaUpdateExperience => C:\Windows\system32\jusched.exe [2007-04-07] (Sun Microsystems, Inc.)
Task: {AA899379-AC86-44AD-865B-B9B4DCA5AE6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {B2351C71-C8DD-4D4B-9EA9-3D9919DEAE43} - System32\Tasks\{ECFCDD7B-BE4D-4208-9DD8-F890FD73BE4F} => pcalua.exe -a C:\Windows\system32\NeroBurnRights.cpl -c Nero BurnRights
Task: {BE1AC52F-C2A3-477B-AA41-20C9AFA6ABFC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2904036567-3763645971-1745593985-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C9DC434C-D900-43A0-8119-44E3ECD35EF8} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Bestbuy => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {EB12AFD2-2F25-41CF-BBD9-1E5637FB9375} - System32\Tasks\{C649B6E7-4CC5-46AD-82B9-8572BD1E498E} => pcalua.exe -a C:\Users\Bestbuy\Desktop\Nero551056.exe -d C:\Users\Bestbuy
Task: {F45C7699-4FE4-45B0-AF28-69C70E01EE37} - System32\Tasks\HPCeeScheduleForBestbuy => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-20] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9fd643478d.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf69eaee29e89.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff29486573c4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBestbuy.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2008-04-12 13:57 - 2008-04-12 13:57 - 00051716 ____N () C:\Windows\System32\pdf995mon.dll
2011-04-20 01:21 - 2011-04-20 01:21 - 00037376 ____N () C:\Windows\system32\atitmpxx.dll
2009-03-26 23:36 - 2009-02-02 00:32 - 00038400 ____N () C:\Program Files\Amazon\Amazon Games & Software Downloader\utility.dll
2009-03-26 23:36 - 2008-07-23 08:02 - 00151552 ____N () C:\Program Files\Amazon\Amazon Games & Software Downloader\libexpat.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 ____N () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 ____N () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 ____N () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 ____N () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 ____N () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 ____N () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 ____N () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 ____N () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 ____N () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 ____N () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 ____N () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 ____N () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2010-10-29 15:01 - 2010-10-29 15:01 - 00027472 ____N () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 ____N () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 ____N () C:\Program Files\Logitech\Vid HD\phonon4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 ____N () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 ____N () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 ____N () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2012-01-18 01:43 - 2012-01-18 01:43 - 00183320 ____N () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2009-07-10 13:02 - 2009-07-29 18:34 - 00404480 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\Kfx.dll
2009-07-10 13:00 - 2009-07-29 18:34 - 00261120 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
2009-07-10 12:57 - 2009-07-29 18:34 - 00354816 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
2009-07-10 12:57 - 2009-07-29 18:34 - 00237568 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2009-07-10 13:14 - 2009-07-29 18:34 - 00232960 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2009-07-10 12:53 - 2009-07-29 18:34 - 00090112 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2009-07-10 13:15 - 2009-07-29 18:34 - 00077312 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2009-07-10 12:49 - 2009-07-29 18:34 - 00062464 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 09:05 - 2009-07-29 18:34 - 01564672 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2009-07-10 13:10 - 2009-07-29 18:34 - 00757760 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2009-07-10 13:25 - 2009-07-29 18:34 - 00679936 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2009-07-10 13:02 - 2009-07-29 18:34 - 00084480 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
2009-07-10 12:52 - 2009-07-29 18:34 - 00128512 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
2009-07-10 13:19 - 2009-07-29 18:34 - 01297408 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2008-08-04 12:16 - 2009-07-29 18:34 - 00786432 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2008-08-04 12:15 - 2009-07-29 18:34 - 00872448 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2008-08-04 12:18 - 2009-07-29 18:34 - 00462848 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2008-08-04 12:16 - 2009-07-29 18:34 - 00159744 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2008-08-04 12:20 - 2009-07-29 18:34 - 00528384 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2008-08-04 12:18 - 2009-07-29 18:34 - 02236416 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2008-08-04 12:19 - 2009-07-29 18:34 - 00798720 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2008-08-05 15:35 - 2009-07-29 18:34 - 01400832 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2009-07-10 12:55 - 2009-07-29 18:34 - 00117760 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2009-07-10 13:12 - 2009-07-29 18:34 - 00171008 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
2009-07-10 13:10 - 2009-07-29 18:34 - 00052224 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2009-07-10 13:10 - 2009-07-29 18:34 - 00143360 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2009-07-10 12:52 - 2009-07-29 18:34 - 00083968 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2009-07-10 11:07 - 2009-07-29 18:34 - 00010240 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2009-07-10 13:36 - 2009-07-29 18:34 - 00339968 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2009-07-10 13:23 - 2009-07-29 18:34 - 00097280 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2009-07-10 13:27 - 2009-07-29 18:34 - 00315392 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2009-07-10 13:12 - 2009-07-29 18:34 - 00688128 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2009-07-10 13:33 - 2009-07-29 18:34 - 00466944 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
2009-07-10 12:53 - 2009-07-29 18:34 - 00044544 ____N () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 ____N () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 ____N () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 ____N () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-01-05 22:42 - 2015-01-05 22:42 - 00254464 _____ () C:\Users\Bestbuy\AppData\Local\Temp\xpjjwcb.dll
2015-01-03 18:56 - 2015-01-03 18:56 - 08537928 _____ () C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\36.0.1985.143\pdf.dll
2015-01-03 18:56 - 2015-01-03 18:56 - 00353096 _____ () C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2015-01-03 18:56 - 2015-01-03 18:56 - 01732936 _____ () C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\36.0.1985.143\ffmpegsumo.dll
2015-01-03 18:56 - 2015-01-03 18:56 - 14669128 _____ () C:\Users\Bestbuy\AppData\LocalLow\Microsoft\Fefsiru\Hqiuulplghsw\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2904036567-3763645971-1745593985-500 - Administrator - Disabled)
Bestbuy (S-1-5-21-2904036567-3763645971-1745593985-1000 - Administrator - Enabled) => C:\Users\Bestbuy
Guest (S-1-5-21-2904036567-3763645971-1745593985-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Description: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 10:35:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\MOVE NETWORKS\DKJEFDBH\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IDHNGDHCFKOAMNGBEDGPAOKGJBNPDIJI\1.3.3_0> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:35:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\MOVE NETWORKS\DKJEFDBH\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IDHNGDHCFKOAMNGBEDGPAOKGJBNPDIJI\1.3.3_0> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\MOVE NETWORKS\DKJEFDBH\LOCAL\GOOGLE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:34:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\MOVE NETWORKS\DKJEFDBH\LOCAL\GOOGLE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:34:11 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\GE7848\LYGAKUH\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:34:11 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\GE7848\LYGAKUH\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:33:29 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\GE7848\LYGAKUH\LOCAL\GOOGLE\CHROME\USER DATA> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:33:29 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\GE7848\LYGAKUH\LOCAL\GOOGLE\CHROME\USER DATA> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:33:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\MOVE NETWORKS\DKJEFDBH\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AOHGHMIGHLIEIAINNEGKCIJNFILOKAKE\0.0.0.6_0> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)

Error: (01/09/2015 10:33:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCALLOW\MOVE NETWORKS\DKJEFDBH\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AOHGHMIGHLIEIAINNEGKCIJNFILOKAKE\0.0.0.6_0> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
	A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (01/09/2015 10:56:54 AM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/09/2015 10:56:30 AM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/09/2015 10:48:52 AM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/09/2015 10:48:41 AM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/09/2015 10:47:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/05/2015 10:39:00 PM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/05/2015 10:36:13 PM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/05/2015 10:30:36 PM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/05/2015 10:12:46 PM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)

Error: (01/05/2015 09:27:40 PM) (Source: DCOM) (EventID: 10016) (User: AR40VTBQGDH)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}AR40VTBQGDHBestbuyS-1-5-21-2904036567-3763645971-1745593985-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-10 15:43:40.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 15:43:40.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-12 15:53:04.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-12 15:53:03.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-12 15:53:03.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-12 15:53:03.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-12-23 13:05:07.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET9029.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2010-12-23 13:05:07.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET9029.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2010-12-23 13:05:07.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET9029.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2010-12-23 13:05:07.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET9029.tmp because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X2 560 Processor
Percentage of memory in use: 70%
Total physical RAM: 3325.28 MB
Available physical RAM: 967.54 MB
Total Pagefile: 6869.3 MB
Available Pagefile: 3200.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:288.57 GB) (Free:172.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.51 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (NEW_VOLUME) (Fixed) (Total:298.09 GB) (Free:297.99 GB) NTFS
Drive f: (Foo_Fighters) (CDROM) (Total:0.5 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=288.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: F85A5DFB)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#6 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 09 January 2015 - 01:30 PM


GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-09 12:46:34
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-4 Hitachi_HDT725032VLA380 rev.V54OA7BA 298.09GB
Running: 7hk57rty.exe; Driver: C:\Users\Bestbuy\AppData\Local\Temp\pwtiyfog.sys


---- System - GMER 2.1 ----

INT 0x01  \??\C:\Users\Bestbuy\AppData\Local\Temp\mbr.sys                                                                 8A0B3C42

---- Processes - GMER 2.1 ----

Process   hidden process (*** hidden *** )                                                                                18712                                                                                                     
Process   hidden process (*** hidden *** )                                                                                57468                                                                                                     
Process   dasueoo.exe (*** hidden *** )                                                                                   57972                                                                                                     
Process   hidden process (*** hidden *** )                                                                                59904                                                                                                     
Process   hidden process (*** hidden *** )                                                                                60012                                                                                                     
Process   hidden process (*** hidden *** )                                                                                60668                                                                                                     
Process   hidden process (*** hidden *** )                                                                                61644                                                                                                     
Process   hidden process (*** hidden *** )                                                                                61688                                                                                                     
Process   hidden process (*** hidden *** )                                                                                61828                                                                                                     
Process   hidden process (*** hidden *** )                                                                                61912                                                                                                     
Process   dasueoo.exe (*** hidden *** )                                                                                   61992                                                                                                     
Process   hidden process (*** hidden *** )                                                                                62228                                                                                                     
Process   hidden process (*** hidden *** )                                                                                62508                                                                                                     
Process   hidden process (*** hidden *** )                                                                                62560                                                                                                     
Process   hidden process (*** hidden *** )                                                                                62908                                                                                                     
Process   hidden process (*** hidden *** )                                                                                63048                                                                                                     

---- Registry - GMER 2.1 ----

Reg       HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                                       C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy7669.gthr
Reg       HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                                     7670
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{233C1507-6A77-46A4-9443-F871F945D258}\iexplore@Count  11100
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A05-F192-11D4-A65F-0040963251E5}\iexplore@Count  5646
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore@Count  7745
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count  3312346
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEAF541-F3E1-4C24-ACAC-99C30715084A}\iexplore@Count  81359

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----



#7 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 09 January 2015 - 01:31 PM

13:09:52.0249 0x3a2a8  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
13:09:59.0438 0x3a2a8  ============================================================
13:09:59.0438 0x3a2a8  Current date / time: 2015/01/09 13:09:59.0438
13:09:59.0438 0x3a2a8  SystemInfo:
13:09:59.0438 0x3a2a8  
13:09:59.0438 0x3a2a8  OS Version: 6.0.6002 ServicePack: 2.0
13:09:59.0438 0x3a2a8  Product type: Workstation
13:09:59.0438 0x3a2a8  ComputerName: AR40VTBQGDH
13:09:59.0438 0x3a2a8  UserName: Bestbuy
13:09:59.0439 0x3a2a8  Windows directory: C:\Windows
13:09:59.0439 0x3a2a8  System windows directory: C:\Windows
13:09:59.0439 0x3a2a8  Processor architecture: Intel x86
13:09:59.0439 0x3a2a8  Number of processors: 2
13:09:59.0439 0x3a2a8  Page size: 0x1000
13:09:59.0439 0x3a2a8  Boot type: Normal boot
13:09:59.0439 0x3a2a8  ============================================================
13:10:03.0563 0x3a2a8  KLMD registered as C:\Windows\system32\drivers\46488514.sys
13:10:03.0837 0x3a2a8  System UUID: {899DC5CE-A2AC-68C7-F607-011B0DECBC53}
13:10:04.0451 0x3a2a8  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:10:04.0472 0x3a2a8  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:10:04.0508 0x3a2a8  ============================================================
13:10:04.0508 0x3a2a8  \Device\Harddisk1\DR1:
13:10:04.0508 0x3a2a8  MBR partitions:
13:10:04.0508 0x3a2a8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
13:10:04.0508 0x3a2a8  \Device\Harddisk0\DR0:
13:10:04.0508 0x3a2a8  MBR partitions:
13:10:04.0508 0x3a2a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24126228
13:10:04.0508 0x3a2a8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24126267, BlocksNum 0x130745A
13:10:04.0508 0x3a2a8  ============================================================
13:10:04.0531 0x3a2a8  C: <-> \Device\Harddisk0\DR0\Partition1
13:10:04.0539 0x3a2a8  E: <-> \Device\Harddisk1\DR1\Partition1
13:10:04.0744 0x3a2a8  D: <-> \Device\Harddisk0\DR0\Partition2
13:10:04.0744 0x3a2a8  ============================================================
13:10:04.0744 0x3a2a8  Initialize success
13:10:04.0744 0x3a2a8  ============================================================
13:10:58.0501 0x3a364  ============================================================
13:10:58.0501 0x3a364  Scan started
13:10:58.0501 0x3a364  Mode: Manual; 
13:10:58.0501 0x3a364  ============================================================
13:10:58.0501 0x3a364  KSN ping started
13:11:12.0237 0x3a364  KSN ping finished: true
13:11:16.0207 0x3a364  ================ Scan system memory ========================
13:11:16.0207 0x3a364  System memory - ok
13:11:16.0208 0x3a364  ================ Scan services =============================
13:11:16.0433 0x3a364  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:11:16.0458 0x3a364  ACDaemon - ok
13:11:16.0602 0x3a364  [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:11:16.0692 0x3a364  ACPI - ok
13:11:16.0759 0x3a364  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:11:16.0782 0x3a364  AdobeARMservice - ok
13:11:16.0963 0x3a364  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:11:17.0059 0x3a364  AdobeFlashPlayerUpdateSvc - ok
13:11:17.0132 0x3a364  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:11:17.0146 0x3a364  adp94xx - ok
13:11:17.0191 0x3a364  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:11:17.0198 0x3a364  adpahci - ok
13:11:17.0220 0x3a364  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:11:17.0223 0x3a364  adpu160m - ok
13:11:17.0258 0x3a364  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:11:17.0262 0x3a364  adpu320 - ok
13:11:17.0294 0x3a364  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:11:17.0295 0x3a364  AeLookupSvc - ok
13:11:17.0348 0x3a364  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
13:11:17.0355 0x3a364  AFD - ok
13:11:17.0411 0x3a364  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:11:17.0413 0x3a364  agp440 - ok
13:11:17.0437 0x3a364  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:11:17.0439 0x3a364  aic78xx - ok
13:11:17.0490 0x3a364  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
13:11:17.0517 0x3a364  ALG - ok
13:11:17.0553 0x3a364  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:11:17.0554 0x3a364  aliide - ok
13:11:17.0759 0x3a364  [ 14E1D26E4DABC23AF12D94EBEFA26BB2, A0EBCFE31ED65E9DA131EC634FA18781B7528D9F3DCC1AD82778DE4B70238D86 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
13:11:17.0766 0x3a364  Amazon Download Agent - ok
13:11:17.0842 0x3a364  [ EBCCBCBF1DF132E4775E5D6E6DEA3ED0, 142A8C4D21BC4772C4B9E16A1EC8C82EB08CD3E8199D167D4F5F42A2BC415DE2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:11:17.0846 0x3a364  AMD External Events Utility - ok
13:11:17.0915 0x3a364  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:11:17.0916 0x3a364  amdagp - ok
13:11:17.0936 0x3a364  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:11:17.0953 0x3a364  amdide - ok
13:11:17.0970 0x3a364  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:11:17.0971 0x3a364  AmdK7 - ok
13:11:18.0010 0x3a364  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:11:18.0069 0x3a364  AmdK8 - ok
13:11:18.0664 0x3a364  [ F89643A2CA001B1162061E306F8BF267, 6D74863007609F8A5396BACA285205B3A224CF8C94C2D8D11BF0AABA9300DC69 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:11:19.0012 0x3a364  amdkmdag - ok
13:11:19.0127 0x3a364  [ FB68E1B9CEC598F0F69503F3AEBB45DD, BCA3A89A7A570DAABB279ABF67E9DE889457BB2BFF586DB638AD419FF4DD14B2 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:11:19.0133 0x3a364  amdkmdap - ok
13:11:19.0200 0x3a364  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
13:11:19.0208 0x3a364  Appinfo - ok
13:11:19.0288 0x3a364  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:11:19.0290 0x3a364  Apple Mobile Device - ok
13:11:19.0335 0x3a364  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
13:11:19.0337 0x3a364  arc - ok
13:11:19.0377 0x3a364  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:11:19.0379 0x3a364  arcsas - ok
13:11:19.0570 0x3a364  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:11:19.0571 0x3a364  aspnet_state - ok
13:11:19.0626 0x3a364  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:11:19.0657 0x3a364  AsyncMac - ok
13:11:19.0704 0x3a364  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
13:11:19.0704 0x3a364  atapi - ok
13:11:19.0823 0x3a364  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:11:19.0833 0x3a364  AudioEndpointBuilder - ok
13:11:19.0842 0x3a364  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:11:19.0847 0x3a364  Audiosrv - ok
13:11:19.0930 0x3a364  [ EA2D28BBE98256654397CD1F6EAEBDD8, 97BBE5A2C9F2AE4675E6652AD79B1FCAEA76064FB37DBF238947ACA81D3017DF ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
13:11:19.0933 0x3a364  Autodesk Licensing Service - ok
13:11:20.0004 0x3a364  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:11:20.0029 0x3a364  Beep - ok
13:11:20.0213 0x3a364  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
13:11:20.0251 0x3a364  BFE - ok
13:11:20.0361 0x3a364  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
13:11:20.0379 0x3a364  BITS - ok
13:11:20.0383 0x3a364  blbdrive - ok
13:11:20.0632 0x3a364  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:11:20.0690 0x3a364  Bonjour Service - ok
13:11:20.0717 0x3a364  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:11:20.0719 0x3a364  bowser - ok
13:11:20.0757 0x3a364  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:11:20.0758 0x3a364  BrFiltLo - ok
13:11:20.0775 0x3a364  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:11:20.0776 0x3a364  BrFiltUp - ok
13:11:20.0817 0x3a364  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
13:11:20.0845 0x3a364  Browser - ok
13:11:20.0896 0x3a364  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:11:20.0924 0x3a364  Brserid - ok
13:11:20.0959 0x3a364  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:11:20.0960 0x3a364  BrSerWdm - ok
13:11:20.0980 0x3a364  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:11:20.0980 0x3a364  BrUsbMdm - ok
13:11:20.0992 0x3a364  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:11:20.0993 0x3a364  BrUsbSer - ok
13:11:21.0009 0x3a364  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:11:21.0010 0x3a364  BTHMODEM - ok
13:11:21.0201 0x3a364  [ 58BF7714A312698108A96D0DE2BB6825, 87E0EC24520C9C421AF6A680FEF42E18911AABA373A9F927C5CE77AD50F8196F ] cbVSCService11  C:\Program Files\Cobian Backup 11\cbVSCService11.exe
13:11:21.0221 0x3a364  cbVSCService11 - ok
13:11:21.0343 0x3a364  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:11:21.0346 0x3a364  cdfs - ok
13:11:21.0413 0x3a364  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:11:21.0441 0x3a364  cdrom - ok
13:11:21.0485 0x3a364  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
13:11:21.0513 0x3a364  CertPropSvc - ok
13:11:21.0559 0x3a364  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:11:21.0569 0x3a364  circlass - ok
13:11:21.0689 0x3a364  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
13:11:21.0821 0x3a364  CLFS - ok
13:11:21.0912 0x3a364  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:21.0936 0x3a364  clr_optimization_v2.0.50727_32 - ok
13:11:21.0995 0x3a364  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:21.0997 0x3a364  clr_optimization_v4.0.30319_32 - ok
13:11:22.0023 0x3a364  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:11:22.0036 0x3a364  cmdide - ok
13:11:22.0053 0x3a364  [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:11:22.0054 0x3a364  Compbatt - ok
13:11:22.0058 0x3a364  COMSysApp - ok
13:11:22.0072 0x3a364  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:11:22.0073 0x3a364  crcdisk - ok
13:11:22.0093 0x3a364  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:11:22.0094 0x3a364  Crusoe - ok
13:11:22.0134 0x3a364  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:11:22.0162 0x3a364  CryptSvc - ok
13:11:22.0257 0x3a364  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:11:22.0290 0x3a364  DcomLaunch - ok
13:11:22.0345 0x3a364  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:11:22.0377 0x3a364  DfsC - ok
13:11:22.0908 0x3a364  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
13:11:23.0000 0x3a364  DFSR - ok
13:11:23.0105 0x3a364  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:11:23.0120 0x3a364  Dhcp - ok
13:11:23.0182 0x3a364  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
13:11:23.0211 0x3a364  disk - ok
13:11:23.0258 0x3a364  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:11:23.0261 0x3a364  Dnscache - ok
13:11:23.0327 0x3a364  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
13:11:23.0331 0x3a364  dot3svc - ok
13:11:23.0417 0x3a364  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:11:23.0448 0x3a364  dot4 - ok
13:11:23.0544 0x3a364  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:11:23.0575 0x3a364  Dot4Print - ok
13:11:23.0606 0x3a364  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:11:23.0632 0x3a364  dot4usb - ok
13:11:23.0738 0x3a364  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
13:11:23.0750 0x3a364  DPS - ok
13:11:23.0834 0x3a364  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:11:23.0871 0x3a364  drmkaud - ok
13:11:23.0953 0x3a364  dump_wmimmc - ok
13:11:24.0230 0x3a364  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:11:24.0245 0x3a364  DXGKrnl - ok
13:11:24.0295 0x3a364  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:11:24.0299 0x3a364  E1G60 - ok
13:11:24.0340 0x3a364  EagleNT - ok
13:11:24.0351 0x3a364  EagleXNt - ok
13:11:24.0400 0x3a364  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
13:11:24.0402 0x3a364  EapHost - ok
13:11:24.0478 0x3a364  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:11:24.0516 0x3a364  Ecache - ok
13:11:24.0861 0x3a364  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:11:24.0888 0x3a364  ehRecvr - ok
13:11:24.0943 0x3a364  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
13:11:24.0970 0x3a364  ehSched - ok
13:11:24.0999 0x3a364  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
13:11:25.0000 0x3a364  ehstart - ok
13:11:25.0047 0x3a364  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:11:25.0054 0x3a364  elxstor - ok
13:11:25.0241 0x3a364  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:11:25.0255 0x3a364  EMDMgmt - ok
13:11:25.0330 0x3a364  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
13:11:25.0337 0x3a364  EventSystem - ok
13:11:25.0448 0x3a364  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:11:25.0457 0x3a364  exfat - ok
13:11:25.0531 0x3a364  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:11:25.0534 0x3a364  fastfat - ok
13:11:25.0585 0x3a364  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:11:25.0604 0x3a364  fdc - ok
13:11:25.0689 0x3a364  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
13:11:25.0699 0x3a364  fdPHost - ok
13:11:25.0792 0x3a364  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:11:25.0799 0x3a364  FDResPub - ok
13:11:25.0886 0x3a364  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:11:25.0936 0x3a364  FileInfo - ok
13:11:26.0033 0x3a364  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:11:26.0093 0x3a364  Filetrace - ok
13:11:26.0186 0x3a364  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:11:26.0187 0x3a364  flpydisk - ok
13:11:26.0317 0x3a364  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:11:26.0389 0x3a364  FltMgr - ok
13:11:26.0474 0x3a364  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
13:11:26.0492 0x3a364  FontCache - ok
13:11:26.0599 0x3a364  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:11:26.0607 0x3a364  FontCache3.0.0.0 - ok
13:11:26.0637 0x3a364  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:11:26.0638 0x3a364  Fs_Rec - ok
13:11:26.0663 0x3a364  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:11:26.0664 0x3a364  gagp30kx - ok
13:11:26.0794 0x3a364  [ C2E4D92EB552380189B38D937EE2A131, 7C247E44780198A72C299B752CC047B195EA80D1EB104DF087F96F70811702CA ] GamesAppIntegrationService C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
13:11:26.0800 0x3a364  GamesAppIntegrationService - ok
13:11:26.0863 0x3a364  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
13:11:26.0868 0x3a364  GamesAppService - ok
13:11:26.0917 0x3a364  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:11:26.0918 0x3a364  GEARAspiWDM - ok
13:11:27.0081 0x3a364  [ C6B9F48D46C13389EA2AF2065AE66612, BFB2CFF1B9BFE55E027F01C3714DF9BF8E0C5CFD0EF0BF6B8DA029D98C1288D7 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe
13:11:27.0082 0x3a364  GoToAssist - ok
13:11:27.0178 0x3a364  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
13:11:27.0295 0x3a364  gpsvc - ok
13:11:27.0438 0x3a364  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:11:27.0526 0x3a364  gupdate - ok
13:11:27.0552 0x3a364  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:11:27.0554 0x3a364  gupdatem - ok
13:11:27.0612 0x3a364  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:11:27.0679 0x3a364  gusvc - ok
13:11:27.0823 0x3a364  [ 0E44DBF63BB0169D57446AEC21881FF2, 978E7CBD2307413D3945C6541C9DCA877B11C5CAA09B5CAF26A4D6CC9DFD0E37 ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
13:11:27.0848 0x3a364  HCW85BDA - ok
13:11:27.0940 0x3a364  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:11:27.0955 0x3a364  HdAudAddService - ok
13:11:28.0033 0x3a364  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:11:28.0046 0x3a364  HDAudBus - ok
13:11:28.0090 0x3a364  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:11:28.0104 0x3a364  HidBth - ok
13:11:28.0132 0x3a364  [ F24393C44FDFE2E5E9F416FD3BDF98E2, 3099B183A34E9B92E8EE904BB0B3675C6D993CFCAAF65B91FB7059ADA547317D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:11:28.0133 0x3a364  HidIr - ok
13:11:28.0190 0x3a364  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
13:11:28.0191 0x3a364  hidserv - ok
13:11:28.0250 0x3a364  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:11:28.0250 0x3a364  HidUsb - ok
13:11:28.0301 0x3a364  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:11:28.0304 0x3a364  hkmsvc - ok
13:11:28.0498 0x3a364  [ 0D26C438E2938A3E6BDD91173BC96FF0, 69FAB9328BC9B49F0A1A3758FDEC31E71C5ED0948D3F5D76992A2E15C2B96511 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:11:28.0523 0x3a364  HP Health Check Service - ok
13:11:28.0553 0x3a364  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:11:28.0554 0x3a364  HpCISSs - ok
13:11:28.0673 0x3a364  [ 88749FBF8BEB18C90E7D6626C8C1910B, 8CCCCF75EE8D7C8F052DE48DCE7099BFA9D29E9D94E9EEB8C84F0EEE73CC2EDD ] HSF_DP          C:\Windows\system32\DRIVERS\HSX_DP.sys
13:11:28.0719 0x3a364  HSF_DP - ok
13:11:28.0789 0x3a364  [ FE440536BD98AF772130DC3A6FE1915F, F890A4336E6BC11A5D0A7D49CFD0626FFC2131E81260AE3E2501BCD29434C131 ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:11:28.0796 0x3a364  HSXHWBS2 - ok
13:11:28.0926 0x3a364  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:11:28.0935 0x3a364  HTTP - ok
13:11:28.0980 0x3a364  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:11:28.0993 0x3a364  i2omp - ok
13:11:29.0059 0x3a364  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:11:29.0060 0x3a364  i8042prt - ok
13:11:29.0103 0x3a364  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:11:29.0109 0x3a364  iaStorV - ok
13:11:29.0262 0x3a364  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:11:29.0282 0x3a364  idsvc - ok
13:11:29.0309 0x3a364  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:11:29.0310 0x3a364  iirsp - ok
13:11:29.0358 0x3a364  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:11:29.0406 0x3a364  IKEEXT - ok
13:11:29.0589 0x3a364  [ EDC37B918E583A5A813C53D4F5588255, 169DF53DB9B06914A84B3706662DBFCDCC58FCCF64A6DA5ED2BBE9C2DAE37C5B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:11:29.0669 0x3a364  IntcAzAudAddService - ok
13:11:29.0720 0x3a364  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:11:29.0721 0x3a364  intelide - ok
13:11:29.0746 0x3a364  [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:11:29.0747 0x3a364  intelppm - ok
13:11:29.0788 0x3a364  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:11:29.0790 0x3a364  IPBusEnum - ok
13:11:29.0867 0x3a364  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:11:29.0881 0x3a364  IpFilterDriver - ok
13:11:29.0936 0x3a364  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:11:29.0942 0x3a364  iphlpsvc - ok
13:11:29.0946 0x3a364  IpInIp - ok
13:11:29.0993 0x3a364  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:11:29.0995 0x3a364  IPMIDRV - ok
13:11:30.0049 0x3a364  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:11:30.0063 0x3a364  IPNAT - ok
13:11:30.0113 0x3a364  [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:11:30.0137 0x3a364  iPod Service - ok
13:11:30.0183 0x3a364  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:11:30.0184 0x3a364  IRENUM - ok
13:11:30.0202 0x3a364  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:11:30.0204 0x3a364  isapnp - ok
13:11:30.0278 0x3a364  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:11:30.0283 0x3a364  iScsiPrt - ok
13:11:30.0306 0x3a364  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:11:30.0307 0x3a364  iteatapi - ok
13:11:30.0357 0x3a364  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:11:30.0358 0x3a364  iteraid - ok
13:11:30.0408 0x3a364  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:11:30.0409 0x3a364  kbdclass - ok
13:11:30.0436 0x3a364  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:11:30.0437 0x3a364  kbdhid - ok
13:11:30.0484 0x3a364  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
13:11:30.0491 0x3a364  KeyIso - ok
13:11:30.0551 0x3a364  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:11:30.0560 0x3a364  KSecDD - ok
13:11:30.0639 0x3a364  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:11:30.0647 0x3a364  KtmRm - ok
13:11:30.0689 0x3a364  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:11:30.0693 0x3a364  LanmanServer - ok
13:11:30.0765 0x3a364  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:11:30.0770 0x3a364  LanmanWorkstation - ok
13:11:30.0847 0x3a364  [ DFEFF67508D3A9AEB1A85D7B0F513B24, 34A02E6BEAFB22B1527C72E0E2D65FA1DBCFB022672116BFF4A903FBBEA8419D ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:11:30.0849 0x3a364  LightScribeService - ok
13:11:30.0901 0x3a364  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:11:30.0917 0x3a364  lltdio - ok
13:11:30.0960 0x3a364  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:11:30.0966 0x3a364  lltdsvc - ok
13:11:31.0001 0x3a364  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:11:31.0002 0x3a364  lmhosts - ok
13:11:31.0059 0x3a364  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:11:31.0076 0x3a364  LSI_FC - ok
13:11:31.0090 0x3a364  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:11:31.0092 0x3a364  LSI_SAS - ok
13:11:31.0105 0x3a364  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:11:31.0107 0x3a364  LSI_SCSI - ok
13:11:31.0161 0x3a364  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:11:31.0163 0x3a364  luafv - ok
13:11:31.0280 0x3a364  [ ED643E777BA3F7151EF3F0FB6BE4F7F0, 94B96367ECF2140299F36D93C00C9FE666953BEA6A1253EEEAAC439A682D38CA ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
13:11:31.0298 0x3a364  LVRS - ok
13:11:31.0879 0x3a364  [ 5BC80451109A8DD7F2DDD35BCE2929A3, F97BAD2D43D1E199841BAE5707424B49B4451CD486F249646E898FC7CC7AB4C8 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
13:11:32.0036 0x3a364  LVUVC - ok
13:11:32.0112 0x3a364  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:11:32.0128 0x3a364  Mcx2Svc - ok
13:11:32.0205 0x3a364  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:11:32.0205 0x3a364  mdmxsdk - ok
13:11:32.0252 0x3a364  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:11:32.0253 0x3a364  megasas - ok
13:11:32.0256 0x3a364  mfeapfk - ok
13:11:32.0268 0x3a364  mfehidk - ok
13:11:32.0271 0x3a364  mfevtp - ok
13:11:32.0329 0x3a364  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
13:11:32.0331 0x3a364  MMCSS - ok
13:11:32.0375 0x3a364  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
13:11:32.0376 0x3a364  Modem - ok
13:11:32.0429 0x3a364  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:11:32.0436 0x3a364  monitor - ok
13:11:32.0498 0x3a364  [ 201BFC4EF8B33D02D133FBF6535E515B, 7CADD2F00C8C6F569EB7767FEE46AC62A22A072E61C4C0D9E66E04D59D211F26 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
13:11:32.0500 0x3a364  motccgp - ok
13:11:32.0557 0x3a364  [ D0242A3832EB7C97801BB25889561E23, C325EBB32875B2CBC9C063DA121454D0E56F34CC09653DDEAE8A78606276A933 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
13:11:32.0575 0x3a364  motccgpfl - ok
13:11:32.0626 0x3a364  [ FE80C18BA448DDD76B7BEAD9EB203D37, FC8C14EAD60ACD4AA5B4F61032FAE331F76C36FBC2D881D25BBBC6EB86682166 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
13:11:32.0637 0x3a364  motmodem - ok
13:11:32.0686 0x3a364  [ FE80C18BA448DDD76B7BEAD9EB203D37, FC8C14EAD60ACD4AA5B4F61032FAE331F76C36FBC2D881D25BBBC6EB86682166 ] motport         C:\Windows\system32\DRIVERS\motport.sys
13:11:32.0687 0x3a364  motport - ok
13:11:32.0741 0x3a364  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:11:32.0753 0x3a364  mouclass - ok
13:11:32.0776 0x3a364  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:11:32.0777 0x3a364  mouhid - ok
13:11:32.0829 0x3a364  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:11:32.0844 0x3a364  MountMgr - ok
13:11:32.0894 0x3a364  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:11:32.0897 0x3a364  mpio - ok
13:11:32.0948 0x3a364  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:11:32.0969 0x3a364  mpsdrv - ok
13:11:33.0049 0x3a364  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:11:33.0058 0x3a364  MpsSvc - ok
13:11:33.0091 0x3a364  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:11:33.0108 0x3a364  Mraid35x - ok
13:11:33.0187 0x3a364  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:11:33.0200 0x3a364  MRxDAV - ok
13:11:33.0261 0x3a364  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:11:33.0264 0x3a364  mrxsmb - ok
13:11:33.0290 0x3a364  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:11:33.0295 0x3a364  mrxsmb10 - ok
13:11:33.0312 0x3a364  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:11:33.0314 0x3a364  mrxsmb20 - ok
13:11:33.0380 0x3a364  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:11:33.0396 0x3a364  msahci - ok
13:11:33.0416 0x3a364  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:11:33.0419 0x3a364  msdsm - ok
13:11:33.0477 0x3a364  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
13:11:33.0481 0x3a364  MSDTC - ok
13:11:33.0547 0x3a364  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:11:33.0554 0x3a364  Msfs - ok
13:11:33.0615 0x3a364  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:11:33.0622 0x3a364  msisadrv - ok
13:11:33.0663 0x3a364  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:11:33.0667 0x3a364  MSiSCSI - ok
13:11:33.0670 0x3a364  msiserver - ok
13:11:33.0708 0x3a364  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:11:33.0717 0x3a364  MSKSSRV - ok
13:11:33.0747 0x3a364  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:11:33.0749 0x3a364  MSPCLOCK - ok
13:11:33.0763 0x3a364  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:11:33.0764 0x3a364  MSPQM - ok
13:11:33.0828 0x3a364  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:11:33.0831 0x3a364  MsRPC - ok
13:11:33.0881 0x3a364  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:11:33.0923 0x3a364  mssmbios - ok
13:11:33.0980 0x3a364  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:11:33.0981 0x3a364  MSTEE - ok
13:11:34.0020 0x3a364  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
13:11:34.0020 0x3a364  MTsensor - ok
13:11:34.0073 0x3a364  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:11:34.0082 0x3a364  Mup - ok
13:11:34.0161 0x3a364  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
13:11:34.0265 0x3a364  napagent - ok
13:11:34.0320 0x3a364  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:11:34.0325 0x3a364  NativeWifiP - ok
13:11:34.0379 0x3a364  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:11:34.0390 0x3a364  NDIS - ok
13:11:34.0461 0x3a364  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:11:34.0475 0x3a364  NdisTapi - ok
13:11:34.0525 0x3a364  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:11:34.0527 0x3a364  Ndisuio - ok
13:11:34.0669 0x3a364  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:11:34.0706 0x3a364  NdisWan - ok
13:11:34.0770 0x3a364  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:11:34.0793 0x3a364  NDProxy - ok
13:11:34.0808 0x3a364  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:11:34.0810 0x3a364  NetBIOS - ok
13:11:34.0887 0x3a364  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:11:34.0905 0x3a364  netbt - ok
13:11:34.0933 0x3a364  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
13:11:34.0934 0x3a364  Netlogon - ok
13:11:34.0999 0x3a364  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
13:11:35.0006 0x3a364  Netman - ok
13:11:35.0071 0x3a364  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:11:35.0097 0x3a364  NetMsmqActivator - ok
13:11:35.0102 0x3a364  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:11:35.0104 0x3a364  NetPipeActivator - ok
13:11:35.0167 0x3a364  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
13:11:35.0173 0x3a364  netprofm - ok
13:11:35.0200 0x3a364  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:11:35.0202 0x3a364  NetTcpActivator - ok
13:11:35.0207 0x3a364  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:11:35.0210 0x3a364  NetTcpPortSharing - ok
13:11:35.0245 0x3a364  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:11:35.0247 0x3a364  nfrd960 - ok
13:11:35.0302 0x3a364  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:11:35.0307 0x3a364  NlaSvc - ok
13:11:35.0355 0x3a364  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:11:35.0368 0x3a364  Npfs - ok
13:11:35.0370 0x3a364  npkcrypt - ok
13:11:35.0424 0x3a364  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
13:11:35.0435 0x3a364  nsi - ok
13:11:35.0491 0x3a364  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:11:35.0492 0x3a364  nsiproxy - ok
13:11:35.0706 0x3a364  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:11:35.0730 0x3a364  Ntfs - ok
13:11:35.0773 0x3a364  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:11:35.0788 0x3a364  ntrigdigi - ok
13:11:35.0805 0x3a364  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
13:11:35.0805 0x3a364  Null - ok
13:11:35.0881 0x3a364  [ B896FB556B4DC1E1D2943559EA79C5C5, 8819716153ACFF8F05AAA33F7E6CF24A09C8D2C78E4B5C5FF9F978CCA0AE1CB3 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:11:35.0945 0x3a364  NVENETFD - ok
13:11:36.0428 0x3a364  [ C8CB6135884CBC2A10225C4C3CEF0F95, A2FEE33912CDDFE82192C51E11065FDC758243A3A88B54C42744522A7ADB79D2 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:11:36.0778 0x3a364  nvlddmkm - ok
13:11:36.0919 0x3a364  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:11:36.0922 0x3a364  nvraid - ok
13:11:36.0970 0x3a364  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:11:36.0978 0x3a364  nvstor - ok
13:11:37.0022 0x3a364  [ 7EBA6C9A0A295B1559EFB9062E701218, AB890B1CE155ABA6E633B9A4D422BFF42322D1CB067C237A926F36C8A5ADC8A2 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
13:11:37.0025 0x3a364  nvstor32 - ok
13:11:37.0058 0x3a364  [ C1303870D5F9EAD4BEB68559AAB7A87B, D103169D369710A697156693F7AB65523DEF8B051A31B39624C5801FF969691E ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:11:37.0062 0x3a364  nvsvc - ok
13:11:37.0083 0x3a364  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:11:37.0086 0x3a364  nv_agp - ok
13:11:37.0089 0x3a364  NwlnkFlt - ok
13:11:37.0092 0x3a364  NwlnkFwd - ok
13:11:37.0161 0x3a364  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:11:37.0179 0x3a364  odserv - ok
13:11:37.0263 0x3a364  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:11:37.0274 0x3a364  ohci1394 - ok
13:11:37.0318 0x3a364  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:11:37.0322 0x3a364  ose - ok
13:11:37.0397 0x3a364  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:11:37.0529 0x3a364  p2pimsvc - ok
13:11:37.0545 0x3a364  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:11:37.0556 0x3a364  p2psvc - ok
13:11:37.0626 0x3a364  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:11:37.0635 0x3a364  Parport - ok
13:11:37.0684 0x3a364  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:11:37.0700 0x3a364  partmgr - ok
13:11:37.0748 0x3a364  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:11:37.0749 0x3a364  Parvdm - ok
13:11:37.0843 0x3a364  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:11:37.0857 0x3a364  PcaSvc - ok
13:11:37.0860 0x3a364  PcdrNdisuio - ok
13:11:37.0971 0x3a364  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
13:11:37.0975 0x3a364  pci - ok
13:11:38.0010 0x3a364  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
13:11:38.0011 0x3a364  pciide - ok
13:11:38.0127 0x3a364  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:11:38.0151 0x3a364  pcmcia - ok
13:11:38.0376 0x3a364  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:11:38.0395 0x3a364  PEAUTH - ok
13:11:38.0650 0x3a364  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
13:11:38.0694 0x3a364  pla - ok
13:11:38.0759 0x3a364  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:11:38.0820 0x3a364  PlugPlay - ok
13:11:38.0863 0x3a364  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:11:38.0874 0x3a364  PNRPAutoReg - ok
13:11:38.0890 0x3a364  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:11:38.0901 0x3a364  PNRPsvc - ok
13:11:38.0951 0x3a364  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:11:38.0959 0x3a364  PolicyAgent - ok
13:11:39.0002 0x3a364  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:11:39.0004 0x3a364  PptpMiniport - ok
13:11:39.0058 0x3a364  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:11:39.0065 0x3a364  Processor - ok
13:11:39.0187 0x3a364  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
13:11:39.0191 0x3a364  ProfSvc - ok
13:11:39.0216 0x3a364  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
13:11:39.0217 0x3a364  ProtectedStorage - ok
13:11:39.0250 0x3a364  [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
13:11:39.0251 0x3a364  Ps2 - ok
13:11:39.0298 0x3a364  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:11:39.0302 0x3a364  PSched - ok
13:11:39.0712 0x3a364  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:11:39.0731 0x3a364  ql2300 - ok
13:11:39.0756 0x3a364  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:11:39.0771 0x3a364  ql40xx - ok
13:11:39.0838 0x3a364  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
13:11:39.0912 0x3a364  QWAVE - ok
13:11:39.0956 0x3a364  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:11:39.0966 0x3a364  QWAVEdrv - ok
13:11:40.0011 0x3a364  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:11:40.0027 0x3a364  RasAcd - ok
13:11:40.0079 0x3a364  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
13:11:40.0086 0x3a364  RasAuto - ok
13:11:40.0126 0x3a364  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:11:40.0128 0x3a364  Rasl2tp - ok
13:11:40.0227 0x3a364  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
13:11:40.0234 0x3a364  RasMan - ok
13:11:40.0280 0x3a364  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:11:40.0282 0x3a364  RasPppoe - ok
13:11:40.0370 0x3a364  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:11:40.0373 0x3a364  RasSstp - ok
13:11:40.0443 0x3a364  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:11:40.0449 0x3a364  rdbss - ok
13:11:40.0498 0x3a364  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:11:40.0510 0x3a364  RDPCDD - ok
13:11:40.0572 0x3a364  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:11:40.0578 0x3a364  rdpdr - ok
13:11:40.0613 0x3a364  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:11:40.0614 0x3a364  RDPENCDD - ok
13:11:40.0670 0x3a364  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:11:40.0688 0x3a364  RDPWD - ok
13:11:40.0804 0x3a364  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
13:11:40.0806 0x3a364  RealNetworks Downloader Resolver Service - ok
13:11:40.0869 0x3a364  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:11:40.0879 0x3a364  RemoteAccess - ok
13:11:40.0967 0x3a364  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:11:40.0971 0x3a364  RemoteRegistry - ok
13:11:41.0026 0x3a364  [ 0F6756EF8BDA6DFA7BE50465C83132BB, 1AE76B66F04A2AE99CD1A1368D4998C8081E89578A37D7D535D8CBCAA6136AE0 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
13:11:41.0054 0x3a364  RimUsb - ok
13:11:41.0078 0x3a364  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
13:11:41.0079 0x3a364  RpcLocator - ok
13:11:41.0137 0x3a364  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
13:11:41.0147 0x3a364  RpcSs - ok
13:11:41.0193 0x3a364  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:11:41.0195 0x3a364  rspndr - ok
13:11:41.0291 0x3a364  [ 283392AF1860ECDB5E0F8EBD7F3D72DF, B947025A41D7A16C48330ECE469860023D2109537A3DDC631C8EF9672687FF93 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
13:11:41.0293 0x3a364  RTL8169 - ok
13:11:41.0342 0x3a364  [ 3EDFB0089B9455B26154B572DB650EE3, 883AB382F2DCE5EE54B2E59DC1D3AFFB45DDFF5997CBAE2805CA2AD4F81B01DC ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
13:11:41.0354 0x3a364  RTL8192su - ok
13:11:41.0374 0x3a364  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
13:11:41.0375 0x3a364  SamSs - ok
13:11:41.0429 0x3a364  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:11:41.0432 0x3a364  sbp2port - ok
13:11:41.0496 0x3a364  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:11:41.0502 0x3a364  SCardSvr - ok
13:11:41.0585 0x3a364  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
13:11:41.0599 0x3a364  Schedule - ok
13:11:41.0639 0x3a364  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:11:41.0640 0x3a364  SCPolicySvc - ok
13:11:41.0703 0x3a364  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:11:41.0712 0x3a364  SDRSVC - ok
13:11:41.0774 0x3a364  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:11:41.0796 0x3a364  secdrv - ok
13:11:41.0844 0x3a364  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
13:11:41.0867 0x3a364  seclogon - ok
13:11:41.0905 0x3a364  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
13:11:41.0907 0x3a364  SENS - ok
13:11:41.0970 0x3a364  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:11:42.0017 0x3a364  Serenum - ok
13:11:42.0138 0x3a364  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:11:42.0180 0x3a364  Serial - ok
13:11:42.0305 0x3a364  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:11:42.0308 0x3a364  sermouse - ok
13:11:42.0483 0x3a364  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:11:42.0527 0x3a364  SessionEnv - ok
13:11:42.0565 0x3a364  [ 51CF56AA8BCC241F134B420B8F850406, 41DA7438039C791C35BDA5BD255D2CCFA85E5250325FAE4D5A4182AD819E71F1 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:11:42.0567 0x3a364  sffdisk - ok
13:11:42.0581 0x3a364  [ 96DED8B20C734AC41641CE275250E55D, E88317D0B31A98917AD30AD9F8CF6B59C1141FFBF7A150D8675A29B95FF150F3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:11:42.0582 0x3a364  sffp_mmc - ok
13:11:42.0596 0x3a364  [ 8B08CAB1267B2C377883FC9E56981F90, 4444AC438E805129103FAA48F22D0D6893AC5BD8FCA2A6D4DA51EBD8C75B7529 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:11:42.0596 0x3a364  sffp_sd - ok
13:11:42.0611 0x3a364  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:11:42.0612 0x3a364  sfloppy - ok
13:11:42.0641 0x3a364  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:11:42.0649 0x3a364  SharedAccess - ok
13:11:42.0746 0x3a364  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:11:42.0778 0x3a364  ShellHWDetection - ok
13:11:42.0824 0x3a364  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:11:42.0825 0x3a364  sisagp - ok
13:11:42.0868 0x3a364  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:11:42.0869 0x3a364  SiSRaid2 - ok
13:11:42.0913 0x3a364  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:11:42.0925 0x3a364  SiSRaid4 - ok
13:11:43.0256 0x3a364  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
13:11:43.0389 0x3a364  slsvc - ok
13:11:43.0444 0x3a364  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:11:43.0447 0x3a364  SLUINotify - ok
13:11:43.0506 0x3a364  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:11:43.0508 0x3a364  Smb - ok
13:11:43.0568 0x3a364  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:11:43.0594 0x3a364  SNMPTRAP - ok
13:11:43.0631 0x3a364  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:11:43.0639 0x3a364  spldr - ok
13:11:43.0670 0x3a364  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
13:11:43.0674 0x3a364  Spooler - ok
13:11:43.0713 0x3a364  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:11:43.0720 0x3a364  srv - ok
13:11:43.0815 0x3a364  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:11:43.0819 0x3a364  srv2 - ok
13:11:43.0842 0x3a364  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:11:43.0845 0x3a364  srvnet - ok
13:11:43.0937 0x3a364  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:11:43.0942 0x3a364  SSDPSRV - ok
13:11:43.0996 0x3a364  [ 8564BC9598BE1705477B7FA61D657C2B, 6B032A9BCFC3806B6F97D6E5633391C4954230AD87EC4956C9621CF9982CB6EF ] SSKBFD          C:\Windows\system32\Drivers\sskbfd.sys
13:11:43.0997 0x3a364  SSKBFD - ok
13:11:44.0065 0x3a364  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:11:44.0077 0x3a364  SstpSvc - ok
13:11:44.0245 0x3a364  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
13:11:44.0259 0x3a364  stisvc - ok
13:11:44.0270 0x3a364  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:11:44.0271 0x3a364  swenum - ok
13:11:44.0323 0x3a364  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
13:11:44.0331 0x3a364  swprv - ok
13:11:44.0392 0x3a364  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:11:44.0497 0x3a364  Symc8xx - ok
13:11:44.0500 0x3a364  SymIM - ok
13:11:44.0502 0x3a364  SymIMMP - ok
13:11:44.0537 0x3a364  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:11:44.0554 0x3a364  Sym_hi - ok
13:11:44.0575 0x3a364  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:11:44.0577 0x3a364  Sym_u3 - ok
13:11:44.0757 0x3a364  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
13:11:44.0777 0x3a364  SysMain - ok
13:11:44.0800 0x3a364  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:11:44.0813 0x3a364  TabletInputService - ok
13:11:44.0889 0x3a364  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:11:44.0896 0x3a364  TapiSrv - ok
13:11:44.0947 0x3a364  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
13:11:44.0949 0x3a364  TBS - ok
13:11:45.0112 0x3a364  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:11:45.0131 0x3a364  Tcpip - ok
13:11:45.0155 0x3a364  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:11:45.0170 0x3a364  Tcpip6 - ok
13:11:45.0214 0x3a364  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:11:45.0225 0x3a364  tcpipreg - ok
13:11:45.0265 0x3a364  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:11:45.0273 0x3a364  TDPIPE - ok
13:11:45.0314 0x3a364  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:11:45.0316 0x3a364  TDTCP - ok
13:11:45.0383 0x3a364  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:11:45.0412 0x3a364  tdx - ok
13:11:45.0451 0x3a364  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:11:45.0452 0x3a364  TermDD - ok
13:11:45.0511 0x3a364  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
13:11:45.0522 0x3a364  TermService - ok
13:11:45.0562 0x3a364  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
13:11:45.0567 0x3a364  Themes - ok
13:11:45.0610 0x3a364  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:11:45.0612 0x3a364  THREADORDER - ok
13:11:45.0766 0x3a364  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
13:11:45.0795 0x3a364  TrkWks - ok
13:11:45.0874 0x3a364  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:11:45.0875 0x3a364  TrustedInstaller - ok
13:11:45.0906 0x3a364  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:11:45.0907 0x3a364  tssecsrv - ok
13:11:45.0950 0x3a364  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:11:45.0973 0x3a364  tunmp - ok
13:11:46.0016 0x3a364  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:11:46.0030 0x3a364  tunnel - ok
13:11:46.0055 0x3a364  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:11:46.0057 0x3a364  uagp35 - ok
13:11:46.0099 0x3a364  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:11:46.0105 0x3a364  udfs - ok
13:11:46.0151 0x3a364  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:11:46.0154 0x3a364  UI0Detect - ok
13:11:46.0183 0x3a364  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:11:46.0185 0x3a364  uliagpkx - ok
13:11:46.0207 0x3a364  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:11:46.0212 0x3a364  uliahci - ok
13:11:46.0233 0x3a364  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:11:46.0236 0x3a364  UlSata - ok
13:11:46.0260 0x3a364  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:11:46.0263 0x3a364  ulsata2 - ok
13:11:46.0326 0x3a364  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:11:46.0328 0x3a364  umbus - ok
13:11:46.0417 0x3a364  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:11:46.0427 0x3a364  UMVPFSrv - ok
13:11:46.0509 0x3a364  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
13:11:46.0522 0x3a364  upnphost - ok
13:11:46.0559 0x3a364  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:11:46.0560 0x3a364  USBAAPL - ok
13:11:46.0614 0x3a364  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:11:46.0617 0x3a364  usbaudio - ok
13:11:46.0658 0x3a364  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:11:46.0660 0x3a364  usbccgp - ok
13:11:46.0704 0x3a364  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
13:11:46.0706 0x3a364  usbcir - ok
13:11:46.0732 0x3a364  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:11:46.0733 0x3a364  usbehci - ok
13:11:46.0755 0x3a364  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:11:46.0760 0x3a364  usbhub - ok
13:11:46.0820 0x3a364  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:11:46.0832 0x3a364  usbohci - ok
13:11:46.0870 0x3a364  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:11:46.0912 0x3a364  usbprint - ok
13:11:46.0929 0x3a364  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:11:46.0932 0x3a364  USBSTOR - ok
13:11:46.0963 0x3a364  [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:11:46.0964 0x3a364  usbuhci - ok
13:11:47.0029 0x3a364  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:11:47.0049 0x3a364  usbvideo - ok
13:11:47.0107 0x3a364  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
13:11:47.0121 0x3a364  UxSms - ok
13:11:47.0232 0x3a364  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
13:11:47.0242 0x3a364  vds - ok
13:11:47.0286 0x3a364  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:11:47.0301 0x3a364  vga - ok
13:11:47.0349 0x3a364  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:11:47.0365 0x3a364  VgaSave - ok
13:11:47.0429 0x3a364  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:11:47.0449 0x3a364  viaagp - ok
13:11:47.0492 0x3a364  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:11:47.0493 0x3a364  ViaC7 - ok
13:11:47.0509 0x3a364  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:11:47.0510 0x3a364  viaide - ok
13:11:47.0528 0x3a364  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:11:47.0542 0x3a364  volmgr - ok
13:11:47.0877 0x3a364  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:11:47.0952 0x3a364  volmgrx - ok
13:11:48.0002 0x3a364  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:11:48.0052 0x3a364  volsnap - ok
13:11:48.0073 0x3a364  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:11:48.0076 0x3a364  vsmraid - ok
13:11:48.0208 0x3a364  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
13:11:48.0267 0x3a364  VSS - ok
13:11:48.0317 0x3a364  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
13:11:48.0324 0x3a364  W32Time - ok
13:11:48.0350 0x3a364  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:11:48.0365 0x3a364  WacomPen - ok
13:11:48.0405 0x3a364  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:11:48.0423 0x3a364  Wanarp - ok
13:11:48.0427 0x3a364  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:11:48.0428 0x3a364  Wanarpv6 - ok
13:11:48.0496 0x3a364  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:11:48.0506 0x3a364  wcncsvc - ok
13:11:48.0543 0x3a364  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:11:48.0554 0x3a364  WcsPlugInService - ok
13:11:48.0573 0x3a364  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
13:11:48.0574 0x3a364  Wd - ok
13:11:48.0647 0x3a364  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:11:48.0659 0x3a364  Wdf01000 - ok
13:11:48.0703 0x3a364  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:11:48.0719 0x3a364  WdiServiceHost - ok
13:11:48.0726 0x3a364  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:11:48.0728 0x3a364  WdiSystemHost - ok
13:11:48.0797 0x3a364  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
13:11:48.0807 0x3a364  WebClient - ok
13:11:48.0859 0x3a364  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:11:48.0866 0x3a364  Wecsvc - ok
13:11:48.0919 0x3a364  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:11:48.0927 0x3a364  wercplsupport - ok
13:11:48.0979 0x3a364  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:11:48.0989 0x3a364  WerSvc - ok
13:11:49.0087 0x3a364  [ 72CC6A8CA7891031D6380DB5025C773C, 33D5021C3A2FE8E9F6E2C22F4777E1D82A6B3998EB857B618A3C8838D3C8B03E ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:11:49.0102 0x3a364  winachsf - ok
13:11:49.0251 0x3a364  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:11:49.0258 0x3a364  WinDefend - ok
13:11:49.0263 0x3a364  WinHttpAutoProxySvc - ok
13:11:49.0368 0x3a364  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:11:49.0372 0x3a364  Winmgmt - ok
13:11:49.0678 0x3a364  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:11:49.0705 0x3a364  WinRM - ok
13:11:49.0803 0x3a364  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:11:49.0816 0x3a364  Wlansvc - ok
13:11:49.0869 0x3a364  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:11:49.0870 0x3a364  WmiAcpi - ok
13:11:49.0931 0x3a364  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:11:49.0938 0x3a364  wmiApSrv - ok
13:11:50.0099 0x3a364  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:11:50.0161 0x3a364  WMPNetworkSvc - ok
13:11:50.0194 0x3a364  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:11:50.0204 0x3a364  WPCSvc - ok
13:11:50.0270 0x3a364  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:11:50.0274 0x3a364  WPDBusEnum - ok
13:11:50.0360 0x3a364  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:11:50.0374 0x3a364  WpdUsb - ok
13:11:50.0548 0x3a364  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:11:50.0586 0x3a364  WPFFontCache_v0400 - ok
13:11:50.0626 0x3a364  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:11:50.0641 0x3a364  ws2ifsl - ok
13:11:50.0688 0x3a364  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:11:50.0691 0x3a364  wscsvc - ok
13:11:50.0694 0x3a364  WSearch - ok
13:11:50.0973 0x3a364  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:11:51.0017 0x3a364  wuauserv - ok
13:11:51.0075 0x3a364  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:11:51.0077 0x3a364  WudfPf - ok
13:11:51.0152 0x3a364  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:11:51.0163 0x3a364  WUDFRd - ok
13:11:51.0225 0x3a364  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:11:51.0228 0x3a364  wudfsvc - ok
13:11:51.0316 0x3a364  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
13:11:51.0340 0x3a364  XAudio - ok
13:11:51.0451 0x3a364  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
13:11:51.0465 0x3a364  XAudioService - ok
13:11:51.0494 0x3a364  ================ Scan global ===============================
13:11:51.0564 0x3a364  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
13:11:51.0635 0x3a364  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:11:51.0654 0x3a364  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:11:51.0812 0x3a364  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
13:11:51.0820 0x3a364  [ Global ] - ok
13:11:51.0822 0x3a364  ================ Scan MBR ==================================
13:11:51.0824 0x3a364  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
13:11:51.0828 0x3a364  \Device\Harddisk1\DR1 - ok
13:11:51.0845 0x3a364  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
13:11:52.0106 0x3a364  \Device\Harddisk0\DR0 - ok
13:11:52.0107 0x3a364  ================ Scan VBR ==================================
13:11:52.0109 0x3a364  [ 6A081E52EACAD906205E5224FA144D58 ] \Device\Harddisk1\DR1\Partition1
13:11:52.0153 0x3a364  \Device\Harddisk1\DR1\Partition1 - ok
13:11:52.0156 0x3a364  [ DBD85DAE62B30D6C67FDD91C6B183FEE ] \Device\Harddisk0\DR0\Partition1
13:11:52.0245 0x3a364  \Device\Harddisk0\DR0\Partition1 - ok
13:11:52.0280 0x3a364  [ 16A08FD914D72D90AFBD4E3A0F31A6D1 ] \Device\Harddisk0\DR0\Partition2
13:11:52.0281 0x3a364  \Device\Harddisk0\DR0\Partition2 - ok
13:11:52.0282 0x3a364  ================ Scan generic autorun ======================
13:11:52.0373 0x3a364  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
13:11:52.0471 0x3a364  Windows Defender - ok
13:11:52.0627 0x3a364  [ 9A4322EE420D6FACD4D4B1FF6CB856B1, 527BF61885161B8D93C317CAC1FC8B8A709F0D4AF3599A000C82FE861D6019EF ] c:\hp\support\hpsysdrv.exe
13:11:52.0628 0x3a364  hpsysdrv - ok
13:11:52.0668 0x3a364  [ 7088B136BB58A5F95CF0DE8386CA6C0F, 7136F482C3795B6A18F4315FD9F01C88CD0372C4B4E3B6CE994402459D7BEDC9 ] C:\HP\KBD\KbdStub.EXE
13:11:52.0691 0x3a364  KBD - ok
13:11:52.0736 0x3a364  [ B1361669BDC6ED612C35B7C67ADA2240, 85ECCA86F7FFD69A0B6BDDC6844FB2E935744B8A825DEAE160180833C556B08B ] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
13:11:52.0739 0x3a364  OsdMaestro - ok
13:11:52.0936 0x3a364  [ 361CD47DC5BD83EE24407903233B0D9A, 95C5C141E167EB602D6DF7D737DDCBAA89C23A34248CCDF028C5A0086C80EDCB ] C:\Windows\RtHDVCpl.exe
13:11:53.0120 0x3a364  RtHDVCpl - ok
13:11:53.0127 0x3a364  HP Health Check Scheduler - ok
13:11:53.0290 0x3a364  [ 4F89DD4EA74C66916E15A6E7D74A50B5, EADFE05A413AED21D31F051CD81DAEFEF70D303E811A359A621795CA7351119C ] C:\Windows\system32\jureg.exe
13:11:53.0292 0x3a364  SunJavaUpdateReg - ok
13:11:53.0359 0x3a364  [ 9130146616F4A2B25100EBCBF530AB61, 49FBEF129A4837B858A0036FF42A7D53102B0DD4D2A934057DE3C4AD963F49E3 ] C:\Windows\SMINST\launcher.exe
13:11:53.0378 0x3a364  Launcher - ok
13:11:53.0566 0x3a364  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:11:53.0592 0x3a364  Sidebar - ok
13:11:53.0594 0x3a364  WindowsWelcomeCenter - ok
13:11:53.0623 0x3a364  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:11:53.0642 0x3a364  Sidebar - ok
13:11:53.0645 0x3a364  WindowsWelcomeCenter - ok
13:11:53.0646 0x3a364  HPAdvisor - ok
13:11:53.0750 0x3a364  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
13:11:53.0753 0x3a364  ehTray.exe - ok
13:11:53.0899 0x3a364  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
13:11:53.0900 0x3a364  swg - ok
13:11:53.0970 0x3a364  EA Core - ok
13:11:54.0082 0x3a364  [ 55756CE78867DDD93B1A7EF5EBFB7FBD, A5CC07D6853D405E87B8C351B0B40389AE3EB16B8777E340560380B54C1BC546 ] C:\Program Files\Olympus\ib\olycamdetect.exe
13:11:54.0084 0x3a364  Olympus ib - ok
13:11:54.0200 0x3a364  [ 4B4F81C294B9A07479F4F4F8FF20E58C, 2D034E1E75E8A425E620A3920E28F49CB0721129E37E7764B0FA7FA960A0F253 ] C:\Program Files\Garmin\gStart.exe
13:11:54.0242 0x3a364  gStart - ok
13:11:54.0937 0x3a364  [ 0FF101F5C767393195602237E211B311, 2967E4C155728219371D9E1DCF34C9A67904EB993110BB667F0DB4C610626D11 ] C:\Program Files\Logitech\Vid HD\Vid.exe
13:11:55.0260 0x3a364  Logitech Vid - ok
13:11:55.0275 0x3a364  Ovbphdt - ok
13:11:55.0275 0x3a364  Waiting for KSN requests completion. In queue: 34
13:11:56.0275 0x3a364  Waiting for KSN requests completion. In queue: 34
13:11:57.0275 0x3a364  Waiting for KSN requests completion. In queue: 34
13:11:58.0275 0x3a364  Waiting for KSN requests completion. In queue: 34
13:11:59.0388 0x3a364  Win FW state via NFP2: enabled
13:12:03.0289 0x3a364  ============================================================
13:12:03.0289 0x3a364  Scan finished
13:12:03.0289 0x3a364  ============================================================
13:12:03.0295 0x3a6e8  Detected object count: 0
13:12:03.0295 0x3a6e8  Actual detected object count: 0



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 12 January 2015 - 03:53 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 12 January 2015 - 07:06 PM

Thanks, TB-Psychotic.  Ran combofix and contents are attached.

ComboFix 15-01-08.01 - Bestbuy 01/12/2015  18:09:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3325.1694 [GMT -5:00]
Running from: c:\users\Bestbuy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\program files\Uniblue\SpeedUpMyPC
c:\program files\Uniblue\SpeedUpMyPC\cleaner-config.xml
c:\program files\Uniblue\SpeedUpMyPC\CommandDispatchers.xml
c:\program files\Uniblue\SpeedUpMyPC\ErrorLogs\error_log.txt
c:\programdata\ntuser.pol
c:\users\Bestbuy\AppData\Roaming\Microsoft\Crypto\RSA\RSA3397362352.dll
c:\users\Bestbuy\AppData\Roaming\Microsoft\Windows\Recent\OneNote Table Of Contents.onetoc2
c:\users\Bestbuy\g2mdlhlpx.exe
c:\users\Bestbuy\GoToAssistDownloadHelper.exe
c:\windows\COUPon~1.ocx
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-12 to 2015-01-12  )))))))))))))))))))))))))))))))
.
.
2015-01-12 23:24 . 2015-01-12 23:45	--------	d-----w-	c:\users\Bestbuy\AppData\Local\temp
2015-01-12 23:24 . 2015-01-12 23:24	--------	d-----w-	c:\users\Experience\AppData\Local\temp
2015-01-12 23:24 . 2015-01-12 23:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-12 07:27 . 2015-01-12 07:27	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F11FBC3F-E59A-4577-9E46-DCD6EE980834}\offreg.dll
2015-01-10 21:05 . 2015-01-10 21:05	--------	d-----w-	c:\users\Bestbuy\AppData\Local\Idsoft
2015-01-10 20:51 . 2015-01-10 20:53	--------	d-----w-	c:\users\Bestbuy\AppData\Local\Ofics
2015-01-09 18:08 . 2015-01-09 18:08	--------	d-----w-	c:\program files\7-Zip
2015-01-09 17:54 . 2015-01-09 17:54	--------	d-----w-	c:\users\Bestbuy\AppData\Local\Rainmaker_Software_Group_
2015-01-09 17:53 . 2015-01-09 17:53	--------	d-----w-	c:\users\Bestbuy\AppData\Roaming\Rainmaker Software Group LLC.?
2015-01-09 16:01 . 2014-12-15 09:13	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F11FBC3F-E59A-4577-9E46-DCD6EE980834}\mpengine.dll
2015-01-09 15:51 . 2015-01-09 16:01	--------	d-----w-	C:\FRST
2015-01-06 08:00 . 2015-01-06 08:00	--------	d-----w-	c:\windows\CheckSur
2015-01-05 00:47 . 2015-01-05 00:48	--------	d-----w-	c:\program files\Cobian Backup 11
2015-01-04 23:18 . 2015-01-04 23:19	--------	d-----w-	c:\programdata\McAfee
2015-01-04 23:18 . 2015-01-10 19:07	--------	d-----w-	c:\program files\Common Files\McAfee
2015-01-04 05:37 . 2015-01-04 05:37	--------	d-----w-	c:\programdata\Citrix
2015-01-03 19:59 . 2015-01-03 19:59	269369	------w-	c:\programdata\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe
2014-12-30 20:27 . 2008-01-19 07:34	89600	------w-	c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2014-12-26 08:08 . 2014-11-04 00:19	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-26 08:07 . 2014-11-07 01:33	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-26 08:00 . 2014-12-03 02:06	278528	----a-w-	c:\windows\system32\schannel.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 09:36 . 2009-10-03 06:03	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-11-18 19:56 . 2014-11-18 19:56	1202848	------w-	c:\windows\system32\FM20.DLL
2014-10-24 01:04 . 2014-11-12 08:13	67072	----a-w-	c:\windows\system32\packager.dll
2014-10-24 01:03 . 2014-11-20 08:01	499200	----a-w-	c:\windows\system32\kerberos.dll
2014-10-18 01:08 . 2014-11-12 08:09	564224	----a-w-	c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"gStart"="c:\program files\Garmin\gStart.exe" [2008-08-13 1891416]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]
"Ovbphdt"="c:\users\Bestbuy\AppData\Local\Unity\Ovbphdt.dll" [2015-01-06 254464]
"Ofics"="c:\users\Bestbuy\AppData\Local\Ofics\2444.exe" [2015-01-10 174080]
"YnwPack"="c:\users\Bestbuy\AppData\Local\Ofics\RWImageCodecPNG.dll" [2015-01-10 1294336]
"Idsoft"="c:\users\Bestbuy\AppData\Local\Idsoft\webapprt-stub.dll" [2015-01-10 1288704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2014-01-03 295512]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}"="c:\programdata\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe" [2015-01-03 269369]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2009-7-10 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2015-01-04 18:26	14232	------w-	c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 14:28]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9fd643478d.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 09:59]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf69eaee29e89.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 09:59]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfff29486573c4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 09:59]
.
2015-01-11 c:\windows\Tasks\HPCeeScheduleForBestbuy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-10 00:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-RSA3397362352 - c:\users\Bestbuy\AppData\Roaming\Microsoft\Crypto\RSA\RSA3397362352.dll
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
Notify-DfLogon - LogonDll.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-12 18:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HDT725032VLA380 rev.V54OA7BA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-7 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-01-12  18:48:48
ComboFix-quarantined-files.txt  2015-01-12 23:48
.
Pre-Run: 179,137,404,928 bytes free
Post-Run: 182,927,097,856 bytes free
.
- - End Of File - - C9F18C34DCF6AC34C9638F0C36217F3A
5C616939100B85E558DA92B899A0FC36



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 13 January 2015 - 10:29 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 13 January 2015 - 02:29 PM

Thank you, TB-Psychotic!  I completed the steps and results are attached below.  I had noticed that there were several google chrome processes running since one of the McAfee techs launched google chrome on my pc.  While the processes showed, there never was an application visable.  Those appear to be gone now.  Are we almost complete?  I appreciate your help very much.

 

Alan

ComboFix 15-01-08.01 - Bestbuy 01/13/2015  13:15:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3325.899 [GMT -5:00]
Running from: c:\users\Bestbuy\Desktop\ComboFix.exe
Command switches used :: c:\users\Bestbuy\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}
c:\programdata\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe
c:\users\Bestbuy\AppData\Local\Idsoft
c:\users\Bestbuy\AppData\Local\Idsoft\webapprt-stub.dll
c:\users\Bestbuy\AppData\Local\Idsoft\webapprt-stub.lck
c:\users\Bestbuy\AppData\Local\Ofics
c:\users\Bestbuy\AppData\Local\Ofics\{7E75E2AD-1C65-8377-D00A-460C408E1523}
c:\users\Bestbuy\AppData\Local\Ofics\2444.exe
c:\users\Bestbuy\AppData\Local\Ofics\RWImageCodecPNG.dll
c:\users\Bestbuy\AppData\Local\Ofics\RWImageCodecPNG.lck
c:\users\Bestbuy\AppData\Local\Rainmaker_Software_Group_
c:\users\Bestbuy\AppData\Local\Rainmaker_Software_Group_\ProPCCleaner.exe_Url_eu3leohf2lkst0pmyizeddn2uwebg12q\2.5.6.0\user.config
c:\users\Bestbuy\AppData\Local\Unity
c:\users\Bestbuy\AppData\Local\Unity\Ovbphdt.dll
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\Data\lib\Boo.Lang.dll
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\Data\lib\UnityEngine.dll
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\Data\lib\UnityScript.Lang.dll
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\Data\unity default resources
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\info.plist
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\npUnity3D32.dll
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\UnityBugReporter.exe
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\UnityWebPlayerUpdate.exe
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\UnityWebPluginAX.ocx
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\webplayer_win.dll
c:\users\Bestbuy\AppData\Local\Unity\UnityWebPlayer\player\fusion-2.x.x\wrap_oal.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-13 to 2015-01-13  )))))))))))))))))))))))))))))))
.
.
2015-01-13 18:27 . 2015-01-13 18:27	--------	d-----w-	c:\users\Experience\AppData\Local\temp
2015-01-13 18:27 . 2015-01-13 18:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-12 23:48 . 2015-01-13 18:30	--------	d-----w-	c:\users\Bestbuy\AppData\Local\temp
2015-01-09 18:08 . 2015-01-09 18:08	--------	d-----w-	c:\program files\7-Zip
2015-01-09 17:53 . 2015-01-09 17:53	--------	d-----w-	c:\users\Bestbuy\AppData\Roaming\Rainmaker Software Group LLC.?
2015-01-09 15:51 . 2015-01-09 16:01	--------	d-----w-	C:\FRST
2015-01-06 08:00 . 2015-01-06 08:00	--------	d-----w-	c:\windows\CheckSur
2015-01-05 00:47 . 2015-01-05 00:48	--------	d-----w-	c:\program files\Cobian Backup 11
2015-01-04 23:18 . 2015-01-04 23:19	--------	d-----w-	c:\programdata\McAfee
2015-01-04 23:18 . 2015-01-10 19:07	--------	d-----w-	c:\program files\Common Files\McAfee
2015-01-04 05:37 . 2015-01-04 05:37	--------	d-----w-	c:\programdata\Citrix
2014-12-30 20:27 . 2008-01-19 07:34	89600	------w-	c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2014-12-26 08:08 . 2014-11-04 00:19	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-26 08:07 . 2014-11-07 01:33	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-26 08:00 . 2014-12-03 02:06	278528	----a-w-	c:\windows\system32\schannel.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 09:36 . 2009-10-03 06:03	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-15 09:13 . 2015-01-09 16:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F11FBC3F-E59A-4577-9E46-DCD6EE980834}\mpengine.dll
2014-11-18 19:56 . 2014-11-18 19:56	1202848	------w-	c:\windows\system32\FM20.DLL
2014-10-24 01:04 . 2014-11-12 08:13	67072	----a-w-	c:\windows\system32\packager.dll
2014-10-24 01:03 . 2014-11-20 08:01	499200	----a-w-	c:\windows\system32\kerberos.dll
2014-10-18 01:08 . 2014-11-12 08:09	564224	----a-w-	c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"gStart"="c:\program files\Garmin\gStart.exe" [2008-08-13 1891416]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2014-01-03 295512]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2009-7-10 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2015-01-04 18:26	14232	------w-	c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 14:28]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8c9fd643478d.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 09:59]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf69eaee29e89.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 09:59]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfff29486573c4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 09:59]
.
2015-01-11 c:\windows\Tasks\HPCeeScheduleForBestbuy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-10 00:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-13 13:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atiesrxx.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cobian Backup 11\cbVSCService11.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-01-13  13:38:27 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-13 18:38
ComboFix2.txt  2015-01-12 23:48
.
Pre-Run: 184,075,128,832 bytes free
Post-Run: 183,962,030,080 bytes free
.
- - End Of File - - 1B2C9B4CEDF506560283BD74132C8991
5C616939100B85E558DA92B899A0FC36

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/13/2015
Scan Time: 1:58:15 PM
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.13.14
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Bestbuy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372981
Time Elapsed: 14 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [d71b3eb8f89159dd0ee29b89fa09b749], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [d71b3eb8f89159dd0ee29b89fa09b749], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [d71b3eb8f89159dd0ee29b89fa09b749], 
Adware.ClosetMaid, HKU\S-1-5-21-2904036567-3763645971-1745593985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96}, Quarantined, [cf23a5516a1f072f0b949d679b6842be], 
Adware.ClosetMaid, HKU\S-1-5-21-2904036567-3763645971-1745593985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96}, Quarantined, [cf23a5516a1f072f0b949d679b6842be], 
PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\Freeze.com, Quarantined, [b0426a8cf69364d259a2cda2a55ef907], 
Trojan.FakeAlert, HKU\S-1-5-21-2904036567-3763645971-1745593985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\qnpn7rjv93lf, Quarantined, [7b779a5caddc7cbab5613da02fd449b7], 

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-2904036567-3763645971-1745593985-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[cd25c72ff792bd79b8db127d19ec02fe]

Folders: 2
PUP.Optional.OpenCandy, C:\Users\Bestbuy\AppData\Roaming\OpenCandy, Quarantined, [c230cd29f9903ef852045cd909fae917], 
PUP.Optional.OpenCandy, C:\Users\Bestbuy\AppData\Roaming\OpenCandy\A8D8380435C84798A8E3144A42C31B06, Quarantined, [c230cd29f9903ef852045cd909fae917], 

Files: 9
Backdoor.Bot, C:\ProgramData\Windows Genuine Advantage\{1AAFD473-84AB-4A9E-B1F1-C1BD4385749C}\msiexec.exe, Quarantined, [25cd33c35c2d152120aaf217649e966a], 
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{5D1F21B4-9CC0-4B9E-BAF0-40DC2771EABA}\p2pcollab62.dll, Quarantined, [876bd0261a6f2610ed5018f15ca6df21], 
Backdoor.Bot, C:\ProgramData\Windows Genuine Advantage\{B17B0B81-F521-4653-8E22-88E8C073F8C0}\msiexec.exe, Quarantined, [ac461adc216855e16d5d30d981818b75], 
Trojan.EDVBGen, C:\ProgramData\Windows Genuine Advantage\{D908991F-76B1-4EA4-816C-ECA1AA69A4F6}\msiexec.exe, Quarantined, [cf23e11528613df97102a85e22e025db], 
PUP.Optional.OpenCandy, C:\Users\Bestbuy\Downloads\GOMPLAYERENSETUP.EXE, Quarantined, [ba387b7bb8d176c096ee00b9a06528d8], 
Trojan.Chrome.INJ, C:\Users\Bestbuy\AppData\Local\Apps\Ovbphdt.dll, Quarantined, [f4fec234b2d741f5a91811f470928d73], 
Trojan.Chrome.INJ, C:\Users\Bestbuy\AppData\Local\Autodesk\Ovbphdt.dll, Quarantined, [3fb3d422dbaee94db05e08fe9b6746ba], 
PUP.Optional.OpenCandy, C:\Users\Bestbuy\AppData\Roaming\OpenCandy\A8D8380435C84798A8E3144A42C31B06\AVG Safeguard.exe, Quarantined, [c230cd29f9903ef852045cd909fae917], 
PUP.Optional.OpenCandy, C:\Users\Bestbuy\AppData\Roaming\OpenCandy\A8D8380435C84798A8E3144A42C31B06\AVG_Toolbar_CB_ALL_p3v5.exe, Quarantined, [c230cd29f9903ef852045cd909fae917], 

Physical Sectors: 0
(No malicious items detected)


(end)


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 14 January 2015 - 02:34 AM

Are you really sure that it was a legitimate McAfee service desk agent?

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 14 January 2015 - 08:51 PM

Thanks TB-Psychotic. Sadly, yes. I am sure it was a McAfee tech.

 

Ran the scan. It found 10 infected files. See below. Some nasty stuff.

C:\found.000\dir0001.chk\amateur big tits dawns place sasha porn grey first my body .avi	a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\found.000\dir0001.chk\Danni Ashe & Nadine Jansen.mpg	a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll	Win32/OpenCandy potentially unsafe application
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}\{ac9ffae2-959e-bb7c-975f-b7e97b6d3cfc}.exe.vir	a variant of Win32/Kryptik.CNOB trojan
C:\Qoobox\Quarantine\C\Users\Bestbuy\AppData\Local\Idsoft\webapprt-stub.dll.vir	a variant of Win32/Packed.Themida potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Bestbuy\AppData\Local\Ofics\2444.exe.vir	a variant of Win32/Kryptik.CUYU trojan
C:\Qoobox\Quarantine\C\Users\Bestbuy\AppData\Local\Ofics\RWImageCodecPNG.dll.vir	a variant of Win32/Packed.Themida potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Bestbuy\AppData\Local\Unity\Ovbphdt.dll.vir	Win32/TrojanDownloader.Tracur.AM trojan
C:\Qoobox\Quarantine\C\Users\Bestbuy\AppData\Roaming\Microsoft\Crypto\RSA\RSA3397362352.dll.vir	a variant of Win32/Rovnix.T trojan
C:\Users\Bestbuy\AppData\LocalLow\chyuyrj.dll	a variant of Win32/Kryptik.CVAW trojan



#14 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 14 January 2015 - 08:52 PM

Should I rerun the scan and choose to remove the threats found?



#15 asmhatinviruses

asmhatinviruses
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 16 January 2015 - 01:23 PM

Hi TB-Psychotic.  Should I do something about the 10 infected files that were found then try to load my McAfee Antivirus protection?  Thanks for your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users