Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have Programs that are blocked by group policy.


  • This topic is locked This topic is locked
21 replies to this topic

#1 DrgnHmcd

DrgnHmcd

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 05 January 2015 - 10:57 PM

http://www.bleepingcomputer.com/forums/t/561697/this-program-is-blocked-by-group-policy-posted-in-windows-vista/

 

 

This was the link for the help i was receiving prior.  ThDDS (Ver_2012-11-20.01) - NTFS_x86 

 
 
Internet Explorer: 9.0.8112.16555
Run by Mike & Deb at 20:49:27 on 2015-01-05
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2036.852 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchAssistant = www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{15706FFB-8C67-47AA-9355-70D794BFB25A} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C201BB5A-AC33-4948-ADB3-BB4D72ABB0B8} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{CA9E4857-CECF-454C-9F06-D1CD41932C70} : NameServer = 8.8.8.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2014-6-28 39624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 142648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2014-11-16 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2014-5-16 37064]
S2 avgfws;AVG Firewall;"c:\program files\avg\avg2014\avgfws.exe" --> c:\program files\avg\avg2014\avgfws.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-28 114904]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-10 21744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2015-01-03 19:11:12 -------- d-----w- c:\program files\ESET
2015-01-02 00:20:03 -------- d-----w- C:\AdwCleaner
2014-12-29 06:04:54 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-29 06:03:49 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-29 06:03:49 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-29 06:03:49 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-29 06:03:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-29 01:37:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-12-29 01:37:44 -------- d-----w- c:\users\mike & deb\appdata\local\temp
2014-12-26 03:28:27 -------- d-----w- c:\program files\Christmas Eve - Midnights Call
2014-12-25 06:39:31 -------- d-----w- c:\users\mike & deb\appdata\local\ChristmasPuzzle2
2014-12-10 00:34:33 -------- d-----w- c:\programdata\Avg_Update_1214av
.
==================== Find3M  ====================
.
.
============= FINISH: 20:52:47.17 ===============
 

ey recommended this forum.  Here is the log and thank you for your time in advance.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 06 January 2015 - 04:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 08 January 2015 - 07:21 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16555
Run by Mike & Deb at 20:49:27 on 2015-01-05
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2036.852 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchAssistant = www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{15706FFB-8C67-47AA-9355-70D794BFB25A} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C201BB5A-AC33-4948-ADB3-BB4D72ABB0B8} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{CA9E4857-CECF-454C-9F06-D1CD41932C70} : NameServer = 8.8.8.8
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2014-6-28 39624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 142648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2014-11-16 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2014-5-16 37064]
S2 avgfws;AVG Firewall;"c:\program files\avg\avg2014\avgfws.exe" --> c:\program files\avg\avg2014\avgfws.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-28 114904]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-10 21744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2015-01-03 19:11:12 -------- d-----w- c:\program files\ESET
2015-01-02 00:20:03 -------- d-----w- C:\AdwCleaner
2014-12-29 06:04:54 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-29 06:03:49 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-29 06:03:49 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-29 06:03:49 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-29 06:03:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-29 01:37:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-12-29 01:37:44 -------- d-----w- c:\users\mike & deb\appdata\local\temp
2014-12-26 03:28:27 -------- d-----w- c:\program files\Christmas Eve - Midnights Call
2014-12-25 06:39:31 -------- d-----w- c:\users\mike & deb\appdata\local\ChristmasPuzzle2
2014-12-10 00:34:33 -------- d-----w- c:\programdata\Avg_Update_1214av
.
==================== Find3M  ====================
.
.
============= FINISH: 20:52:47.17 ===============


#4 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 08 January 2015 - 09:16 PM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-08 19:13:16
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.3.ADA 149.01GB
Running: bq97r2yl.exe; Driver: C:\Windows\TEMP\pxlyipow.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeKey [0x8E3146E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeMultipleKeys [0x8E314800]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenProcess [0x8E314010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenThread [0x8E3144D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendProcess [0x8E314300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendThread [0x8E3143E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateProcess [0x8E314120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateThread [0x8E314210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwWriteVirtualMemory [0x8E3145E0]
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\tdx \Device\Tcp                       avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                       avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                     avgtdix.sys
AttachedDevice  \FileSystem\fastfat \Fat                      fltmgr.sys
 
---- EOF - GMER 2.1 ----


#5 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 08 January 2015 - 09:19 PM

19:16:51.0460 0x1230  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
19:17:02.0661 0x1230  ============================================================
19:17:02.0661 0x1230  Current date / time: 2015/01/08 19:17:02.0661
19:17:02.0661 0x1230  SystemInfo:
19:17:02.0661 0x1230  
19:17:02.0661 0x1230  OS Version: 6.0.6002 ServicePack: 2.0
19:17:02.0661 0x1230  Product type: Workstation
19:17:02.0661 0x1230  ComputerName: DIMAIOFAMILY
19:17:02.0661 0x1230  UserName: Mike & Deb
19:17:02.0661 0x1230  Windows directory: C:\Windows
19:17:02.0661 0x1230  System windows directory: C:\Windows
19:17:02.0661 0x1230  Processor architecture: Intel x86
19:17:02.0661 0x1230  Number of processors: 2
19:17:02.0661 0x1230  Page size: 0x1000
19:17:02.0661 0x1230  Boot type: Normal boot
19:17:02.0661 0x1230  ============================================================
19:17:03.0487 0x1230  KLMD registered as C:\Windows\system32\drivers\78464574.sys
19:17:03.0753 0x1230  System UUID: {85EE7F49-7C9D-3CFE-86BF-0CDCD11CDFD0}
19:17:04.0646 0x1230  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 ( 149.01 Gb ), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:17:04.0708 0x1230  ============================================================
19:17:04.0708 0x1230  \Device\Harddisk0\DR0:
19:17:04.0708 0x1230  MBR partitions:
19:17:04.0708 0x1230  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
19:17:04.0708 0x1230  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x115ED000
19:17:04.0708 0x1230  ============================================================
19:17:04.0755 0x1230  C: <-> \Device\Harddisk0\DR0\Partition2
19:17:04.0786 0x1230  D: <-> \Device\Harddisk0\DR0\Partition1
19:17:04.0786 0x1230  ============================================================
19:17:04.0786 0x1230  Initialize success
19:17:04.0786 0x1230  ============================================================
19:17:22.0776 0x129c  ============================================================
19:17:22.0776 0x129c  Scan started
19:17:22.0776 0x129c  Mode: Manual; 
19:17:22.0776 0x129c  ============================================================
19:17:22.0776 0x129c  KSN ping started
19:17:23.0415 0x129c  KSN ping finished: true
19:17:25.0420 0x129c  ================ Scan system memory ========================
19:17:25.0420 0x129c  System memory - ok
19:17:25.0420 0x129c  ================ Scan services =============================
19:17:25.0529 0x129c  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:17:25.0529 0x129c  !SASCORE - ok
19:17:25.0685 0x129c  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:17:25.0685 0x129c  ACDaemon - ok
19:17:25.0810 0x129c  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:17:25.0826 0x129c  ACPI - ok
19:17:25.0872 0x129c  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:17:25.0888 0x129c  adp94xx - ok
19:17:25.0919 0x129c  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:17:25.0919 0x129c  adpahci - ok
19:17:25.0935 0x129c  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:17:25.0935 0x129c  adpu160m - ok
19:17:25.0950 0x129c  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:17:25.0966 0x129c  adpu320 - ok
19:17:26.0013 0x129c  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:17:26.0013 0x129c  AeLookupSvc - ok
19:17:26.0044 0x129c  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc             C:\Windows\system32\drivers\Afc.sys
19:17:26.0044 0x129c  Afc - ok
19:17:26.0091 0x129c  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
19:17:26.0106 0x129c  AFD - ok
19:17:26.0138 0x129c  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4, 2E89838BD068314F4BE59753486E5D666FE2A3DD0A616E00EED4E0F83DB87401 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:17:26.0138 0x129c  agp440 - ok
19:17:26.0184 0x129c  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:17:26.0184 0x129c  aic78xx - ok
19:17:26.0216 0x129c  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
19:17:26.0216 0x129c  ALG - ok
19:17:26.0232 0x129c  [ DC67A153FDB8105B25D05334B5E1D8E2, 95CD9ABE73EC1E5111F5D599FE16EB1B3A6A87B7FC54922254769032CD2BEF0E ] aliide          C:\Windows\system32\drivers\aliide.sys
19:17:26.0232 0x129c  aliide - ok
19:17:26.0235 0x129c  [ 848F27E5B27C1C253F6CEFDC1A5D8F21, 0FE955D82CE68A1FC5DCA33626179005B90803821005A370EB36352817433089 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:17:26.0238 0x129c  amdagp - ok
19:17:26.0256 0x129c  [ 835C4C3355088298A5EBD818FA31430F, 947E587F016AD3B2B4606334E03372F34D806ED1AFF4860E7EA2E289D70FB79E ] amdide          C:\Windows\system32\drivers\amdide.sys
19:17:26.0258 0x129c  amdide - ok
19:17:26.0331 0x129c  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:17:26.0331 0x129c  AmdK7 - ok
19:17:26.0347 0x129c  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:17:26.0347 0x129c  AmdK8 - ok
19:17:26.0378 0x129c  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
19:17:26.0378 0x129c  Appinfo - ok
19:17:26.0440 0x129c  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
19:17:26.0440 0x129c  arc - ok
19:17:26.0471 0x129c  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:17:26.0471 0x129c  arcsas - ok
19:17:26.0659 0x129c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:17:26.0659 0x129c  aspnet_state - ok
19:17:26.0690 0x129c  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:26.0690 0x129c  AsyncMac - ok
19:17:26.0737 0x129c  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
19:17:26.0737 0x129c  atapi - ok
19:17:26.0783 0x129c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:17:26.0799 0x129c  AudioEndpointBuilder - ok
19:17:26.0830 0x129c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:17:26.0846 0x129c  Audiosrv - ok
19:17:26.0908 0x129c  [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
19:17:26.0908 0x129c  Avgdiskx - ok
19:17:26.0939 0x129c  avgfws - ok
19:17:27.0314 0x129c  [ 4187E691A71B65955CA3DB9FBA31031C, CD765BBE166C457E08981A910D468886981508543E348FB8BA25941B7FB392FA ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
19:17:27.0376 0x129c  AVGIDSAgent - ok
19:17:27.0454 0x129c  [ E3664FA6777A428C30F2EBB4C26C2D63, 7D8F15CDF7FB223462D30D49A09EE934D2365812E63825EFA8ED9AF8E220CB96 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
19:17:27.0454 0x129c  AVGIDSDriver - ok
19:17:27.0485 0x129c  [ 6A019432682A6BD98B1548015CA7A4D4, B9C18B566754A06A0F2A7376885B4EA556F3C9182F2A76957DEDE399277C677E ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
19:17:27.0485 0x129c  AVGIDSHX - ok
19:17:27.0501 0x129c  [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
19:17:27.0501 0x129c  AVGIDSShim - ok
19:17:27.0548 0x129c  [ D3C8B449545ED1FEFA568AEF9482BD00, E03EFA58FF96B4EE3BBE9798F71F286F917D3E89F36392054C50E5CEB45F58D9 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
19:17:27.0563 0x129c  Avgldx86 - ok
19:17:27.0595 0x129c  [ D94378757947E02AE9BC484DF196A44D, 91B711C07320EFFDB780356EF84D39A06673198C4E0B45EE1D1412B996CB9227 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
19:17:27.0610 0x129c  Avglogx - ok
19:17:27.0657 0x129c  [ 23EB88D4FE226264953E2E7B89131A6B, 1B4EA36343319545AF81DDB48FA39F60F025C20E8BEB13663B08BD313F612578 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
19:17:27.0657 0x129c  Avgmfx86 - ok
19:17:27.0673 0x129c  [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
19:17:27.0688 0x129c  Avgrkx86 - ok
19:17:27.0719 0x129c  [ A9BED659C31F0D43B606E82BDF84C674, 9C2F3B8679AC47E4641995C63217B24EB592A859AC0681A2637365DE6E08A35D ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
19:17:27.0719 0x129c  Avgtdix - ok
19:17:27.0766 0x129c  [ 3218AA21B739C1C338DC8A555A66B755, 389E09C2CB51524B985B53D81289BCFB1E9DB89C70650C6D5D276391E2B56BCB ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
19:17:27.0766 0x129c  avgwd - ok
19:17:27.0813 0x129c  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:17:27.0813 0x129c  Beep - ok
19:17:27.0875 0x129c  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
19:17:27.0875 0x129c  BFE - ok
19:17:27.0938 0x129c  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
19:17:27.0969 0x129c  BITS - ok
19:17:27.0969 0x129c  blbdrive - ok
19:17:28.0016 0x129c  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:17:28.0016 0x129c  bowser - ok
19:17:28.0063 0x129c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:17:28.0063 0x129c  BrFiltLo - ok
19:17:28.0078 0x129c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:17:28.0078 0x129c  BrFiltUp - ok
19:17:28.0125 0x129c  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
19:17:28.0125 0x129c  Browser - ok
19:17:28.0156 0x129c  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:17:28.0156 0x129c  Brserid - ok
19:17:28.0187 0x129c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:17:28.0187 0x129c  BrSerWdm - ok
19:17:28.0235 0x129c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:17:28.0235 0x129c  BrUsbMdm - ok
19:17:28.0235 0x129c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:17:28.0236 0x129c  BrUsbSer - ok
19:17:28.0272 0x129c  BTCFilterService - ok
19:17:28.0304 0x129c  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:17:28.0304 0x129c  BTHMODEM - ok
19:17:28.0413 0x129c  catchme - ok
19:17:28.0460 0x129c  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:17:28.0460 0x129c  cdfs - ok
19:17:28.0522 0x129c  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:17:28.0522 0x129c  cdrom - ok
19:17:28.0569 0x129c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
19:17:28.0569 0x129c  CertPropSvc - ok
19:17:28.0600 0x129c  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:17:28.0600 0x129c  circlass - ok
19:17:28.0631 0x129c  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
19:17:28.0647 0x129c  CLFS - ok
19:17:28.0694 0x129c  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:28.0694 0x129c  clr_optimization_v2.0.50727_32 - ok
19:17:28.0740 0x129c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:28.0740 0x129c  clr_optimization_v4.0.30319_32 - ok
19:17:28.0772 0x129c  [ E79CBB2195E965F6E3256E2C1B23FD1C, 176819CEDE1BC16499B0E67EBDB46D7A627189D6B0DAF733B10FBE0DD3E030A2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:17:28.0787 0x129c  cmdide - ok
19:17:28.0803 0x129c  [ 722936AFB75A7F509662B69B5632F48A, C386EA5E933C5D3F3FE162AE91F7D81C7C0765A1F790B1FF7B396A9DBDB4AD33 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:17:28.0803 0x129c  Compbatt - ok
19:17:28.0803 0x129c  COMSysApp - ok
19:17:28.0818 0x129c  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:17:28.0834 0x129c  crcdisk - ok
19:17:28.0850 0x129c  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:17:28.0850 0x129c  Crusoe - ok
19:17:28.0912 0x129c  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:17:28.0912 0x129c  CryptSvc - ok
19:17:28.0974 0x129c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:17:29.0006 0x129c  DcomLaunch - ok
19:17:29.0037 0x129c  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:17:29.0037 0x129c  DfsC - ok
19:17:29.0193 0x129c  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
19:17:29.0271 0x129c  DFSR - ok
19:17:29.0333 0x129c  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:17:29.0333 0x129c  Dhcp - ok
19:17:29.0380 0x129c  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
19:17:29.0380 0x129c  disk - ok
19:17:29.0427 0x129c  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:17:29.0427 0x129c  Dnscache - ok
19:17:29.0458 0x129c  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
19:17:29.0458 0x129c  dot3svc - ok
19:17:29.0505 0x129c  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:17:29.0505 0x129c  Dot4 - ok
19:17:29.0536 0x129c  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:17:29.0536 0x129c  Dot4Print - ok
19:17:29.0552 0x129c  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
19:17:29.0552 0x129c  dot4usb - ok
19:17:29.0598 0x129c  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
19:17:29.0598 0x129c  DPS - ok
19:17:29.0630 0x129c  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:17:29.0630 0x129c  drmkaud - ok
19:17:29.0692 0x129c  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:17:29.0708 0x129c  DXGKrnl - ok
19:17:29.0754 0x129c  [ 04944F4FC4F0477185F5D26AE0DDB90E, 2D67A90905871A26FA227AF0B31F7A0026E100E3253BF3B6791F593E56619F9E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
19:17:29.0754 0x129c  e1express - ok
19:17:29.0786 0x129c  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:17:29.0786 0x129c  E1G60 - ok
19:17:29.0832 0x129c  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
19:17:29.0832 0x129c  EapHost - ok
19:17:29.0864 0x129c  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:17:29.0864 0x129c  Ecache - ok
19:17:29.0910 0x129c  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:17:29.0910 0x129c  elxstor - ok
19:17:29.0973 0x129c  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:17:29.0988 0x129c  EMDMgmt - ok
19:17:30.0035 0x129c  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
19:17:30.0051 0x129c  EventSystem - ok
19:17:30.0098 0x129c  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:17:30.0098 0x129c  exfat - ok
19:17:30.0113 0x129c  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:17:30.0113 0x129c  fastfat - ok
19:17:30.0160 0x129c  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:17:30.0160 0x129c  fdc - ok
19:17:30.0176 0x129c  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
19:17:30.0176 0x129c  fdPHost - ok
19:17:30.0207 0x129c  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:17:30.0207 0x129c  FDResPub - ok
19:17:30.0238 0x129c  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:17:30.0238 0x129c  FileInfo - ok
19:17:30.0274 0x129c  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:17:30.0274 0x129c  Filetrace - ok
19:17:30.0305 0x129c  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:30.0305 0x129c  flpydisk - ok
19:17:30.0337 0x129c  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:17:30.0352 0x129c  FltMgr - ok
19:17:30.0415 0x129c  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
19:17:30.0446 0x129c  FontCache - ok
19:17:30.0508 0x129c  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:17:30.0508 0x129c  FontCache3.0.0.0 - ok
19:17:30.0524 0x129c  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:17:30.0524 0x129c  Fs_Rec - ok
19:17:30.0555 0x129c  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:17:30.0555 0x129c  gagp30kx - ok
19:17:30.0602 0x129c  [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:17:30.0602 0x129c  GEARAspiWDM - ok
19:17:30.0666 0x129c  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
19:17:30.0682 0x129c  gpsvc - ok
19:17:30.0775 0x129c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:17:30.0775 0x129c  gupdate - ok
19:17:30.0791 0x129c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:17:30.0807 0x129c  gupdatem - ok
19:17:30.0853 0x129c  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:17:30.0869 0x129c  HDAudBus - ok
19:17:30.0900 0x129c  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:17:30.0916 0x129c  HidBth - ok
19:17:30.0916 0x129c  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:17:30.0916 0x129c  HidIr - ok
19:17:30.0963 0x129c  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
19:17:30.0963 0x129c  hidserv - ok
19:17:30.0994 0x129c  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:17:30.0994 0x129c  HidUsb - ok
19:17:31.0025 0x129c  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:17:31.0025 0x129c  hkmsvc - ok
19:17:31.0056 0x129c  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:17:31.0056 0x129c  HpCISSs - ok
19:17:31.0134 0x129c  [ 53229DCF431D76434816CD29251168A0, F27EF06B23F14C1D041275E8C1F9238151D81CFDBB6D58B2657BA3303CDEB7E1 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:17:31.0181 0x129c  HSF_DPV - ok
19:17:31.0212 0x129c  [ 21E25622478BE3B4BECDF1213BA5CDC8, 452245E1B11218BC9C0ADC528FCE9B912BD16A8820F8DA46E17EBCE1B6E34A4B ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
19:17:31.0212 0x129c  HssDRV6 - ok
19:17:31.0243 0x129c  [ ED98350ECD4A5A9C9F1E641C09872BB2, 6515D4DBCDC7CAAD84CAC4034F69EA389DA192FDD20D870C87822AA4EE19FF2C ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
19:17:31.0259 0x129c  HSXHWBS2 - ok
19:17:31.0321 0x129c  [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:17:31.0337 0x129c  HTTP - ok
19:17:31.0399 0x129c  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:17:31.0399 0x129c  i2omp - ok
19:17:31.0446 0x129c  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:17:31.0446 0x129c  i8042prt - ok
19:17:31.0509 0x129c  [ 997E8F5939F2D12CD9F2E6B395724C16, C22F10BADE29DA6F7EB79D9F5D81D9FBEC17D4D4F8B25E0AF4E5CEAE28E8ABF6 ] iaStor          C:\Windows\system32\drivers\iastor.sys
19:17:31.0524 0x129c  iaStor - ok
19:17:31.0555 0x129c  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:17:31.0571 0x129c  iaStorV - ok
19:17:31.0665 0x129c  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:17:31.0696 0x129c  idsvc - ok
19:17:31.0867 0x129c  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:17:31.0930 0x129c  igfx - ok
19:17:31.0961 0x129c  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:17:31.0961 0x129c  iirsp - ok
19:17:32.0023 0x129c  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:17:32.0039 0x129c  IKEEXT - ok
19:17:32.0133 0x129c  [ 4EAE74C8BCBCA309A5D7CBAD7E231427, FA68A5B58FB0DA46946B1BE63E2C70820E3EBB4A2858F17DF8AE4EAA59F042FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:17:32.0164 0x129c  IntcAzAudAddService - ok
19:17:32.0195 0x129c  [ 0084046C084D68E494F8CF36BCF08186, 1A40542A8E7ADE1944892F11DFA85307F342965A31D5697425E0BB86874D45F5 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:17:32.0195 0x129c  intelide - ok
19:17:32.0226 0x129c  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:17:32.0226 0x129c  intelppm - ok
19:17:32.0243 0x129c  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:17:32.0243 0x129c  IPBusEnum - ok
19:17:32.0298 0x129c  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:32.0298 0x129c  IpFilterDriver - ok
19:17:32.0329 0x129c  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:17:32.0329 0x129c  iphlpsvc - ok
19:17:32.0344 0x129c  IpInIp - ok
19:17:32.0360 0x129c  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:17:32.0376 0x129c  IPMIDRV - ok
19:17:32.0391 0x129c  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:17:32.0407 0x129c  IPNAT - ok
19:17:32.0438 0x129c  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:17:32.0438 0x129c  IRENUM - ok
19:17:32.0454 0x129c  [ 2F8ECE2699E7E2070545E9B0960A8ED2, 40214A9220C6EC232C245939E4F40A9FF6D30497E180EDC809B87938A922E52D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:17:32.0454 0x129c  isapnp - ok
19:17:32.0500 0x129c  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:17:32.0500 0x129c  iScsiPrt - ok
19:17:32.0516 0x129c  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:17:32.0516 0x129c  iteatapi - ok
19:17:32.0563 0x129c  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:17:32.0563 0x129c  iteraid - ok
19:17:32.0594 0x129c  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:32.0594 0x129c  kbdclass - ok
19:17:32.0625 0x129c  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:17:32.0625 0x129c  kbdhid - ok
19:17:32.0656 0x129c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
19:17:32.0656 0x129c  KeyIso - ok
19:17:32.0672 0x129c  kpsokjcu - ok
19:17:32.0719 0x129c  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:17:32.0734 0x129c  KSecDD - ok
19:17:32.0781 0x129c  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:17:32.0797 0x129c  KtmRm - ok
19:17:32.0828 0x129c  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:17:32.0828 0x129c  LanmanServer - ok
19:17:32.0875 0x129c  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:17:32.0875 0x129c  LanmanWorkstation - ok
19:17:32.0922 0x129c  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:17:32.0922 0x129c  lltdio - ok
19:17:32.0968 0x129c  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:17:32.0984 0x129c  lltdsvc - ok
19:17:33.0015 0x129c  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:17:33.0015 0x129c  lmhosts - ok
19:17:33.0062 0x129c  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:17:33.0062 0x129c  LSI_FC - ok
19:17:33.0078 0x129c  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:17:33.0078 0x129c  LSI_SAS - ok
19:17:33.0124 0x129c  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:17:33.0124 0x129c  LSI_SCSI - ok
19:17:33.0171 0x129c  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:17:33.0171 0x129c  luafv - ok
19:17:33.0218 0x129c  [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:17:33.0218 0x129c  MBAMSwissArmy - ok
19:17:33.0249 0x129c  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:17:33.0249 0x129c  mdmxsdk - ok
19:17:33.0280 0x129c  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:17:33.0280 0x129c  megasas - ok
19:17:33.0327 0x129c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
19:17:33.0327 0x129c  MMCSS - ok
19:17:33.0358 0x129c  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
19:17:33.0358 0x129c  Modem - ok
19:17:33.0390 0x129c  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:17:33.0390 0x129c  monitor - ok
19:17:33.0405 0x129c  motccgp - ok
19:17:33.0421 0x129c  MotoSwitchService - ok
19:17:33.0436 0x129c  Motousbnet - ok
19:17:33.0436 0x129c  motusbdevice - ok
19:17:33.0468 0x129c  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:17:33.0468 0x129c  mouclass - ok
19:17:33.0483 0x129c  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:17:33.0483 0x129c  mouhid - ok
19:17:33.0514 0x129c  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:17:33.0514 0x129c  MountMgr - ok
19:17:33.0546 0x129c  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:17:33.0561 0x129c  mpio - ok
19:17:33.0577 0x129c  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:17:33.0592 0x129c  mpsdrv - ok
19:17:33.0655 0x129c  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:17:33.0670 0x129c  MpsSvc - ok
19:17:33.0717 0x129c  [ D805CC36F02AFE93E3236D5BF91A8DC7, E809D26BBF17C89BD2BC7F57B86A1E004D0A2E1CEA2A7F4448C29889F63CA9C6 ] mr7910          C:\Windows\system32\DRIVERS\mr7910.sys
19:17:33.0717 0x129c  mr7910 - ok
19:17:33.0748 0x129c  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:17:33.0748 0x129c  Mraid35x - ok
19:17:33.0780 0x129c  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:17:33.0780 0x129c  MRxDAV - ok
19:17:33.0826 0x129c  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:33.0826 0x129c  mrxsmb - ok
19:17:33.0858 0x129c  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:33.0873 0x129c  mrxsmb10 - ok
19:17:33.0889 0x129c  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:33.0889 0x129c  mrxsmb20 - ok
19:17:33.0920 0x129c  [ D420BC42A637AC3CC4F411220549C0DC, D991D19030D29D03BAFA846C095F460F2F31D19793E5582239964F66A837C562 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:17:33.0920 0x129c  msahci - ok
19:17:33.0936 0x129c  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:17:33.0936 0x129c  msdsm - ok
19:17:33.0982 0x129c  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
19:17:33.0998 0x129c  MSDTC - ok
19:17:34.0029 0x129c  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:17:34.0045 0x129c  Msfs - ok
19:17:34.0076 0x129c  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:17:34.0076 0x129c  msisadrv - ok
19:17:34.0107 0x129c  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:17:34.0123 0x129c  MSiSCSI - ok
19:17:34.0138 0x129c  msiserver - ok
19:17:34.0154 0x129c  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:17:34.0170 0x129c  MSKSSRV - ok
19:17:34.0201 0x129c  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:34.0201 0x129c  MSPCLOCK - ok
19:17:34.0216 0x129c  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:17:34.0216 0x129c  MSPQM - ok
19:17:34.0233 0x129c  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:17:34.0241 0x129c  MsRPC - ok
19:17:34.0304 0x129c  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:17:34.0304 0x129c  mssmbios - ok
19:17:34.0319 0x129c  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:17:34.0335 0x129c  MSTEE - ok
19:17:34.0366 0x129c  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:17:34.0366 0x129c  Mup - ok
19:17:34.0413 0x129c  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
19:17:34.0429 0x129c  napagent - ok
19:17:34.0460 0x129c  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:17:34.0460 0x129c  NativeWifiP - ok
19:17:34.0569 0x129c  [ 3BAE2BFCB6D69E19C8373F635DD544DC, A32DB5282ED5AFC1650883B1870E46FDC029EF9225075E6916D2E371F18D8B9E ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:17:34.0600 0x129c  NBService - ok
19:17:34.0663 0x129c  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:17:34.0678 0x129c  NDIS - ok
19:17:34.0709 0x129c  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:34.0709 0x129c  NdisTapi - ok
19:17:34.0741 0x129c  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:34.0756 0x129c  Ndisuio - ok
19:17:34.0787 0x129c  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:34.0787 0x129c  NdisWan - ok
19:17:34.0834 0x129c  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:17:34.0834 0x129c  NDProxy - ok
19:17:34.0850 0x129c  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:17:34.0850 0x129c  NetBIOS - ok
19:17:34.0881 0x129c  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:17:34.0897 0x129c  netbt - ok
19:17:34.0912 0x129c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
19:17:34.0912 0x129c  Netlogon - ok
19:17:34.0943 0x129c  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
19:17:34.0959 0x129c  Netman - ok
19:17:35.0021 0x129c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:17:35.0021 0x129c  NetMsmqActivator - ok
19:17:35.0037 0x129c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:17:35.0037 0x129c  NetPipeActivator - ok
19:17:35.0099 0x129c  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
19:17:35.0099 0x129c  netprofm - ok
19:17:35.0146 0x129c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:17:35.0146 0x129c  NetTcpActivator - ok
19:17:35.0177 0x129c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:17:35.0177 0x129c  NetTcpPortSharing - ok
19:17:35.0224 0x129c  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:17:35.0224 0x129c  nfrd960 - ok
19:17:35.0271 0x129c  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:17:35.0271 0x129c  NlaSvc - ok
19:17:35.0349 0x129c  [ 193FA51DDDD0BFFDED1C340F0434999A, C05CA0A8568E9CBDA15633ED420C29F52082114B2B9F24EB61369E42C480C080 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:17:35.0365 0x129c  NMIndexingService - ok
19:17:35.0396 0x129c  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:17:35.0411 0x129c  Npfs - ok
19:17:35.0443 0x129c  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
19:17:35.0443 0x129c  nsi - ok
19:17:35.0474 0x129c  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:17:35.0474 0x129c  nsiproxy - ok
19:17:35.0567 0x129c  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:17:35.0630 0x129c  Ntfs - ok
19:17:35.0677 0x129c  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:17:35.0677 0x129c  ntrigdigi - ok
19:17:35.0692 0x129c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
19:17:35.0708 0x129c  Null - ok
19:17:35.0739 0x129c  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:17:35.0739 0x129c  nvraid - ok
19:17:35.0755 0x129c  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:17:35.0755 0x129c  nvstor - ok
19:17:35.0786 0x129c  [ 055081FD5076401C1EE1BCAB08D81911, E6621F2D24E7E2544AFD249660F2D1026B94698CA841E79B3F1199ACB2203995 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:17:35.0786 0x129c  nv_agp - ok
19:17:35.0786 0x129c  NwlnkFlt - ok
19:17:35.0801 0x129c  NwlnkFwd - ok
19:17:35.0833 0x129c  nyiotn - ok
19:17:35.0864 0x129c  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:17:35.0864 0x129c  ohci1394 - ok
19:17:35.0911 0x129c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:17:35.0911 0x129c  ose - ok
19:17:35.0973 0x129c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:17:36.0004 0x129c  p2pimsvc - ok
19:17:36.0051 0x129c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:17:36.0082 0x129c  p2psvc - ok
19:17:36.0113 0x129c  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
19:17:36.0113 0x129c  Parport - ok
19:17:36.0145 0x129c  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:17:36.0160 0x129c  partmgr - ok
19:17:36.0176 0x129c  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:17:36.0176 0x129c  Parvdm - ok
19:17:36.0207 0x129c  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:17:36.0207 0x129c  PcaSvc - ok
19:17:36.0223 0x129c  PcdrNdisuio - ok
19:17:36.0261 0x129c  [ 92FDDBED716BF5C3CB766101563CFCE5, BD77BEB532483FBDBE2D69A7D5193F1EB43514CA7A65934F17AE71DCF397CCD4 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
19:17:36.0309 0x129c  PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
19:17:36.0340 0x129c  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
19:17:36.0340 0x129c  pci - ok
19:17:36.0371 0x129c  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
19:17:36.0371 0x129c  pciide - ok
19:17:36.0418 0x129c  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:17:36.0418 0x129c  pcmcia - ok
19:17:36.0496 0x129c  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:17:36.0511 0x129c  PEAUTH - ok
19:17:36.0839 0x129c  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
19:17:36.0870 0x129c  pla - ok
19:17:36.0933 0x129c  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:17:36.0948 0x129c  PlugPlay - ok
19:17:37.0011 0x129c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:17:37.0026 0x129c  PNRPAutoReg - ok
19:17:37.0073 0x129c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:17:37.0104 0x129c  PNRPsvc - ok
19:17:37.0198 0x129c  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:17:37.0213 0x129c  PolicyAgent - ok
19:17:37.0245 0x129c  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:17:37.0245 0x129c  PptpMiniport - ok
19:17:37.0276 0x129c  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
19:17:37.0276 0x129c  Processor - ok
19:17:37.0307 0x129c  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
19:17:37.0323 0x129c  ProfSvc - ok
19:17:37.0338 0x129c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
19:17:37.0338 0x129c  ProtectedStorage - ok
19:17:37.0369 0x129c  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:17:37.0385 0x129c  PSched - ok
19:17:37.0494 0x129c  [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service     C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
19:17:37.0494 0x129c  PST Service - ok
19:17:37.0588 0x129c  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:17:37.0619 0x129c  ql2300 - ok
19:17:37.0650 0x129c  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:17:37.0666 0x129c  ql40xx - ok
19:17:37.0728 0x129c  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
19:17:37.0744 0x129c  QWAVE - ok
19:17:37.0775 0x129c  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:17:37.0791 0x129c  QWAVEdrv - ok
19:17:38.0025 0x129c  [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
19:17:38.0056 0x129c  R300 - ok
19:17:38.0087 0x129c  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:17:38.0087 0x129c  RasAcd - ok
19:17:38.0134 0x129c  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
19:17:38.0134 0x129c  RasAuto - ok
19:17:38.0166 0x129c  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:38.0166 0x129c  Rasl2tp - ok
19:17:38.0214 0x129c  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
19:17:38.0214 0x129c  RasMan - ok
19:17:38.0245 0x129c  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:38.0245 0x129c  RasPppoe - ok
19:17:38.0262 0x129c  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:17:38.0262 0x129c  RasSstp - ok
19:17:38.0313 0x129c  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:17:38.0313 0x129c  rdbss - ok
19:17:38.0345 0x129c  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:38.0345 0x129c  RDPCDD - ok
19:17:38.0376 0x129c  [ 0245418224CFA77BF4B41C2FE0622258, 532A8ABB476A1723FDD25A12EA07C97F2588F24D0AE6F86C0105112A9AECCDB9 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:17:38.0391 0x129c  rdpdr - ok
19:17:38.0391 0x129c  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:17:38.0391 0x129c  RDPENCDD - ok
19:17:38.0423 0x129c  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:17:38.0423 0x129c  RDPWD - ok
19:17:38.0501 0x129c  [ A0FF419B61AE47E26ADF3BB15DB4F2FE, 974FF9751D123E212BD3CE8DAE70D4BCCC988A01431A1BD91A532849E492BBD8 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
19:17:38.0516 0x129c  RealNetworks Downloader Resolver Service - ok
19:17:38.0547 0x129c  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:17:38.0547 0x129c  RemoteAccess - ok
19:17:38.0579 0x129c  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:17:38.0579 0x129c  RemoteRegistry - ok
19:17:38.0610 0x129c  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
19:17:38.0610 0x129c  RpcLocator - ok
19:17:38.0657 0x129c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
19:17:38.0688 0x129c  RpcSs - ok
19:17:38.0719 0x129c  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:17:38.0719 0x129c  rspndr - ok
19:17:38.0750 0x129c  RTL8192cu - ok
19:17:38.0766 0x129c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
19:17:38.0781 0x129c  SamSs - ok
19:17:38.0828 0x129c  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:17:38.0828 0x129c  SASDIFSV - ok
19:17:38.0859 0x129c  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:17:38.0859 0x129c  SASKUTIL - ok
19:17:38.0891 0x129c  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:17:38.0891 0x129c  sbp2port - ok
19:17:38.0922 0x129c  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:17:38.0937 0x129c  SCardSvr - ok
19:17:38.0984 0x129c  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
19:17:39.0000 0x129c  Schedule - ok
19:17:39.0031 0x129c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:17:39.0031 0x129c  SCPolicySvc - ok
19:17:39.0078 0x129c  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:17:39.0078 0x129c  SDRSVC - ok
19:17:39.0093 0x129c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:17:39.0093 0x129c  secdrv - ok
19:17:39.0125 0x129c  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
19:17:39.0125 0x129c  seclogon - ok
19:17:39.0156 0x129c  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
19:17:39.0171 0x129c  SENS - ok
19:17:39.0187 0x129c  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:17:39.0187 0x129c  Serenum - ok
19:17:39.0203 0x129c  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
19:17:39.0203 0x129c  Serial - ok
19:17:39.0218 0x129c  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:17:39.0218 0x129c  sermouse - ok
19:17:39.0249 0x129c  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:17:39.0265 0x129c  SessionEnv - ok
19:17:39.0281 0x129c  [ 51CF56AA8BCC241F134B420B8F850406, 41DA7438039C791C35BDA5BD255D2CCFA85E5250325FAE4D5A4182AD819E71F1 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:17:39.0281 0x129c  sffdisk - ok
19:17:39.0296 0x129c  [ 96DED8B20C734AC41641CE275250E55D, E88317D0B31A98917AD30AD9F8CF6B59C1141FFBF7A150D8675A29B95FF150F3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:17:39.0296 0x129c  sffp_mmc - ok
19:17:39.0312 0x129c  [ 8B08CAB1267B2C377883FC9E56981F90, 4444AC438E805129103FAA48F22D0D6893AC5BD8FCA2A6D4DA51EBD8C75B7529 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:17:39.0312 0x129c  sffp_sd - ok
19:17:39.0327 0x129c  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:17:39.0327 0x129c  sfloppy - ok
19:17:39.0374 0x129c  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:17:39.0390 0x129c  SharedAccess - ok
19:17:39.0421 0x129c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:17:39.0421 0x129c  ShellHWDetection - ok
19:17:39.0437 0x129c  [ 08072B2FB92477FC813271A84B3A8698, A97ABDEB5E37F7B50DD6168FAAD524BE82418FC7818BB667C10951408FB6EB70 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:17:39.0452 0x129c  sisagp - ok
19:17:39.0468 0x129c  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:17:39.0483 0x129c  SiSRaid2 - ok
19:17:39.0499 0x129c  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:17:39.0499 0x129c  SiSRaid4 - ok
19:17:39.0686 0x129c  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
19:17:39.0764 0x129c  slsvc - ok
19:17:39.0827 0x129c  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:17:39.0827 0x129c  SLUINotify - ok
19:17:39.0858 0x129c  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:17:39.0858 0x129c  Smb - ok
19:17:39.0889 0x129c  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:17:39.0889 0x129c  SNMPTRAP - ok
19:17:39.0920 0x129c  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:17:39.0920 0x129c  spldr - ok
19:17:39.0951 0x129c  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
19:17:39.0951 0x129c  Spooler - ok
19:17:39.0983 0x129c  sprtsvc_dellsupportcenter - ok
19:17:40.0014 0x129c  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:17:40.0014 0x129c  srv - ok
19:17:40.0029 0x129c  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:17:40.0029 0x129c  srv2 - ok
19:17:40.0076 0x129c  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:17:40.0076 0x129c  srvnet - ok
19:17:40.0107 0x129c  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:17:40.0107 0x129c  SSDPSRV - ok
19:17:40.0154 0x129c  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:17:40.0154 0x129c  SstpSvc - ok
19:17:40.0201 0x129c  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
19:17:40.0217 0x129c  stisvc - ok
19:17:40.0263 0x129c  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:17:40.0263 0x129c  swenum - ok
19:17:40.0316 0x129c  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
19:17:40.0316 0x129c  swprv - ok
19:17:40.0347 0x129c  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:17:40.0347 0x129c  Symc8xx - ok
19:17:40.0379 0x129c  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:17:40.0379 0x129c  Sym_hi - ok
19:17:40.0394 0x129c  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:17:40.0394 0x129c  Sym_u3 - ok
19:17:40.0441 0x129c  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
19:17:40.0457 0x129c  SysMain - ok
19:17:40.0488 0x129c  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:17:40.0488 0x129c  TabletInputService - ok
19:17:40.0535 0x129c  [ 5E5CAB2BE8F078DCD0D3BFE6AE87AA2E, 9FA1F711BB7CA3E24F20C54953450BE2F31DCB49A475D97534CF41F358066450 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
19:17:40.0535 0x129c  taphss6 - ok
19:17:40.0581 0x129c  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:17:40.0581 0x129c  TapiSrv - ok
19:17:40.0613 0x129c  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
19:17:40.0628 0x129c  TBS - ok
19:17:40.0691 0x129c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:17:40.0706 0x129c  Tcpip - ok
19:17:40.0753 0x129c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:17:40.0769 0x129c  Tcpip6 - ok
19:17:40.0800 0x129c  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:17:40.0800 0x129c  tcpipreg - ok
19:17:40.0815 0x129c  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:17:40.0815 0x129c  TDPIPE - ok
19:17:40.0847 0x129c  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:17:40.0847 0x129c  TDTCP - ok
19:17:40.0878 0x129c  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:17:40.0893 0x129c  tdx - ok
19:17:40.0925 0x129c  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:17:40.0925 0x129c  TermDD - ok
19:17:40.0940 0x129c  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
19:17:40.0956 0x129c  TermService - ok
19:17:40.0987 0x129c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
19:17:40.0987 0x129c  Themes - ok
19:17:41.0034 0x129c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:17:41.0034 0x129c  THREADORDER - ok
19:17:41.0065 0x129c  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
19:17:41.0065 0x129c  TrkWks - ok
19:17:41.0112 0x129c  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:17:41.0112 0x129c  TrustedInstaller - ok
19:17:41.0159 0x129c  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:41.0159 0x129c  tssecsrv - ok
19:17:41.0190 0x129c  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:17:41.0190 0x129c  tunmp - ok
19:17:41.0237 0x129c  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:17:41.0237 0x129c  tunnel - ok
19:17:41.0268 0x129c  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:17:41.0268 0x129c  uagp35 - ok
19:17:41.0315 0x129c  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:17:41.0315 0x129c  udfs - ok
19:17:41.0346 0x129c  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:17:41.0361 0x129c  UI0Detect - ok
19:17:41.0377 0x129c  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD, 9102CB4B5E8B858B61DE1508C6A00D75584741891899966258E510173DBF7BB9 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:17:41.0377 0x129c  uliagpkx - ok
19:17:41.0408 0x129c  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:17:41.0424 0x129c  uliahci - ok
19:17:41.0439 0x129c  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:17:41.0439 0x129c  UlSata - ok
19:17:41.0502 0x129c  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:17:41.0502 0x129c  ulsata2 - ok
19:17:41.0533 0x129c  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:17:41.0533 0x129c  umbus - ok
19:17:41.0580 0x129c  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
19:17:41.0595 0x129c  upnphost - ok
19:17:41.0642 0x129c  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:17:41.0658 0x129c  usbaudio - ok
19:17:41.0705 0x129c  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:41.0720 0x129c  usbccgp - ok
19:17:41.0767 0x129c  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:17:41.0767 0x129c  usbcir - ok
19:17:41.0798 0x129c  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:17:41.0798 0x129c  usbehci - ok
19:17:41.0829 0x129c  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:17:41.0845 0x129c  usbhub - ok
19:17:41.0861 0x129c  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:17:41.0861 0x129c  usbohci - ok
19:17:41.0892 0x129c  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:17:41.0892 0x129c  usbprint - ok
19:17:41.0923 0x129c  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:17:41.0923 0x129c  usbscan - ok
19:17:41.0954 0x129c  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:41.0970 0x129c  USBSTOR - ok
19:17:41.0985 0x129c  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:17:42.0001 0x129c  usbuhci - ok
19:17:42.0032 0x129c  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
19:17:42.0032 0x129c  UxSms - ok
19:17:42.0095 0x129c  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
19:17:42.0110 0x129c  vds - ok
19:17:42.0173 0x129c  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:42.0173 0x129c  vga - ok
19:17:42.0204 0x129c  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:17:42.0204 0x129c  VgaSave - ok
19:17:42.0219 0x129c  [ D5929A28BDFF4367A12CAF06AF901971, DE2A60A9EE1ABACEE6221E4AD5D4AA4CBA12FED448EB36CA3B7A9A5F09A8DC8C ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:17:42.0235 0x129c  viaagp - ok
19:17:42.0251 0x129c  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:17:42.0251 0x129c  ViaC7 - ok
19:17:42.0266 0x129c  [ F3B4762EB85A2AFF4999401F14C3262B, 462B3A61AE82307292C8C75041514789AD2D1E3CF31A8A35E39A19989FD394C3 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:17:42.0266 0x129c  viaide - ok
19:17:42.0305 0x129c  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:17:42.0305 0x129c  volmgr - ok
19:17:42.0352 0x129c  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:17:42.0352 0x129c  volmgrx - ok
19:17:42.0383 0x129c  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:17:42.0399 0x129c  volsnap - ok
19:17:42.0430 0x129c  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:17:42.0430 0x129c  vsmraid - ok
19:17:42.0493 0x129c  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
19:17:42.0508 0x129c  VSS - ok
19:17:42.0555 0x129c  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
19:17:42.0555 0x129c  W32Time - ok
19:17:42.0586 0x129c  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:17:42.0586 0x129c  WacomPen - ok
19:17:42.0617 0x129c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:17:42.0617 0x129c  Wanarp - ok
19:17:42.0617 0x129c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:17:42.0633 0x129c  Wanarpv6 - ok
19:17:42.0649 0x129c  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:17:42.0664 0x129c  wcncsvc - ok
19:17:42.0695 0x129c  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:42.0695 0x129c  WcsPlugInService - ok
19:17:42.0727 0x129c  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
19:17:42.0727 0x129c  Wd - ok
19:17:42.0773 0x129c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:17:42.0789 0x129c  Wdf01000 - ok
19:17:42.0836 0x129c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:17:42.0836 0x129c  WdiServiceHost - ok
19:17:42.0851 0x129c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:17:42.0851 0x129c  WdiSystemHost - ok
19:17:42.0898 0x129c  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
19:17:42.0898 0x129c  WebClient - ok
19:17:42.0929 0x129c  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:17:42.0945 0x129c  Wecsvc - ok
19:17:42.0945 0x129c  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:17:42.0961 0x129c  wercplsupport - ok
19:17:42.0992 0x129c  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:17:42.0992 0x129c  WerSvc - ok
19:17:43.0039 0x129c  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A, 5C70AA76991B85D4EA52C70A03C932B34B51133CC55B3F4CC25F4A7044574885 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:17:43.0054 0x129c  winachsf - ok
19:17:43.0132 0x129c  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:17:43.0132 0x129c  WinDefend - ok
19:17:43.0148 0x129c  WinHttpAutoProxySvc - ok
19:17:43.0210 0x129c  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:17:43.0210 0x129c  Winmgmt - ok
19:17:43.0288 0x129c  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:17:43.0304 0x129c  WinRM - ok
19:17:43.0366 0x129c  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:17:43.0382 0x129c  Wlansvc - ok
19:17:43.0507 0x129c  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:17:43.0538 0x129c  wlidsvc - ok
19:17:43.0569 0x129c  [ 17EAC0D023A65FA9B02114CC2BAACAD5, CD5856326959DA58B18E2AFD235552E25A410AC6F23F437E7708350833AD8657 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:17:43.0569 0x129c  WmiAcpi - ok
19:17:43.0616 0x129c  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:17:43.0616 0x129c  wmiApSrv - ok
19:17:43.0678 0x129c  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:17:43.0709 0x129c  WMPNetworkSvc - ok
19:17:43.0741 0x129c  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:17:43.0741 0x129c  WPCSvc - ok
19:17:43.0756 0x129c  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:17:43.0772 0x129c  WPDBusEnum - ok
19:17:43.0803 0x129c  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:17:43.0803 0x129c  WpdUsb - ok
19:17:44.0116 0x129c  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:17:44.0132 0x129c  WPFFontCache_v0400 - ok
19:17:44.0225 0x129c  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:17:44.0225 0x129c  ws2ifsl - ok
19:17:44.0363 0x129c  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:17:44.0363 0x129c  wscsvc - ok
19:17:44.0379 0x129c  WSearch - ok
19:17:45.0081 0x129c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:17:45.0159 0x129c  wuauserv - ok
19:17:45.0205 0x129c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:17:45.0221 0x129c  WudfPf - ok
19:17:45.0268 0x129c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:45.0268 0x129c  WUDFRd - ok
19:17:45.0299 0x129c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:17:45.0315 0x129c  wudfsvc - ok
19:17:45.0346 0x129c  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8, 3660379AADB6DB56E54D9C680929CD3882CDE4E6A8BB888FC892110D6B50C627 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
19:17:45.0346 0x129c  XAudio - ok
19:17:45.0393 0x129c  [ 28DC5D626E036A75A572556F0A6EB1F6, 9AE635C08B87AD85A552ADE0AF8BA10DC258E0DEFE133A2A74EFCD43B7A38A98 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
19:17:45.0408 0x129c  XAudioService - ok
19:17:45.0439 0x129c  ================ Scan global ===============================
19:17:45.0471 0x129c  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
19:17:45.0517 0x129c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
19:17:45.0564 0x129c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
19:17:45.0689 0x129c  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
19:17:45.0705 0x129c  [ Global ] - ok
19:17:45.0705 0x129c  ================ Scan MBR ==================================
19:17:45.0720 0x129c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:17:46.0188 0x129c  \Device\Harddisk0\DR0 - ok
19:17:46.0188 0x129c  ================ Scan VBR ==================================
19:17:46.0204 0x129c  [ 2C5A33D146499639B4B6692F1DB3300E ] \Device\Harddisk0\DR0\Partition1
19:17:46.0235 0x129c  \Device\Harddisk0\DR0\Partition1 - ok
19:17:46.0266 0x129c  [ CD920C6AC2405D3674DF0DD3C774D22C ] \Device\Harddisk0\DR0\Partition2
19:17:46.0283 0x129c  \Device\Harddisk0\DR0\Partition2 - ok
19:17:46.0283 0x129c  ================ Scan generic autorun ======================
19:17:47.0252 0x129c  [ 805210C8DB11D5799E7172923959BF98, A8DCB8A6FDE5ED583D329D6D8A5979FFD3E844046335529BB2E81A5D310E5894 ] C:\Program Files\CCleaner\CCleaner.exe
19:17:47.0813 0x129c  CCleaner Monitoring - ok
19:17:48.0079 0x129c  [ 796B7EA3D8D1677EBA3710EC60400748, 2AC9DA53F56B633A561078850D037807AC7A0D74C7B8E2F92F397EDF45574369 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
19:17:48.0297 0x129c  SUPERAntiSpyware - ok
19:17:48.0298 0x129c  Waiting for KSN requests completion. In queue: 38
19:17:49.0391 0x129c  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5315 ), 0x41010 ( enabled : outofdate )
19:17:49.0469 0x129c  Win FW state via NFP2: disabled
19:17:50.0015 0x129c  ============================================================
19:17:50.0015 0x129c  Scan finished
19:17:50.0015 0x129c  ============================================================
19:17:50.0015 0x1140  Detected object count: 0
19:17:50.0015 0x1140  Actual detected object count: 0


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 09 January 2015 - 07:46 AM

Please scan with FRST as explained and post the logs as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 January 2015 - 11:22 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Mike & Deb at 2015-01-09 19:19:55
Running from C:\Users\Mike & Deb\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - )
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
A Series of Unfortunate Events (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110250590}) (Version:  - Oberon Media)
A Series of Unfortunate Events (remove only) (HKLM\...\A Series of Unfortunate Events) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Alice's Adventures in Wonderland (HKLM\...\BFG-Alice's Adventures in Wonderland) (Version:  - )
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}) (Version: 1.2.28.567 - ArcSoft)
ArcSoft TotalMedia Extreme (HKLM\...\{0B68672F-C64F-4D29-9EDC-ECDCBE3C5F19}) (Version: 1.0.3.30 - ArcSoft)
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4176 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Big City Adventure: Rio de Janeiro (HKLM\...\BFG-Big City Adventure - Rio de Janeiro) (Version:  - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Christmas Eve: Midnight's Call (HKLM\...\BFG-Christmas Eve - Midnights Call) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Crime Line (HKLM\...\BFG-Crime Line) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Romance: Vampire in Love Collector's Edition (HKLM\...\BFG-Dark Romance - Vampire in Love Collector's Edition) (Version:  - )
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.39 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.39 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Frankenstein - The Dismembered Bride (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Frankenstein - The Dismembered Bride) (Version: 1.0.0.0 - eGames)
FrostWire 6.0.3 (HKLM\...\FrostWire 6) (Version: 6.0.3.1 - FrostWire LLC)
Gardenscapes: Mansion Makeover™ (HKLM\...\BFG-Gardenscapes - Mansion Makeover) (Version:  - )
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Ghost Whisperer™ (HKLM\...\BFG-Ghost Whisperer) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Havka FOkm (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Havka FOkm) (Version:  - Tanna OKf)
Hello Venice 2: New York Adventure (HKLM\...\BFG-Hello Venice 2 - New York Adventure) (Version:  - )
Heroes from the Past: Joan of Arc (HKLM\...\BFG-Heroes from the Past - Joan of Arc) (Version:  - )
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Jack the Ripper - Letters from Hell (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Jack the Ripper - Letters from Hell) (Version: 1.0.0.0 - eGames)
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Jigs@w Puzzle 2 (HKLM\...\BFG-Jigs@w Puzzle 2) (Version:  - )
Jigsaw World (HKLM\...\BFG-Jigsaw World) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kies Air Discovery Service (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Kies Air Discovery Service) (Version:  - Samsung)
Kies mini (HKLM\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Kies mini (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Lost Secrets™: November 1963 (HKLM\...\BFG-Lost Secrets - November 1963) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
Mystery Case Files &reg;: 13th Skull ™ (HKLM\...\BFG-Mystery Case Files - 13th Skull) (Version:  - )
Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition (HKLM\...\BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition) (Version:  - )
Mystery Case Files&reg;: Shadow Lake Collector's Edition (HKLM\...\BFG-Mystery Case Files - Shadow Lake Collector's Edition) (Version:  - )
Mystery Case Files: Dire Grove, Sacred Grove Collector's Edition (HKLM\...\BFG-MCF - Dire Grove Sacred Grove CE) (Version:  - )
Mystery Case Files: Fate's Carnival Collector's Edition (HKLM\...\BFG-Mystery Case Files - Fates Carnival Collectors Edition) (Version:  - )
Mystery Case Files: Madame Fate &reg; (HKLM\...\BFG-Mystery Case Files - Madame Fate) (Version:  - )
Mystery Case Files: Ravenhearst &reg; (HKLM\...\BFG-Mystery Case Files - Ravenhearst) (Version:  - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version:  - )
Mystery P.I.: The Curious Case of Counterfeit Cove (HKLM\...\BFG-Mystery P.I. - The Curious Case of Counterfeit Cove) (Version:  - )
Mystery PI (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113069720}) (Version:  - Oberon Media)
Nancy Drew: Danger by Design (HKLM\...\{C3D82C0B-3592-4B03-A970-F84C081A8152}) (Version:  - )
Nancy Drew: The Creature of Kapu Cave (HKLM\...\{F4EC2FB1-4255-4040-8DE6-5D75FA9D039F}) (Version:  - )
Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
Nevertales: The Beauty Within (HKLM\...\BFG-Nevertales - The Beauty Within) (Version:  - )
New York Mysteries: Secrets of the Mafia Collector's Edition (HKLM\...\BFG-New York Mysteries - Secrets of the Mafia Collectors Edition) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Paranormal Pursuit: The Gifted One Collector's Edition (HKLM\...\BFG-Paranormal Pursuit - The Gifted One Collectors Edition) (Version:  - )
Pokémon Trading Card Game Online (HKLM\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Public Enemies - Bonnie and Clyde (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Public Enemies - Bonnie and Clyde) (Version: 1.0.0.0 - eGames)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redemption Cemetery: Bitter Frost (HKLM\...\BFG-Redemption Cemetery - Bitter Frost) (Version:  - )
Redemption Cemetery: Curse of the Raven Collector's Edition (HKLM\...\BFG-Redemption Cemetery - Curse of the Raven Collector's Edition) (Version:  - )
Redemption Cemetery: Grave Testimony Collector’s Edition (HKLM\...\BFG-Redemption Cemetery - Grave Testimony Collector’s Edition) (Version:  - )
Redemption Cemetery: Salvation of the Lost Collector's Edition (HKLM\...\BFG-Redemption Cemetery - Salvation of the Lost Collectors Edition) (Version:  - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Sansa Updater (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Sansa Updater) (Version: 1.304 - SanDisk Corporation)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shadow Wolf Mysteries: Cursed Wedding (HKLM\...\BFG-Shadow Wolf Mysteries - Cursed Wedding) (Version:  - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1128 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Agency of Anomalies: Cinderstone Orphanage Collector's Edition (HKLM\...\BFG-The Agency of Anomalies - Cinderstone Orphanage Collector's Edition) (Version:  - )
Time Machine - Trapped in Time (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Time Machine - Trapped in Time) (Version: 1.0.0.0 - eGames)
Undiscovered (HKLM\...\BFG-Undiscovered) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vizzed Retro Game Room (HKLM\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
W Photo Studio (HKLM\...\{CBF3C503-946E-45EA-B347-EACC41781989}) (Version: 1.0.0.143 - Walgreens)
Weird Park: Broken Tune Collector's Edition (HKLM\...\BFG-Weird Park - Broken Tune Collectors Edition) (Version:  - )
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3069903202-911295184-2383535342-1000_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}\InprocServer32 -> C:\Users\Mike & Deb\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-3069903202-911295184-2383535342-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Mike & Deb\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-3069903202-911295184-2383535342-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Mike & Deb\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3069903202-911295184-2383535342-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Mike & Deb\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
 
==================== Restore Points  =========================
 
05-12-2014 21:37:17 Removed Motorola Device Manager
05-12-2014 21:42:32 Removed Motorola Mobile Drivers Installation 6.3.0
05-12-2014 21:46:23 Removed Motorola Mobile Drivers Installation 6.3.0
05-12-2014 22:10:29 Removed Motorola Mobile Drivers Installation 6.3.0
06-12-2014 12:33:17 Removed Motorola Mobile Drivers Installation 6.3.0
06-12-2014 15:11:05 Removed Motorola Mobile Drivers Installation 6.3.0
06-12-2014 15:17:06 Removed Samsung Kies
28-12-2014 21:48:38 Restore Operation
28-12-2014 22:58:45 Windows Update
30-12-2014 10:20:55 Scheduled Checkpoint
31-12-2014 00:00:03 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2014-12-28 17:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {094E21DB-CD43-41F8-AEE2-10DE7C27B733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)
Task: {0B2396AE-262D-484B-8197-86B94784F79E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {42CD1A32-2C12-4805-B9D9-C6A275AD4D39} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {55C61CA6-FEEE-45A1-9E74-05D9D0BF9EA8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.2.0.19\SymErr.exe
Task: {65FB608A-868D-4A80-AAD9-6B21E9967222} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.2.0.19\WSCStub.exe
Task: {6CC2E6EF-54CB-423A-BB49-AFFC6FD227DA} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-04-12] (PC-Doctor, Inc.)
Task: {75DA450D-00E0-4550-92DF-C8ABE708C7D5} - System32\Tasks\{018EB1E5-0785-4D39-9631-C5593F63A8FF} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
Task: {7E455E65-A836-490B-850C-453C984D30EE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3069903202-911295184-2383535342-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {82BEFF0A-D999-4CEE-8336-401E2FC09D40} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.2.0.19\SymErr.exe
Task: {83F99B08-4387-4296-9ED8-0F23F9D1D1D2} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe [2014-03-05] ()
Task: {848EAF53-74E3-4FC4-95E2-9332ADBA8496} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {B4C52B7C-78E2-4748-B829-9F01A44C3397} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3069903202-911295184-2383535342-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BCDACE19-83BE-4DD9-9D36-1C172F55464F} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2009-06-26] (Microsoft Corporation)
Task: {BE53A865-426E-46BF-B7C0-90461568B5D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3069903202-911295184-2383535342-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D4DFAAC6-B092-4922-A3A0-57224D9CE7BB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {D6B34625-9CF8-4DE7-B272-C158B201E012} - System32\Tasks\{1C060DF3-BEBB-471A-89B5-D7519EB5DCBC} => pcalua.exe -a "C:\Program Files\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {E618CBD5-8864-471E-BD11-2A8F7E7DA8F5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3069903202-911295184-2383535342-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8b4e922267c0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeb1c1936a528.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfffc51b3a00a0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:008FE370
AlternateDataStreams: C:\ProgramData\TEMP:0107E5CF
AlternateDataStreams: C:\ProgramData\TEMP:0119BEA0
AlternateDataStreams: C:\ProgramData\TEMP:01F9D1B4
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8
AlternateDataStreams: C:\ProgramData\TEMP:087CB364
AlternateDataStreams: C:\ProgramData\TEMP:09629F6E
AlternateDataStreams: C:\ProgramData\TEMP:0B278A1A
AlternateDataStreams: C:\ProgramData\TEMP:0B3F95D0
AlternateDataStreams: C:\ProgramData\TEMP:0B55751B
AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB
AlternateDataStreams: C:\ProgramData\TEMP:0C2A17F2
AlternateDataStreams: C:\ProgramData\TEMP:0C98AF11
AlternateDataStreams: C:\ProgramData\TEMP:10094A5D
AlternateDataStreams: C:\ProgramData\TEMP:11201333
AlternateDataStreams: C:\ProgramData\TEMP:11C7FAE3
AlternateDataStreams: C:\ProgramData\TEMP:12D136AA
AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD
AlternateDataStreams: C:\ProgramData\TEMP:134FBDE2
AlternateDataStreams: C:\ProgramData\TEMP:13B137AF
AlternateDataStreams: C:\ProgramData\TEMP:16777CF9
AlternateDataStreams: C:\ProgramData\TEMP:175721D5
AlternateDataStreams: C:\ProgramData\TEMP:186F8A82
AlternateDataStreams: C:\ProgramData\TEMP:18E4BF6C
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:1A15E356
AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3
AlternateDataStreams: C:\ProgramData\TEMP:1B8AA588
AlternateDataStreams: C:\ProgramData\TEMP:1C4C2E81
AlternateDataStreams: C:\ProgramData\TEMP:1D8551A3
AlternateDataStreams: C:\ProgramData\TEMP:1EC13383
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:20ABE827
AlternateDataStreams: C:\ProgramData\TEMP:220E9B9E
AlternateDataStreams: C:\ProgramData\TEMP:2313511A
AlternateDataStreams: C:\ProgramData\TEMP:24391EC1
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:2658F5EB
AlternateDataStreams: C:\ProgramData\TEMP:268A5068
AlternateDataStreams: C:\ProgramData\TEMP:26991AB9
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:282CE153
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:2ABB51D4
AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
AlternateDataStreams: C:\ProgramData\TEMP:2BFBA0B7
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2D0DFF22
AlternateDataStreams: C:\ProgramData\TEMP:2DC8330D
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6
AlternateDataStreams: C:\ProgramData\TEMP:31196235
AlternateDataStreams: C:\ProgramData\TEMP:311A2F6A
AlternateDataStreams: C:\ProgramData\TEMP:31403DF7
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:3241739E
AlternateDataStreams: C:\ProgramData\TEMP:3487C53E
AlternateDataStreams: C:\ProgramData\TEMP:366EFA1A
AlternateDataStreams: C:\ProgramData\TEMP:38534D53
AlternateDataStreams: C:\ProgramData\TEMP:394EB021
AlternateDataStreams: C:\ProgramData\TEMP:398D2775
AlternateDataStreams: C:\ProgramData\TEMP:3AB569BA
AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E
AlternateDataStreams: C:\ProgramData\TEMP:3B622E21
AlternateDataStreams: C:\ProgramData\TEMP:3D887DCC
AlternateDataStreams: C:\ProgramData\TEMP:3F266659
AlternateDataStreams: C:\ProgramData\TEMP:404908B5
AlternateDataStreams: C:\ProgramData\TEMP:406E0034
AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A
AlternateDataStreams: C:\ProgramData\TEMP:415E77AB
AlternateDataStreams: C:\ProgramData\TEMP:417C2BC3
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:454191C8
AlternateDataStreams: C:\ProgramData\TEMP:4548E058
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:46CDAE37
AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2
AlternateDataStreams: C:\ProgramData\TEMP:48862C37
AlternateDataStreams: C:\ProgramData\TEMP:489EA5E5
AlternateDataStreams: C:\ProgramData\TEMP:4A01545C
AlternateDataStreams: C:\ProgramData\TEMP:4A5CFD3B
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4B7C28B1
AlternateDataStreams: C:\ProgramData\TEMP:4C5C1DD3
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4D729D61
AlternateDataStreams: C:\ProgramData\TEMP:4F4DECB7
AlternateDataStreams: C:\ProgramData\TEMP:4F5DE111
AlternateDataStreams: C:\ProgramData\TEMP:4FA837B4
AlternateDataStreams: C:\ProgramData\TEMP:5133A494
AlternateDataStreams: C:\ProgramData\TEMP:537E6E55
AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6
AlternateDataStreams: C:\ProgramData\TEMP:5453E5AF
AlternateDataStreams: C:\ProgramData\TEMP:54D5DB8A
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:566B9179
AlternateDataStreams: C:\ProgramData\TEMP:574F975B
AlternateDataStreams: C:\ProgramData\TEMP:58B3FE52
AlternateDataStreams: C:\ProgramData\TEMP:59540531
AlternateDataStreams: C:\ProgramData\TEMP:5A5477A9
AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E
AlternateDataStreams: C:\ProgramData\TEMP:5B483FBC
AlternateDataStreams: C:\ProgramData\TEMP:5C42F64A
AlternateDataStreams: C:\ProgramData\TEMP:5C717402
AlternateDataStreams: C:\ProgramData\TEMP:5D570144
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6
AlternateDataStreams: C:\ProgramData\TEMP:63FFB7A0
AlternateDataStreams: C:\ProgramData\TEMP:6473219F
AlternateDataStreams: C:\ProgramData\TEMP:64996B1C
AlternateDataStreams: C:\ProgramData\TEMP:65949863
AlternateDataStreams: C:\ProgramData\TEMP:65FE83E4
AlternateDataStreams: C:\ProgramData\TEMP:674893F9
AlternateDataStreams: C:\ProgramData\TEMP:67E674B0
AlternateDataStreams: C:\ProgramData\TEMP:680F6474
AlternateDataStreams: C:\ProgramData\TEMP:68899984
AlternateDataStreams: C:\ProgramData\TEMP:68C981DB
AlternateDataStreams: C:\ProgramData\TEMP:69F562A6
AlternateDataStreams: C:\ProgramData\TEMP:6A609C67
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73
AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0
AlternateDataStreams: C:\ProgramData\TEMP:6C15BEAD
AlternateDataStreams: C:\ProgramData\TEMP:6C74C778
AlternateDataStreams: C:\ProgramData\TEMP:6C75AF4C
AlternateDataStreams: C:\ProgramData\TEMP:6D65CED0
AlternateDataStreams: C:\ProgramData\TEMP:6E90EDD7
AlternateDataStreams: C:\ProgramData\TEMP:6EFFF8B9
AlternateDataStreams: C:\ProgramData\TEMP:6FA4196B
AlternateDataStreams: C:\ProgramData\TEMP:70989864
AlternateDataStreams: C:\ProgramData\TEMP:72449E7D
AlternateDataStreams: C:\ProgramData\TEMP:7254CF01
AlternateDataStreams: C:\ProgramData\TEMP:72C99D4E
AlternateDataStreams: C:\ProgramData\TEMP:737A9499
AlternateDataStreams: C:\ProgramData\TEMP:747457CF
AlternateDataStreams: C:\ProgramData\TEMP:757A3049
AlternateDataStreams: C:\ProgramData\TEMP:759BAE18
AlternateDataStreams: C:\ProgramData\TEMP:7602A0B5
AlternateDataStreams: C:\ProgramData\TEMP:76682252
AlternateDataStreams: C:\ProgramData\TEMP:7A2D9D9C
AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA
AlternateDataStreams: C:\ProgramData\TEMP:7C3760E2
AlternateDataStreams: C:\ProgramData\TEMP:7C5E403A
AlternateDataStreams: C:\ProgramData\TEMP:7D938C9B
AlternateDataStreams: C:\ProgramData\TEMP:7E0B06B5
AlternateDataStreams: C:\ProgramData\TEMP:7EB93F0E
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:7FD60FAD
AlternateDataStreams: C:\ProgramData\TEMP:80114837
AlternateDataStreams: C:\ProgramData\TEMP:8095C004
AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3
AlternateDataStreams: C:\ProgramData\TEMP:81067530
AlternateDataStreams: C:\ProgramData\TEMP:810C900A
AlternateDataStreams: C:\ProgramData\TEMP:83517407
AlternateDataStreams: C:\ProgramData\TEMP:8866C899
AlternateDataStreams: C:\ProgramData\TEMP:88AFFAC5
AlternateDataStreams: C:\ProgramData\TEMP:895A78C5
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8A6F21EE
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8D335A79
AlternateDataStreams: C:\ProgramData\TEMP:8EBAFFA8
AlternateDataStreams: C:\ProgramData\TEMP:8EBF0142
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF
AlternateDataStreams: C:\ProgramData\TEMP:902C848D
AlternateDataStreams: C:\ProgramData\TEMP:90C5140C
AlternateDataStreams: C:\ProgramData\TEMP:9124663C
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF
AlternateDataStreams: C:\ProgramData\TEMP:9254F782
AlternateDataStreams: C:\ProgramData\TEMP:92D35C13
AlternateDataStreams: C:\ProgramData\TEMP:92D91D7E
AlternateDataStreams: C:\ProgramData\TEMP:9491C9C7
AlternateDataStreams: C:\ProgramData\TEMP:98BD93BF
AlternateDataStreams: C:\ProgramData\TEMP:98CF1A39
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:99515FFA
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9C6014C6
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
AlternateDataStreams: C:\ProgramData\TEMP:9E410D29
AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B
AlternateDataStreams: C:\ProgramData\TEMP:9E9A3410
AlternateDataStreams: C:\ProgramData\TEMP:9EA1C810
AlternateDataStreams: C:\ProgramData\TEMP:9F638E2A
AlternateDataStreams: C:\ProgramData\TEMP:A015B193
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A13B696A
AlternateDataStreams: C:\ProgramData\TEMP:A26C6E72
AlternateDataStreams: C:\ProgramData\TEMP:A43EC514
AlternateDataStreams: C:\ProgramData\TEMP:A4B4192F
AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2
AlternateDataStreams: C:\ProgramData\TEMP:A774141A
AlternateDataStreams: C:\ProgramData\TEMP:A7856354
AlternateDataStreams: C:\ProgramData\TEMP:A7C40691
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:A81A3C86
AlternateDataStreams: C:\ProgramData\TEMP:A9EBEE99
AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D
AlternateDataStreams: C:\ProgramData\TEMP:AA5A61B2
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73
AlternateDataStreams: C:\ProgramData\TEMP:AC9F291E
AlternateDataStreams: C:\ProgramData\TEMP:ACBEBDAA
AlternateDataStreams: C:\ProgramData\TEMP:AD179392
AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E
AlternateDataStreams: C:\ProgramData\TEMP:AF465248
AlternateDataStreams: C:\ProgramData\TEMP:AFBD0680
AlternateDataStreams: C:\ProgramData\TEMP:B01EC114
AlternateDataStreams: C:\ProgramData\TEMP:B2112CA5
AlternateDataStreams: C:\ProgramData\TEMP:B2EDDE72
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B3A7E7F8
AlternateDataStreams: C:\ProgramData\TEMP:B3D50E25
AlternateDataStreams: C:\ProgramData\TEMP:B3DBF86C
AlternateDataStreams: C:\ProgramData\TEMP:B4F7687B
AlternateDataStreams: C:\ProgramData\TEMP:B5FD4AA1
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B7B127A5
AlternateDataStreams: C:\ProgramData\TEMP:B8408597
AlternateDataStreams: C:\ProgramData\TEMP:BA516E94
AlternateDataStreams: C:\ProgramData\TEMP:BB718C46
AlternateDataStreams: C:\ProgramData\TEMP:BB99F46B
AlternateDataStreams: C:\ProgramData\TEMP:BC064EDB
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BD0909FF
AlternateDataStreams: C:\ProgramData\TEMP:BD414E4B
AlternateDataStreams: C:\ProgramData\TEMP:BD932D90
AlternateDataStreams: C:\ProgramData\TEMP:BDE56C1E
AlternateDataStreams: C:\ProgramData\TEMP:BE33915E
AlternateDataStreams: C:\ProgramData\TEMP:BF1E0621
AlternateDataStreams: C:\ProgramData\TEMP:BF2225C8
AlternateDataStreams: C:\ProgramData\TEMP:BF36AF70
AlternateDataStreams: C:\ProgramData\TEMP:BF640EE5
AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC
AlternateDataStreams: C:\ProgramData\TEMP:C04D2B44
AlternateDataStreams: C:\ProgramData\TEMP:C1D3D9A3
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C22B6EED
AlternateDataStreams: C:\ProgramData\TEMP:C46848E8
AlternateDataStreams: C:\ProgramData\TEMP:C5DC2B0C
AlternateDataStreams: C:\ProgramData\TEMP:C65B4BD1
AlternateDataStreams: C:\ProgramData\TEMP:C77802D8
AlternateDataStreams: C:\ProgramData\TEMP:C7857F06
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3
AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16
AlternateDataStreams: C:\ProgramData\TEMP:CB3667AF
AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
AlternateDataStreams: C:\ProgramData\TEMP:CE3AADB7
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
AlternateDataStreams: C:\ProgramData\TEMP:D03C606E
AlternateDataStreams: C:\ProgramData\TEMP:D115F6E4
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D2C9E7E6
AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C
AlternateDataStreams: C:\ProgramData\TEMP:D59DE356
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:DDDFCD85
AlternateDataStreams: C:\ProgramData\TEMP:DDE3F219
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:DF2F7240
AlternateDataStreams: C:\ProgramData\TEMP:DF5C005A
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E2C51D18
AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
AlternateDataStreams: C:\ProgramData\TEMP:E329D971
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E517FE76
AlternateDataStreams: C:\ProgramData\TEMP:E633C759
AlternateDataStreams: C:\ProgramData\TEMP:E66247BD
AlternateDataStreams: C:\ProgramData\TEMP:E8BE0B80
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:E9FAC3AB
AlternateDataStreams: C:\ProgramData\TEMP:EA9D8B40
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EBF0842B
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE9B2879
AlternateDataStreams: C:\ProgramData\TEMP:EF0F3F33
AlternateDataStreams: C:\ProgramData\TEMP:EF53A5CA
AlternateDataStreams: C:\ProgramData\TEMP:EFBD4447
AlternateDataStreams: C:\ProgramData\TEMP:F193BFCF
AlternateDataStreams: C:\ProgramData\TEMP:F2E878EB
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
AlternateDataStreams: C:\ProgramData\TEMP:F52DB269
AlternateDataStreams: C:\ProgramData\TEMP:F66F0A25
AlternateDataStreams: C:\ProgramData\TEMP:F79145E5
AlternateDataStreams: C:\ProgramData\TEMP:F7FFE8AF
AlternateDataStreams: C:\ProgramData\TEMP:F817E159
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F8DE80DB
AlternateDataStreams: C:\ProgramData\TEMP:FA7EAF8F
AlternateDataStreams: C:\ProgramData\TEMP:FB0D0243
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9
AlternateDataStreams: C:\ProgramData\TEMP:FC97DEBC
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: CrossLoopService => 2
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: RoxWatch9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ChromeFrameHelper => "C:\Users\Mike & Deb\AppData\Local\Google\Chrome\Application\16.0.912.63\chrome_frame_helper.exe" --startup
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: wextract_cleanup0 => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\MIKE&D~1\AppData\Local\Temp\IXP000.TMP\"
MSCONFIG\startupreg: wextract_cleanup1 => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\MIKE&D~1\AppData\Local\Temp\IXP001.TMP\"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3069903202-911295184-2383535342-500 - Administrator - Disabled)
Guest (S-1-5-21-3069903202-911295184-2383535342-501 - Administrator - Disabled)
Mike & Deb (S-1-5-21-3069903202-911295184-2383535342-1000 - Administrator - Enabled) => C:\Users\Mike & Deb
 
==================== Faulty Device Manager Devices =============
 
Name: Optiarc DVD+-RW AD-7200S ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: USB   HS-CF Card
Description: USB   HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: USB   HS-MS Card
Description: USB   HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: USB   HS-SD Card
Description: USB   HS-SD Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: USB   HS-xD/SM  
Description: USB   HS-xD/SM  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/09/2015 07:18:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 7.1.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f1c
Start Time: 01d02c7afb6e4320
Termination Time: 0
 
Error: (01/09/2015 07:13:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 7.1.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1460
Start Time: 01d02c5d6b9751a0
Termination Time: 16
 
Error: (01/09/2015 05:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 05:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 01:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 01:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 00:48:27 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 00:48:27 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 09:31:59 AM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
Error: (01/09/2015 09:31:59 AM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.
 
 
System errors:
=============
Error: (09/01/2010 06:55:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:05:08 PM on 9/1/2010 was unexpected.
 
Error: (08/30/2010 07:32:53 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (08/30/2010 07:32:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:20:04 PM on 8/30/2010 was unexpected.
 
Error: (08/30/2010 06:31:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
 
Error: (08/30/2010 03:36:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (08/30/2010 03:35:04 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (08/30/2010 03:35:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:31:04 PM on 8/29/2010 was unexpected.
 
Error: (08/29/2010 06:27:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (08/29/2010 06:25:52 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (08/29/2010 06:25:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:42:28 PM on 8/29/2010 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (01/09/2015 07:18:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe7.1.2015.0f1c01d02c7afb6e43200
 
Error: (01/09/2015 07:13:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe7.1.2015.0146001d02c5d6b9751a016
 
Error: (01/09/2015 05:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 05:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 01:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 01:32:04 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 00:48:27 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 00:48:27 PM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 09:31:59 AM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
Error: (01/09/2015 09:31:59 AM) (Source: MsiInstaller) (EventID: 11330) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREx.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 24577 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 2036.45 MB
Available physical RAM: 1265.14 MB
Total Pagefile: 4324.18 MB
Available Pagefile: 3038.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.97 MB
 
==================== Drives ================================


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 12 January 2015 - 04:24 AM

Please post the FRST.txt as well


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 12 January 2015 - 01:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Mike & Deb (administrator) on DIMAIOFAMILY on 09-01-2015 19:19:21
Running from C:\Users\Mike & Deb\Desktop
Loaded Profile: Mike & Deb (Available profiles: Mike & Deb)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\avg8 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-28] (SUPERAntiSpyware)
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> {362269bd-c93c-460f-9255-3bd667eb7f0a} URL = 
SearchScopes: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=egames3_1yach&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> {5BB77C64-9C22-4BAA-97AC-F525BBE79D3C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-3069903202-911295184-2383535342-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{CA9E4857-CECF-454C-9F06-D1CD41932C70}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-07-29]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2013-12-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-05]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (WOT) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-04]
CHR Extension: (YouTube) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Gmail) - C:\Users\Mike & Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-11-07] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 avgfws; "C:\Program Files\AVG\AVG2014\avgfws.exe" [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-16] (AnchorFree Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-03] (Malwarebytes Corporation)
S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [46848 2007-03-20] (Mars Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-16] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\MIKE&D~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kpsokjcu; \??\C:\Windows\system32\drivers\kpsokjcu.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 nyiotn; System32\drivers\lrky.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
U3 mbr; \??\C:\Windows\TEMP\mbr.sys [X]
U3 pxlyipow; \??\C:\Windows\TEMP\pxlyipow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 19:16 - 2015-01-08 19:16 - 04166770 _____ () C:\Users\Mike & Deb\Desktop\tdsskiller.zip
2015-01-08 19:13 - 2015-01-08 19:13 - 00001495 _____ () C:\Users\Mike & Deb\Desktop\ark.txt
2015-01-08 19:11 - 2015-01-08 19:11 - 00001495 _____ () C:\Users\Mike & Deb\Desktop\comp log.log
2015-01-08 17:21 - 2015-01-08 17:21 - 00380416 _____ () C:\Users\Mike & Deb\Desktop\bq97r2yl.exe
2015-01-08 17:15 - 2015-01-08 17:15 - 00000000 ____D () C:\Users\Mike & Deb\Desktop\FRST-OlderVersion
2015-01-08 17:02 - 2015-01-09 19:14 - 00054737 _____ () C:\Users\Mike & Deb\Desktop\Addition.txt
2015-01-08 17:00 - 2015-01-09 19:19 - 00016982 _____ () C:\Users\Mike & Deb\Desktop\FRST.txt
2015-01-08 16:59 - 2015-01-09 19:19 - 00000000 ____D () C:\FRST
2015-01-06 05:01 - 2015-01-08 17:15 - 01115648 _____ (Farbar) C:\Users\Mike & Deb\Desktop\FRST.exe
2015-01-05 20:54 - 2015-01-05 20:54 - 00006327 _____ () C:\Users\Mike & Deb\Desktop\attach.txt
2015-01-05 20:54 - 2015-01-05 20:52 - 00009260 _____ () C:\Users\Mike & Deb\Desktop\dds.txt
2015-01-05 20:47 - 2015-01-05 20:47 - 00688992 ____R (Swearware) C:\Users\Mike & Deb\Desktop\dds.com
2015-01-03 19:04 - 2015-01-03 19:04 - 00005831 _____ () C:\Users\Mike & Deb\Desktop\Escan.txt
2015-01-03 12:11 - 2015-01-03 12:11 - 02347384 _____ (ESET) C:\Users\Mike & Deb\Desktop\esetsmartinstaller_enu.exe
2015-01-03 12:11 - 2015-01-03 12:11 - 00000000 ____D () C:\Program Files\ESET
2015-01-03 12:02 - 2015-01-03 12:02 - 00001255 _____ () C:\Users\Mike & Deb\Desktop\MAMB.txt
2015-01-01 17:39 - 2015-01-01 17:39 - 00030296 _____ () C:\Users\Mike & Deb\Desktop\Result.txt
2015-01-01 17:26 - 2015-01-01 17:26 - 00401920 _____ (Farbar) C:\Users\Mike & Deb\Desktop\MiniToolBox.exe
2015-01-01 17:25 - 2015-01-01 17:25 - 00003380 _____ () C:\Users\Mike & Deb\Desktop\FSS.txt
2015-01-01 17:24 - 2015-01-01 17:24 - 00415232 _____ (Farbar) C:\Users\Mike & Deb\Desktop\FSS.exe
2015-01-01 17:20 - 2015-01-03 11:17 - 00000000 ____D () C:\AdwCleaner
2015-01-01 17:19 - 2015-01-01 17:19 - 02173952 _____ () C:\Users\Mike & Deb\Desktop\AdwCleaner.exe
2015-01-01 16:44 - 2015-01-01 16:44 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mike & Deb\Desktop\tdsskiller (2).exe
2015-01-01 16:41 - 2015-01-01 16:41 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mike & Deb\Downloads\tdsskiller (1).exe
2014-12-28 23:04 - 2015-01-03 11:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 23:04 - 2014-12-28 23:04 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 23:03 - 2014-12-31 08:48 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-28 23:03 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 23:03 - 2014-12-28 23:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-28 23:03 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-28 23:03 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-28 23:00 - 2014-12-28 23:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mike & Deb\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 22:36 - 2014-12-28 22:40 - 00000167 _____ () C:\Users\Mike & Deb\Documents\fixme.reg
2014-12-28 21:14 - 2014-12-28 21:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-28 20:28 - 2014-12-28 20:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-28 20:28 - 2014-12-28 20:28 - 00000000 _____ () C:\Windows\setupact.log
2014-12-28 17:47 - 2014-12-28 17:47 - 00013159 _____ () C:\ComboFix.txt
2014-12-28 17:19 - 2015-01-03 11:19 - 00019272 _____ () C:\Windows\PFRO.log
2014-12-28 14:13 - 2014-12-28 16:26 - 00020151 _____ () C:\Users\Mike & Deb\Desktop\avgrep.txt
2014-12-28 13:51 - 2014-12-28 13:51 - 00418456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 13:34 - 2014-12-28 17:21 - 00000031 _____ () C:\Users\MIKE
2014-12-26 00:30 - 2014-12-26 00:30 - 00001224 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-12-25 20:30 - 2014-12-25 20:30 - 00001922 _____ () C:\Users\Public\Desktop\Play Christmas Eve - Midnights Call.lnk
2014-12-25 20:28 - 2014-12-25 20:30 - 00000000 ____D () C:\Program Files\Christmas Eve - Midnights Call
2014-12-25 20:28 - 2014-12-25 20:28 - 00000000 ____D () C:\Users\Mike & Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Christmas Eve - Midnights Call
2014-12-25 20:28 - 2014-12-25 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Christmas Eve - Midnights Call
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 18:34 - 2012-01-21 00:44 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-01-09 18:29 - 2006-11-02 05:45 - 00005248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 18:29 - 2006-11-02 05:45 - 00005248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 17:31 - 2014-07-01 12:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-09 16:39 - 2013-12-24 20:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 14:42 - 2008-02-19 08:13 - 02081229 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 23:34 - 2012-07-20 19:59 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-08 22:34 - 2013-07-12 22:52 - 00000000 ____D () C:\BigFishCache
2015-01-05 20:28 - 2006-11-02 05:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 06:20 - 2006-11-02 05:58 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-03 18:35 - 2012-10-06 21:24 - 00000000 ____D () C:\Temp
2015-01-01 17:09 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-30 08:06 - 2010-02-20 13:54 - 00000000 ____D () C:\Windows\SHELLNEW
2014-12-29 00:02 - 2014-11-22 06:05 - 00000000 ____D () C:\Program Files\FrostWire 6
2014-12-28 22:59 - 2008-02-19 08:41 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-28 21:14 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-28 18:37 - 2012-07-18 22:21 - 00000000 ____D () C:\Qoobox
2014-12-28 18:37 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2014-12-28 17:45 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-28 17:07 - 2010-02-18 21:54 - 00000000 ____D () C:\Users\Mike & Deb\AppData\Roaming\Facebook
2014-12-28 17:04 - 2010-02-13 20:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-28 13:37 - 2012-07-18 22:26 - 05603624 ____R (Swearware) C:\Users\Mike & Deb\Downloads\ComboFix.exe
2014-12-28 13:20 - 2011-10-07 20:55 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-28 13:20 - 2011-10-07 20:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 13:11 - 2014-11-22 06:05 - 00000000 ____D () C:\Users\Mike & Deb\.frostwire5
2014-12-27 21:52 - 2014-10-07 16:39 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-26 01:21 - 2006-11-02 05:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 00:32 - 2012-05-28 22:38 - 00000000 ____D () C:\Users\Mike & Deb\AppData\Roaming\Eipix
2014-12-25 20:42 - 2011-01-19 20:03 - 00000000 ____D () C:\Users\Mike & Deb\AppData\Roaming\ERS Game Studios
2014-12-14 04:40 - 2013-12-24 20:45 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 00:48 - 2011-03-07 21:14 - 00000000 ____D () C:\Users\Mike & Deb\AppData\Roaming\Elephant Games
 
ZeroAccess:
C:\Windows\Installer\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d}
 
ZeroAccess:
C:\Users\Mike & Deb\AppData\Local\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d}
C:\Users\Mike & Deb\AppData\Local\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d}\@
 
Files to move or delete:
====================
C:\ProgramData\ldvt.exe
C:\ProgramData\lgql.exe
C:\ProgramData\nxvo.exe
C:\ProgramData\wvcy.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 13 January 2015 - 10:02 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 January 2015 - 12:12 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Mike & Deb at 2015-01-13 10:05:32 Run:1
Running from C:\Users\Mike & Deb\Desktop
Loaded Profile: Mike & Deb (Available profiles: Mike & Deb)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\avg8 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3069903202-911295184-2383535342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
S1 kpsokjcu; \??\C:\Windows\system32\drivers\kpsokjcu.sys [X]
S0 nyiotn; System32\drivers\lrky.sys [X]
 
C:\Windows\Installer\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d}
C:\Users\Mike & Deb\AppData\Local\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d}
C:\ProgramData\ldvt.exe
C:\ProgramData\lgql.exe
C:\ProgramData\nxvo.exe
C:\ProgramData\wvcy.exe
 
CMD: netsh winsock reset
EmptyTemp:
Reboot:
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKU\S-1-5-21-3069903202-911295184-2383535342-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3069903202-911295184-2383535342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
kpsokjcu => Service deleted successfully.
nyiotn => Service deleted successfully.
C:\Windows\Installer\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d} => Moved successfully.
C:\Users\Mike & Deb\AppData\Local\{d849a70c-a05d-c3de-dd7c-cd9edb59c22d} => Moved successfully.
C:\ProgramData\ldvt.exe => Moved successfully.
C:\ProgramData\lgql.exe => Moved successfully.
C:\ProgramData\nxvo.exe => Moved successfully.
C:\ProgramData\wvcy.exe => Moved successfully.
 
=========  netsh winsock reset =========
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 636.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:05:56 ====


#12 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 January 2015 - 12:53 PM

 Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 1/13/2015
Scan Time: 10:14:20 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.13.13
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Mike & Deb
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325273
Time Elapsed: 29 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
Trojan.Agent, HKU\S-1-5-21-3069903202-911295184-2383535342-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER|zergling_rush, Quarantined, [fef3f1059bee3ff76bba90dc3fc40df3], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 14 January 2015 - 02:32 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 DrgnHmcd

DrgnHmcd
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 14 January 2015 - 05:50 PM

No threats found. and i can now open the programs that were blocked.  i thank you for your time.  if there is anything else i need to do please let me know



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 17 January 2015 - 05:53 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!





Are any problems left or may I post the final reply? :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users