Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Contacts getting spammed from my email address


  • This topic is locked This topic is locked
28 replies to this topic

#1 techboy

techboy

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 02 October 2015 - 03:53 PM

Ran several malware programs but problem still there. FRST.exe log files attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Owner (administrator) on OWNER-PC (02-10-2015 14:43:29)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Murray Hurps Software Pty Ltd) C:\Program Files\Ad Muncher\AdMunch.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Ad Muncher] => C:\Program Files\Ad Muncher\AdMunch.exe [560760 2015-09-27] (Murray Hurps Software Pty Ltd)
HKLM\...\RunOnce: [delete_privazer_uninstaller_at_next_PC_boot] => cmd /c rmdir /q /s "C:\Users\Owner\AppData\Local\Temp\Pri~0~" <===== ATTENTION
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\MountPoints2: {5fe9a133-8860-11dc-9501-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-2374193802-934911541-997804749-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-19] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-10-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.175.250 192.168.175.251
Tcpip\..\Interfaces\{29184B56-84E6-45C2-95CE-45875C540344}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{29184B56-84E6-45C2-95CE-45875C540344}: [DhcpNameServer] 192.168.175.250 192.168.175.251

Internet Explorer:
==================
HKU\S-1-5-21-2374193802-934911541-997804749-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071101
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071101
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2374193802-934911541-997804749-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01] (TechSmith Corporation)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01] (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-2374193802-934911541-997804749-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.photolab.ca/Upload/ImageUploader4.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6owx4s5v.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Extension: Feedback - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6owx4s5v.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-02-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-29]
FF HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-09-15] (SUPERAntiSpyware.com)
R2 atashost; C:\Windows\system32\atashost.exe [134456 2012-11-28] (Cisco WebEx LLC)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2009-04-12] (Jungo) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 14:43 - 2015-10-02 14:44 - 00018338 _____ C:\Users\Owner\Desktop\FRST.txt
2015-10-02 14:43 - 2015-10-02 14:43 - 00000000 ____D C:\FRST
2015-10-02 14:41 - 2015-10-02 14:41 - 00000079 _____ C:\Windows\wininit.ini
2015-10-02 14:37 - 2015-10-02 14:37 - 01696256 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-10-02 14:32 - 2015-10-02 14:42 - 00000829 _____ C:\Windows\setupact.log
2015-10-02 14:32 - 2015-10-02 14:32 - 00000000 _____ C:\Windows\setuperr.log
2015-10-02 10:23 - 2015-08-13 08:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-10-02 10:23 - 2015-08-13 08:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-10-02 10:22 - 2015-09-02 15:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-02 10:22 - 2015-09-02 15:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-02 10:20 - 2015-07-10 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-02 10:19 - 2015-09-02 15:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-02 10:19 - 2015-09-02 13:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-02 10:19 - 2015-09-02 13:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-02 10:19 - 2015-08-05 09:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-02 10:12 - 2015-08-17 11:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-02 10:12 - 2015-08-17 11:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-02 10:12 - 2015-08-17 11:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-02 10:12 - 2015-08-17 11:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-02 10:12 - 2015-08-17 11:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-02 10:12 - 2015-08-17 11:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-02 10:12 - 2015-08-17 11:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-02 10:12 - 2015-08-17 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-02 10:12 - 2015-08-17 11:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-10-02 10:12 - 2015-08-17 11:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-10-02 10:12 - 2015-08-17 11:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-10-02 10:12 - 2015-08-17 11:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-02 08:55 - 2015-07-11 09:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-02 08:53 - 2015-07-31 15:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-10-02 08:53 - 2015-07-31 15:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-10-02 08:53 - 2015-07-31 15:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-10-02 08:53 - 2015-07-31 15:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-10-02 08:53 - 2015-07-31 14:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-10-02 08:53 - 2015-07-31 14:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-10-02 08:53 - 2015-07-31 14:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-02 08:53 - 2015-07-31 14:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-10-02 08:53 - 2015-07-31 14:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-10-02 08:19 - 2015-10-02 08:19 - 00132992 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-02 08:17 - 2015-10-02 10:31 - 00440504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-27 12:12 - 2015-09-27 13:11 - 00000000 ____D C:\ProgramData\Ad Muncher
2015-09-27 12:12 - 2015-09-27 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2015-09-27 12:12 - 2015-09-27 12:12 - 00000000 ____D C:\Program Files\Ad Muncher
2015-09-27 12:11 - 2015-09-27 12:11 - 00560760 _____ (Murray Hurps Software Pty Ltd) C:\Users\Owner\Downloads\AM-Install.exe
2015-09-24 08:39 - 2015-09-24 08:41 - 07593096 _____ (Goversoft LLC) C:\Users\Owner\Downloads\privazer_free.exe
2015-09-23 22:29 - 2015-09-23 22:40 - 00000000 ____D C:\AdwCleaner
2015-09-23 22:28 - 2015-09-23 22:28 - 01662976 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2015-09-23 11:09 - 2015-10-02 14:31 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-23 11:08 - 2015-09-23 11:08 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-23 11:05 - 2015-09-23 11:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-23 10:47 - 2015-09-23 11:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-23 10:47 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-23 10:47 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-23 07:29 - 2015-09-23 07:30 - 10369928 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro (1).exe
2015-09-18 19:53 - 2015-09-18 20:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-18 19:50 - 2015-09-18 19:53 - 10369928 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro.exe
2015-09-15 22:29 - 2015-09-15 22:29 - 00000000 ____D C:\SUPERDelete

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 14:41 - 2014-02-10 15:54 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-10-02 14:41 - 2008-12-01 19:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-02 14:39 - 2013-05-24 15:33 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-02 14:39 - 2007-11-01 03:57 - 01232620 _____ C:\Windows\WindowsUpdate.log
2015-10-02 14:31 - 2012-11-24 11:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 14:31 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 14:31 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 14:31 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 10:49 - 2006-11-02 07:01 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-02 10:28 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-02 10:27 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-02 10:22 - 2012-04-04 18:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-02 10:20 - 2012-11-24 11:19 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 09:38 - 2012-10-29 19:55 - 00000000 ____D C:\Users\Owner\Documents\My Scans
2015-09-28 20:06 - 2007-11-13 15:34 - 00002607 _____ C:\Users\Owner\Desktop\Microsoft Office Excel 2003.lnk
2015-09-28 20:05 - 2007-11-13 15:34 - 00002609 _____ C:\Users\Owner\Desktop\Microsoft Office Word 2003.lnk
2015-09-25 10:08 - 2008-11-30 12:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-25 00:36 - 2015-01-16 15:33 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-24 17:06 - 2007-11-10 14:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\LimeWire
2015-09-24 16:27 - 2006-11-10 07:22 - 00000000 ____D C:\Windows\Panther
2015-09-24 16:25 - 2009-06-13 15:27 - 00000000 ____D C:\Windows\BDOSCAN8
2015-09-24 16:25 - 2009-06-13 10:37 - 00000000 ____D C:\Windows\Minidump
2015-09-24 16:13 - 2007-11-10 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire
2015-09-23 22:40 - 2012-10-29 19:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yahoo!
2015-09-23 12:43 - 2009-06-12 17:56 - 00000000 ____D C:\ProgramData\TEMP
2015-09-23 10:48 - 2008-11-28 11:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2015-09-23 10:47 - 2008-11-28 11:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-22 10:07 - 2012-04-04 18:33 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 10:07 - 2011-05-17 18:50 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-17 20:08 - 2009-06-12 20:57 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-09-15 21:59 - 2008-03-02 14:21 - 00000000 ____D C:\Windows\pss
2015-09-15 21:51 - 2007-11-18 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2015-09-15 21:51 - 2007-11-18 20:54 - 00000652 _____ C:\Windows\SIERRA.INI
2015-09-15 21:51 - 2007-11-01 04:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-14 12:49 - 2007-11-10 13:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2015-09-06 10:56 - 2006-11-02 04:33 - 02732620 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2008-02-18 21:44 - 2008-02-18 21:44 - 59196712 _____ (Apple Inc.) C:\Program Files\iTunesSetup.exe
2008-02-24 08:52 - 2008-02-24 08:52 - 23344432 _____ (Apple Inc.) C:\Program Files\QuickTimeInstaller.exe
2008-03-27 20:00 - 2008-03-27 20:00 - 13385816 _____ () C:\Program Files\SnagIt_8.2.3.rar
2012-11-28 19:13 - 2013-10-17 19:49 - 0000462 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-28 19:09 - 2013-12-20 13:38 - 0002009 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-28 19:13 - 2013-10-17 19:49 - 0000462 _____ () C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-11-28 19:18 - 2013-10-17 19:49 - 0000462 _____ () C:\Users\Owner\AppData\Roaming\Rim.Transcoder.Exception.log
2011-06-29 07:57 - 2014-03-09 17:36 - 0001746 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-03-02 13:53 - 2008-12-03 12:08 - 0001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2007-11-10 13:39 - 2012-11-28 19:18 - 0034304 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-03-05 08:22 - 2008-05-14 14:47 - 0004096 ____H () C:\Users\Owner\AppData\Local\keyfile3.drm
2011-01-20 11:00 - 2013-05-23 13:12 - 0001940 _____ () C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2007-11-10 15:42 - 2012-10-29 19:49 - 0014305 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-02 14:36

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Owner (2015-10-02 14:44:46)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-11-01 09:57:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2374193802-934911541-997804749-500 - Administrator - Disabled)
Guest (S-1-5-21-2374193802-934911541-997804749-501 - Limited - Disabled)
Owner (S-1-5-21-2374193802-934911541-997804749-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Ad Muncher v4.94.34121 (Free) (HKLM\...\Ad Muncher) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 90.0.235.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Diagnostic Utility (HKLM\...\{5E06C076-E4E7-4239-A886-B3D8AC84C166}) (Version: 1.11.0001 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{5DDB3393-E08B-447E-925F-6C00B95D0FE7}) (Version: 2.1.1.3 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.0 - TechSmith Corporation)
SnagIt 8 (HKLM\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.01.12110 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SpywareBlaster 4.2 (HKLM\...\SpywareBlaster_is1) (Version: 4.2.0 - Javacool Software LLC)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
Tenorshare Photo Recovery (HKLM\...\Tenorshare Photo Recovery) (Version: - Tenorshare, Inc.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2374193802-934911541-997804749-1000_Classes\CLSID\{8075533B-5146-11D5-A672-00B0D022E945}\InprocServer32 -> no filepath

==================== Restore Points =========================

23-09-2015 00:00:15 Scheduled Checkpoint
23-09-2015 07:51:27 Checkpoint by HitmanPro
23-09-2015 07:55:13 Checkpoint by HitmanPro
23-09-2015 10:57:30 Removed iTunesToAndroid
23-09-2015 23:58:53 Scheduled Checkpoint
24-09-2015 13:19:20 Restore point
24-09-2015 20:31:03 Windows Update
26-09-2015 08:48:31 Scheduled Checkpoint
27-09-2015 00:00:11 Scheduled Checkpoint
28-09-2015 00:00:11 Scheduled Checkpoint
28-09-2015 20:26:55 Windows Update
30-09-2015 00:00:10 Scheduled Checkpoint
01-10-2015 00:00:12 Scheduled Checkpoint
02-10-2015 00:00:11 Scheduled Checkpoint
02-10-2015 08:53:19 Windows Update
02-10-2015 10:12:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2008-11-30 11:58 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0305BADA-724E-4FCD-99FC-5E9EF140CA31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {101E591A-5773-4032-BA45-655CE9C001AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {39DC9405-5DC6-47AB-B083-772C7F66E23A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5BDE52BD-9795-419B-B0DC-124C5E8F96E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {8F09B38C-5EB7-43FC-AF7B-D83597BF93AF} - System32\Tasks\{D05EA83B-638A-4A2C-9441-30DBA7B26765} => pcalua.exe -a "C:\Program Files\HP\Digital Imaging\{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}\setup\hpzscr01.exe" -c -datfile hpiscr06.dat
Task: {90B65B11-F05F-4739-9436-5563B75298F8} - System32\Tasks\{BCE8C765-B892-46F0-8163-28977A76F88C} => pcalua.exe -a "C:\Program Files\Research In Motion\BlackBerry Desktop\InstallerUtils\InstallerUtils.exe" -c /UninstallDesktop
Task: {9554FD8A-37F4-4E23-85C9-683F69A44646} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DCB3273F-FF20-48BC-B0FD-ECF274CB915A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-04-23 20:50 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\bodybyvi.com -> hxxp://kimberlyw.bodybyvi.com

IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2374193802-934911541-997804749-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4802 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2374193802-934911541-997804749-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Pictures\15-01-2014 Jamaica\DSC00610.JPG
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{BD995000-8D26-46BB-A974-F473813D07EE}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{117E3CCD-92E6-4543-AAFC-A4CEE1A8A383}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{6C1F6481-10D8-4CF7-A4A0-DB5D8EB313A4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{A05FB9AF-2300-42EC-B18E-CC6A10BDB635}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{23A91587-7AE9-4619-A888-6F733C720723}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{3DAA9711-CA50-499F-8887-FD97B72DA2DB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{A41CC653-0C35-479A-988F-A77D608C11FB}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1A05.tmp\SymNRT.exe
FirewallRules: [{A1453590-B522-47DB-83BE-08E447C4C3A4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1A05.tmp\SymNRT.exe
FirewallRules: [{52D72F87-08A0-4C39-9A05-B13DA3E00B81}] => (Allow) LPort=80
FirewallRules: [{4E4AD6A6-53DF-44FB-A38B-C15C10129620}] => (Allow) LPort=80
FirewallRules: [{B896E33D-5D72-4C2F-ADA7-8C8A9100BC14}] => (Allow) LPort=80
FirewallRules: [{657B3817-AD62-4743-BA9F-07CDAB996C3F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0C99E57-C93C-44D2-9C54-9C98F2685B10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{518A3DEB-8A19-4506-8479-33070FA2E8F8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{233B8C0A-FF40-49A6-B7B2-AAD2F083E0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{254291D6-2581-4999-BF2A-C22BF9B25090}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3AA1C3C8-6F2A-4553-B025-999E189B0FF3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{7C3D2C76-B096-4425-B7E0-E5C455A0F266}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F41DAC2A-C3F6-4EC8-8D7D-5944C7C4BBA4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0CB36178-9CAC-4586-9B18-A5EE2C4A141C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{88DE964D-9C47-451A-A17B-C10FB3B97536}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{9AC88DA9-DEEF-412A-9F1F-733282BBE122}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D7F81CE4-D316-42E0-87BD-95BBB248EB2F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{3F636865-C8C8-486B-884E-3B07DB845BC0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{FFC4139F-B63A-4EFE-921E-A503AE7AF5BD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{FCCF6E30-A853-45C3-B004-362E2C9C3B21}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CDEC28B2-1967-448A-AF11-59BB60B66CDE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{70A926C9-858F-4D49-95C8-5F4D6F59F475}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AFCDDD0E-3C54-4375-B0B9-60A8F76FE47E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{BFC388A7-0E1D-475D-94DA-83782343E0B1}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{6BE4465A-427A-489C-A5F6-4ED8E07C8834}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{F65B5C79-8236-4E4F-A666-3E7CB04D8223}C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe] => (Block) C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe
FirewallRules: [UDP Query User{62114D3D-808E-4B1B-9DD2-257F17AE2550}C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe] => (Block) C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe
FirewallRules: [TCP Query User{2CA2A319-25AA-4D05-9CC5-3139FFCDAE9B}C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe] => (Block) C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe
FirewallRules: [UDP Query User{04384113-FACC-40E9-965B-F2859E1386D8}C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe] => (Block) C:\program files\itunestoandroid\itunestoandroid\itunestoandroid.exe
FirewallRules: [{B61E158B-5BDD-4397-A228-997BB2DBE7C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{66A7D705-5022-4B4D-9D24-A56397F1418B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{72BF4BEC-208E-4CDA-807F-CEDED9D6DA2E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2015 02:46:21 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (10/02/2015 02:46:21 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16


System errors:
=============
Error: (10/02/2015 02:34:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (10/02/2015 02:31:16 PM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (10/02/2015 10:49:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5

Error: (10/02/2015 10:42:00 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (10/02/2015 10:35:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (10/02/2015 10:33:11 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.8.0204.0%%886%%8920x80070005Access is denied. 9

Error: (10/02/2015 10:33:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (10/02/2015 10:32:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Updating Service%%1053

Error: (10/02/2015 10:32:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Updating Service

Error: (10/02/2015 10:31:50 AM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482


CodeIntegrity:
===================================
Date: 2015-10-02 14:44:40.782
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:40.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:39.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:39.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:38.660
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:38.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:37.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:37.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:13.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-02 14:44:12.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 2036.45 MB
Available physical RAM: 930.16 MB
Total Virtual: 4318.16 MB
Available Virtual: 3242.54 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:102.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.22 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:5.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 005823B8)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 October 2015 - 03:44 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 05 October 2015 - 03:45 PM

Greetings techboy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Limewire installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\RunOnce: [delete_privazer_uninstaller_at_next_PC_boot] => cmd /c rmdir /q /s "C:\Users\Owner\AppData\Local\Temp\Pri~0~" <===== ATTENTION
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
HKU\S-1-5-21-2374193802-934911541-997804749-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2374193802-934911541-997804749-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-2374193802-934911541-997804749-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2015-10-02 14:41 - 2015-10-02 14:41 - 00000079 _____ C:\Windows\wininit.ini
CustomCLSID: HKU\S-1-5-21-2374193802-934911541-997804749-1000_Classes\CLSID\{8075533B-5146-11D5-A672-00B0D022E945}\InprocServer32 -> no filepath
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • Combofix log
  • System Summary Information

Edited by Oh My!, 05 October 2015 - 04:16 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 October 2015 - 04:14 PM

Sorry, am I missing something? I just see a copy of my log files. Are you saying there is nothing to be done? I'm confused.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 05 October 2015 - 04:16 PM

Ooops, please refresh the page and you will see I changed the information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 October 2015 - 06:03 PM

Hope I did this right.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Owner (2015-10-05 15:47:07) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\RunOnce: [delete_privazer_uninstaller_at_next_PC_boot] => cmd /c rmdir /q /s "C:\Users\Owner\AppData\Local\Temp\Pri~0~" <===== ATTENTION
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
HKU\S-1-5-21-2374193802-934911541-997804749-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2374193802-934911541-997804749-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-2374193802-934911541-997804749-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2015-10-02 14:41 - 2015-10-02 14:41 - 00000079 _____ C:\Windows\wininit.ini
CustomCLSID: HKU\S-1-5-21-2374193802-934911541-997804749-1000_Classes\CLSID\{8075533B-5146-11D5-A672-00B0D022E945}\InprocServer32 -> no filepath
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\delete_privazer_uninstaller_at_next_PC_boot => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value removed successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => key not found.
"HKU\S-1-5-21-2374193802-934911541-997804749-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2374193802-934911541-997804749-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value removed successfully.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found.
HKU\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value removed successfully.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value removed successfully.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Windows\system32\npdeployJava1.dll => not found.
stllssvr => service removed successfully.
blbdrive => service removed successfully.
catchme => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
SBRE => service removed successfully.
C:\Windows\wininit.ini => moved successfully
"HKU\S-1-5-21-2374193802-934911541-997804749-1000_Classes\CLSID\{8075533B-5146-11D5-A672-00B0D022E945}" => key removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
C:\ProgramData\TEMP => ":D2F2F703" ADS removed successfully..

==== End of Fixlog 15:47:07 ====

 

RogueKiller V10.10.9.0 [Oct  5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/05/2015 16:12:52

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG Web TuneUp\vprot.exe"  -> Found
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :   -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\fdc.sys)
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0xb47f3fb

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAJS-75VWA0 ATA Device +++++
--- User ---
[MBR] 2810f80b0d308030f29a2f75f3dcdcae
[BSP] 597689f9fd584ba824a36be87199a262 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] a6ab673ddde1e8a647d41987e7855dc6
[BSP] 14629291b1b81dee69aad761be1d4402 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 2048 | Size: 7639 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

ComboFix 15-10-01.01 - Owner 05/10/2015  16:20:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2036.409 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Microsoft Service
c:\users\Owner\Documents\~WRL2540.tmp
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI2082.txt
c:\windows\tmp\dd_vcredistUI2082.txt
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-05 to 2015-10-05  )))))))))))))))))))))))))))))))
.
.
2015-10-05 22:33 . 2015-10-05 22:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-10-05 21:56 . 2015-10-05 21:56    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-10-05 21:56 . 2015-10-05 22:14    --------    d-----w-    c:\programdata\RogueKiller
2015-10-03 06:35 . 2015-10-03 06:35    --------    d-----w-    c:\programdata\Auslogics
2015-10-02 23:33 . 2015-10-02 23:33    --------    d-----w-    c:\users\Owner\AppData\Local\AVG Web TuneUp
2015-10-02 23:33 . 2015-10-02 23:33    --------    d-----w-    c:\programdata\AVG Security Toolbar
2015-10-02 23:32 . 2015-10-02 23:32    --------    d-----w-    c:\programdata\AVG Secure Search
2015-10-02 23:32 . 2015-10-02 23:33    --------    d-----w-    c:\program files\Common Files\AVG Secure Search
2015-10-02 23:32 . 2015-10-02 23:33    --------    d-----w-    c:\programdata\AVG Web TuneUp
2015-10-02 23:32 . 2015-10-02 23:32    --------    d-----w-    c:\program files\AVG Web TuneUp
2015-10-02 23:27 . 2015-10-02 23:27    --------    d-----w-    c:\users\Owner\AppData\Roaming\AVG
2015-10-02 23:24 . 2015-10-02 23:24    --------    d-----w-    c:\users\Owner\AppData\Roaming\TuneUp Software
2015-10-02 23:23 . 2015-10-02 23:23    --------    d-----w-    C:\$AVG
2015-10-02 23:18 . 2015-10-05 21:45    --------    d-----w-    c:\programdata\MFAData
2015-10-02 23:18 . 2015-10-02 23:18    --------    d-----w-    c:\users\Owner\AppData\Local\MFAData
2015-10-02 23:18 . 2015-10-02 23:23    --------    d-----w-    c:\programdata\Avg
2015-10-02 23:18 . 2015-10-02 23:19    --------    d-----w-    c:\program files\AVG
2015-10-02 23:18 . 2015-10-02 23:18    --------    d--h--w-    c:\programdata\Common Files
2015-10-02 23:17 . 2015-10-02 23:26    --------    d-----w-    c:\users\Owner\AppData\Local\Avg
2015-10-02 22:42 . 2015-09-16 11:43    8884144    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{70971E6A-EB61-4EDB-8D46-6AE7D81FE241}\mpengine.dll
2015-10-02 22:17 . 2012-08-20 16:10    1205344    ----a-w-    c:\windows\system32\drivers\netr28u.sys
2015-10-02 22:17 . 2011-12-26 16:57    238944    ----a-w-    c:\windows\system32\RaCoInst.dll
2015-10-02 22:17 . 2015-10-02 22:17    --------    d-----w-    c:\programdata\Ralink Driver
2015-10-02 22:03 . 2006-10-27 01:56    33104    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-10-02 22:03 . 2006-10-27 01:56    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2015-10-02 21:56 . 2015-10-02 21:56    --------    d-----w-    c:\windows\PCHEALTH
2015-10-02 21:54 . 2015-10-02 21:54    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2015-10-02 20:43 . 2015-10-05 21:47    --------    d-----w-    C:\FRST
2015-10-02 16:23 . 2015-08-13 14:15    304640    ----a-w-    c:\windows\system32\drivers\srv.sys
2015-10-02 16:23 . 2015-08-13 14:15    102912    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2015-10-02 16:22 . 2015-09-02 21:26    1402368    ----a-w-    c:\windows\system32\msxml6.dll
2015-10-02 16:22 . 2015-09-02 21:26    1253376    ----a-w-    c:\windows\system32\msxml3.dll
2015-10-02 16:20 . 2015-07-10 14:21    2048    ----a-w-    c:\windows\system32\tzres.dll
2015-10-02 16:19 . 2015-08-05 15:58    940032    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-10-02 16:19 . 2015-08-05 15:59    1220608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2015-10-02 16:19 . 2015-08-05 15:58    985600    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2015-10-02 16:19 . 2015-08-05 14:24    1850880    ----a-w-    c:\program files\Windows Journal\Journal.exe
2015-10-02 16:19 . 2015-08-05 15:58    967680    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2015-10-02 16:19 . 2015-09-02 21:26    34304    ----a-w-    c:\windows\system32\atmlib.dll
2015-10-02 16:19 . 2015-09-02 19:55    2067456    ----a-w-    c:\windows\system32\win32k.sys
2015-10-02 16:19 . 2015-09-02 19:54    297472    ----a-w-    c:\windows\system32\atmfd.dll
2015-10-02 16:19 . 2015-08-05 15:59    602112    ----a-w-    c:\windows\system32\schedsvc.dll
2015-10-02 14:53 . 2015-07-31 21:46    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2015-10-02 14:53 . 2015-07-31 21:46    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2015-10-02 14:53 . 2015-07-31 21:46    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2015-10-02 14:53 . 2015-07-31 20:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2015-10-02 14:53 . 2015-07-31 20:41    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2015-10-02 14:53 . 2015-07-31 21:46    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2015-10-02 14:53 . 2015-07-31 20:35    682496    ----a-w-    c:\windows\system32\d2d1.dll
2015-10-02 14:53 . 2015-07-31 20:33    1072640    ----a-w-    c:\windows\system32\DWrite.dll
2015-10-02 14:53 . 2015-07-31 20:33    802304    ----a-w-    c:\windows\system32\FntCache.dll
2015-09-27 18:12 . 2015-09-27 19:11    --------    d-----w-    c:\programdata\Ad Muncher
2015-09-27 18:12 . 2015-09-27 18:12    --------    d-----w-    c:\program files\Ad Muncher
2015-09-19 01:53 . 2015-09-19 02:11    --------    d-----w-    c:\programdata\HitmanPro
2015-09-16 04:29 . 2015-09-16 04:29    --------    d-----w-    C:\SUPERDelete
2015-09-11 21:59 . 2015-09-11 21:59    251824    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-22 16:07 . 2012-04-05 00:33    780488    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-09-22 16:07 . 2011-05-18 00:50    142536    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-28 18:49 . 2015-08-28 18:49    231344    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2015-08-20 20:05 . 2015-08-20 20:05    231344    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2015-08-14 20:23 . 2015-08-14 20:23    308656    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2015-08-14 20:17 . 2015-08-14 20:17    31664    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2015-08-10 21:34 . 2015-08-10 21:34    232368    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2015-08-10 21:33 . 2015-08-10 21:33    189872    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2015-08-10 21:33 . 2015-08-10 21:33    156080    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2015-08-10 21:25 . 2015-08-10 21:25    36784    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2015-08-05 06:03 . 2015-08-05 06:03    877152    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 06:03 . 2015-08-05 06:03    538208    ----a-w-    c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 19:27 . 2015-08-12 07:42    103120    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:55 . 2015-08-12 07:43    1206192    ----a-w-    c:\windows\system32\ntdll.dll
2015-07-21 16:07 . 2015-08-12 07:43    56256    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2015-07-21 16:07 . 2015-08-12 07:43    3605440    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-07-21 16:07 . 2015-08-12 07:43    3553216    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-07-21 16:07 . 2015-08-12 07:43    140224    ----a-w-    c:\windows\system32\drivers\ecache.sys
2015-07-21 16:03 . 2015-08-12 07:43    10752    ----a-w-    c:\windows\system32\msmmsp.dll
2015-07-21 16:03 . 2015-08-12 07:43    564224    ----a-w-    c:\windows\system32\emdmgmt.dll
2015-07-21 16:03 . 2015-08-12 07:43    49664    ----a-w-    c:\windows\system32\csrsrv.dll
2015-07-18 16:03 . 2015-08-12 07:29    68608    ----a-w-    c:\windows\system32\basesrv.dll
2015-07-10 19:37 . 2015-08-12 07:42    2067968    ----a-w-    c:\windows\system32\mstscax.dll
2015-07-09 14:25 . 2015-08-12 07:25    151040    ----a-w-    c:\windows\system32\notepad.exe
2015-07-09 14:25 . 2015-08-12 07:25    151040    ----a-w-    c:\windows\notepad.exe
2008-02-24 14:52 . 2008-02-24 14:52    23344432    ----a-w-    c:\program files\QuickTimeInstaller.exe
2008-02-19 03:44 . 2008-02-19 03:44    59196712    ----a-w-    c:\program files\iTunesSetup.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2015-10-02 23:32    2426256    ----a-w-    c:\program files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2015-09-27 560760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AvgUi"="c:\program files\AVG\Framework\Common\avguix.exe" [2015-09-22 1125800]
"AVG_UI"="c:\program files\AVG\Av\avgui.exe" [2015-10-01 3812264]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2015-10-02 3177360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-03 19:19    43816    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09    460784    ----a-w-    c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-14 00:32    206064    ----a-w-    c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-10-10 00:57    16384    ----a-w-    c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03    17920    ----a-w-    c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-01-02 23:06    166424    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 18:18    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-01-02 23:07    141848    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35    221184    ----a-w-    c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-07-08 14:49    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-01-02 23:07    133656    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 09:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 13:22    4907008    ----a-w-    c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-11-01 10:05    77824    ----a-w-    c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2374193802-934911541-997804749-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-25 06:35    997704    ----a-w-    c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:07]
.
2015-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 01:08]
.
2015-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/webhp?complete=0&hl=en
mStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071101
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: bodybyvi.com\kimberlyw
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{29184B56-84E6-45C2-95CE-45875C540344}: NameServer = 8.8.8.8,8.8.4.4
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-05 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-10-05  16:39:11
ComboFix-quarantined-files.txt  2015-10-05 22:38
ComboFix2.txt  2009-06-13 22:53
.
Pre-Run: 117,225,463,808 bytes free
Post-Run: 117,075,771,392 bytes free
.
- - End Of File - - 1D78D8228C6E12F526F6CA4B485DC95C
5C616939100B85E558DA92B899A0FC36
 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 05 October 2015 - 07:44 PM

Yes, you did it perfectly, thanks.

Can you give me more information about your email program. Is it web based like gmail or something else?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
cmd: regedit /e "%userprofile%\desktop\look.txt" "HKLM\RK_Software_ON_D_AC2D"
reg: reg delete "HKLM\RK_Software_ON_D_AC2D" /F
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a look.txt file on your desktop as a backup of the registry key we are deleting. No need to do anything with it.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Email?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 October 2015 - 08:26 PM

Email program is Windows Live.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Owner (2015-10-05 19:22:23) Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
cmd: regedit /e "%userprofile%\desktop\look.txt" "HKLM\RK_Software_ON_D_AC2D"
reg: reg delete "HKLM\RK_Software_ON_D_AC2D" /F
*****************


=========  regedit /e "%userprofile%\desktop\look.txt" "HKLM\RK_Software_ON_D_AC2D" =========


========= End of CMD: =========


========= reg delete "HKLM\RK_Software_ON_D_AC2D" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 19:22:23 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 05 October 2015 - 09:01 PM

Let's modify it a bit and try it again.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
cmd: regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D"
reg: reg delete "HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D" /F
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a look.txt file on your desktop as a backup of the registry key we are deleting. No need to do anything with it.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 October 2015 - 09:23 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Owner (2015-10-05 20:21:56) Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
cmd: regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D"
reg: reg delete "HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D" /F
*****************


=========  regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D" =========


========= End of CMD: =========


========= reg delete "HKEY_LOCAL_MACHINE\RK_Software_ON_D_AC2D" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 20:21:56 ====



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 05 October 2015 - 09:45 PM

Hmmm,

Please rerun a RogueKiller scan and let's see if the Program is still reporting that entry.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 October 2015 - 10:33 PM

RogueKiller V10.10.9.0 [Oct  5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/05/2015 21:25:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG Web TuneUp\vprot.exe"  -> Found
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_0D57\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2374193802-934911541-997804749-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\fdc.sys)
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x690bf3fb

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAJS-75VWA0 ATA Device +++++
--- User ---
[MBR] 2810f80b0d308030f29a2f75f3dcdcae
[BSP] 597689f9fd584ba824a36be87199a262 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 05 October 2015 - 10:45 PM

Do this.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type regedit and press Enter
  • Navigate to the following registry key (expand the categories) to see if it exists

HKEY_LOCAL_MACHINE\RK_Software_ON_D_0D57


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 05 October 2015 - 11:15 PM

The only categories under HKEY_LOCAL_MACHINE are:

 

Components
Hardware
Sam
Security
Software
System

 

I also did a search in Regedit for the entire HKEY_LOCAL_MACHINE\RK_Software_ON_D_0D57 and it found nothing.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:21 AM

Posted 06 October 2015 - 08:47 AM

Nice job, thank you.

Are you having any other issues besides the one related to Windows Live?

Please run these 2 programs for me.

===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 techboy

techboy
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 06 October 2015 - 01:43 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-10-06 11:06:46
-----------------------------
11:06:46.672    OS Version: Windows 6.0.6002 Service Pack 2
11:06:46.672    Number of processors: 2 586 0xF0D
11:06:46.673    ComputerName: OWNER-PC  UserName: Owner
11:07:10.903    Initialize success
11:07:10.954    VM: initialized successfully
11:07:10.956    VM: Intel CPU virtualization not supported
11:14:23.111    AVAST engine defs: 15100600
11:14:37.724    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:37.729    Disk 0 Vendor: WDC_WD2500AAJS-75VWA0 12.01B02 Size: 238418MB BusType: 3
11:14:38.018    Disk 0 MBR read successfully
11:14:38.025    Disk 0 MBR scan
11:14:38.081    Disk 0 Windows VISTA default MBR code
11:14:38.090    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
11:14:38.111    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 98304
11:14:38.138    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       228129 MB offset 21069824
11:14:38.159    Disk 0 scanning sectors +488278016
11:14:38.541    Disk 0 scanning C:\Windows\system32\drivers
11:14:58.994    Service scanning
11:15:37.441    Modules scanning
11:15:37.463    Disk 0 trace - called modules:
11:15:37.504    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys dxgkrnl.sys igdkmd32.sys
11:15:37.517    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86257968]
11:15:37.531    3 CLASSPNP.SYS[887a38b3] -> nt!IofCallDriver -> [0x855fd918]
11:15:37.545    5 acpi.sys[8309e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85614b98]
11:16:02.515    AVAST engine scan C:\Windows
11:16:15.733    AVAST engine scan C:\Windows\system32
11:21:21.387    AVAST engine scan C:\Windows\system32\drivers
11:21:42.007    AVAST engine scan C:\Users\Owner
11:44:12.022    AVAST engine scan C:\ProgramData
11:51:22.565    Disk 0 statistics 2918951/0/0 @ 0.81 MB/s
11:51:22.579    Scan finished successfully
12:31:28.821    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
12:31:28.829    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

11:03:28.0270 0x1654  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
11:03:35.0587 0x1654  ============================================================
11:03:35.0587 0x1654  Current date / time: 2015/10/06 11:03:35.0587
11:03:35.0588 0x1654  SystemInfo:
11:03:35.0588 0x1654  
11:03:35.0588 0x1654  OS Version: 6.0.6002 ServicePack: 2.0
11:03:35.0588 0x1654  Product type: Workstation
11:03:35.0588 0x1654  ComputerName: OWNER-PC
11:03:35.0588 0x1654  UserName: Owner
11:03:35.0588 0x1654  Windows directory: C:\Windows
11:03:35.0588 0x1654  System windows directory: C:\Windows
11:03:35.0588 0x1654  Processor architecture: Intel x86
11:03:35.0588 0x1654  Number of processors: 2
11:03:35.0588 0x1654  Page size: 0x1000
11:03:35.0588 0x1654  Boot type: Normal boot
11:03:35.0588 0x1654  ============================================================
11:03:37.0398 0x1654  KLMD registered as C:\Windows\system32\drivers\11337092.sys
11:03:37.0536 0x1654  System UUID: {84357F83-6C66-3E9F-AC69-AB49E5E7B2B6}
11:03:38.0078 0x1654  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 ( 232.83 Gb ), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:38.0081 0x1654  Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 ( 7.46 Gb ), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:03:38.0082 0x1654  ============================================================
11:03:38.0082 0x1654  \Device\Harddisk0\DR0:
11:03:38.0082 0x1654  MBR partitions:
11:03:38.0082 0x1654  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
11:03:38.0082 0x1654  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x1BD90800
11:03:38.0082 0x1654  \Device\Harddisk1\DR1:
11:03:38.0082 0x1654  MBR partitions:
11:03:38.0082 0x1654  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEEB800
11:03:38.0082 0x1654  ============================================================
11:03:38.0120 0x1654  C: <-> \Device\Harddisk0\DR0\Partition2
11:03:38.0185 0x1654  D: <-> \Device\Harddisk0\DR0\Partition1
11:03:38.0186 0x1654  ============================================================
11:03:38.0186 0x1654  Initialize success
11:03:38.0186 0x1654  ============================================================
11:03:47.0408 0x167c  ============================================================
11:03:47.0408 0x167c  Scan started
11:03:47.0408 0x167c  Mode: Manual;
11:03:47.0408 0x167c  ============================================================
11:03:47.0408 0x167c  KSN ping started
11:03:47.0435 0x167c  KSN ping finished: false
11:03:47.0947 0x167c  ================ Scan system memory ========================
11:03:47.0948 0x167c  System memory - ok
11:03:47.0948 0x167c  ================ Scan services =============================
11:03:48.0142 0x167c  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:03:48.0153 0x167c  ACPI - ok
11:03:48.0280 0x167c  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:03:48.0284 0x167c  AdobeARMservice - ok
11:03:48.0385 0x167c  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:03:48.0402 0x167c  AdobeFlashPlayerUpdateSvc - ok
11:03:48.0450 0x167c  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:03:48.0466 0x167c  adp94xx - ok
11:03:48.0497 0x167c  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:03:48.0508 0x167c  adpahci - ok
11:03:48.0531 0x167c  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:03:48.0536 0x167c  adpu160m - ok
11:03:48.0556 0x167c  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:03:48.0562 0x167c  adpu320 - ok
11:03:48.0593 0x167c  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:03:48.0595 0x167c  AeLookupSvc - ok
11:03:48.0623 0x167c  [ 330A1E4DF07C2E29949ED8631CD8828E, 139127405B2D635B0252FF8D7308D671546F20B051C93C50A9013E7AB9D54835 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
11:03:48.0626 0x167c  AERTFilters - ok
11:03:48.0677 0x167c  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
11:03:48.0687 0x167c  AFD - ok
11:03:48.0719 0x167c  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4, 2E89838BD068314F4BE59753486E5D666FE2A3DD0A616E00EED4E0F83DB87401 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:03:48.0721 0x167c  agp440 - ok
11:03:48.0736 0x167c  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:03:48.0740 0x167c  aic78xx - ok
11:03:48.0778 0x167c  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
11:03:48.0781 0x167c  ALG - ok
11:03:48.0797 0x167c  [ DC67A153FDB8105B25D05334B5E1D8E2, 95CD9ABE73EC1E5111F5D599FE16EB1B3A6A87B7FC54922254769032CD2BEF0E ] aliide          C:\Windows\system32\drivers\aliide.sys
11:03:48.0799 0x167c  aliide - ok
11:03:48.0813 0x167c  [ 848F27E5B27C1C253F6CEFDC1A5D8F21, 0FE955D82CE68A1FC5DCA33626179005B90803821005A370EB36352817433089 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:03:48.0816 0x167c  amdagp - ok
11:03:48.0835 0x167c  [ 835C4C3355088298A5EBD818FA31430F, 947E587F016AD3B2B4606334E03372F34D806ED1AFF4860E7EA2E289D70FB79E ] amdide          C:\Windows\system32\drivers\amdide.sys
11:03:48.0836 0x167c  amdide - ok
11:03:48.0857 0x167c  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:03:48.0860 0x167c  AmdK7 - ok
11:03:48.0879 0x167c  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:03:48.0882 0x167c  AmdK8 - ok
11:03:48.0940 0x167c  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
11:03:48.0942 0x167c  Appinfo - ok
11:03:49.0009 0x167c  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:03:49.0011 0x167c  Apple Mobile Device - ok
11:03:49.0054 0x167c  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
11:03:49.0058 0x167c  arc - ok
11:03:49.0085 0x167c  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:03:49.0088 0x167c  arcsas - ok
11:03:49.0255 0x167c  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:03:49.0258 0x167c  aspnet_state - ok
11:03:49.0291 0x167c  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:49.0293 0x167c  AsyncMac - ok
11:03:49.0320 0x167c  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
11:03:49.0322 0x167c  atapi - ok
11:03:49.0394 0x167c  [ 3CC3E7786FFD8AF358C40B9CE592F321, F936F52E8B86DB8CFACD97D9C6283CE591B1C63DBDD45545BCCFF9C16E49AC32 ] atashost        C:\Windows\system32\atashost.exe
11:03:49.0400 0x167c  atashost - ok
11:03:49.0442 0x167c  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:03:49.0455 0x167c  AudioEndpointBuilder - ok
11:03:49.0484 0x167c  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:03:49.0496 0x167c  Audiosrv - ok
11:03:49.0578 0x167c  [ 4B7DC49B8598EFB40B341D14866F2D68, DA2DF92FA7E5756E183B5DED095B5427215A2C4ED7218E54C23D87EBBD88855B ] AvgAMPS         C:\Program Files\AVG\Av\avgamps.exe
11:03:49.0612 0x167c  AvgAMPS - ok
11:03:49.0644 0x167c  [ 28ED163EBC48BF20F76B5A90032383A5, 3ADDEBD6CAADC923C8F5CF3206CBD6E4842EAFE3D0ACA39608E4A526BE1D8BF6 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
11:03:49.0652 0x167c  Avgdiskx - ok
11:03:49.0850 0x167c  [ FC65D4E2820FEB4E8C6AF1DB3F47A52E, AF11103251B7AA079B15CDF1638FB8CACE2E983E88F14CD1AAF192980767AE8C ] AVGIDSAgent     C:\Program Files\AVG\Av\avgidsagent.exe
11:03:49.0974 0x167c  AVGIDSAgent - ok
11:03:50.0013 0x167c  [ 9BBB2BD6B9334F5E96EB72140E245B96, 68833C2B077BE3FCDB9EA6F274F6DE074336DF6F97A3B734B891E87F1AA4D505 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:03:50.0021 0x167c  AVGIDSDriver - ok
11:03:50.0037 0x167c  [ 58D2DD279EF94567F3ADE0A183AA8E73, 3039A598B2EE9D0A1BD2C2B1004279470710A6B450D4800C9CE89B8D3AB21ED3 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
11:03:50.0042 0x167c  AVGIDSHX - ok
11:03:50.0057 0x167c  [ B2A20F53C393247935B921831151C107, 6F4366DF54D4FDAE61E47DB6F20A5ED2D99E1273743CE8ED1F62F6BEF49E51B6 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:03:50.0059 0x167c  AVGIDSShim - ok
11:03:50.0076 0x167c  [ 0279A6866096DDCF88E9774D4D026879, 9B561AA7450B73E88B21B122D48EDE36F2C4127469124B3E44C96962601C2740 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
11:03:50.0083 0x167c  Avgldx86 - ok
11:03:50.0108 0x167c  [ 671832356F02077F305F711FF8894BDA, DD0F193EF2F40DDEEABBEE13A4D669654AECF57B0C54CBF87FA8871536688C83 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
11:03:50.0114 0x167c  Avglogx - ok
11:03:50.0129 0x167c  [ 5A5297A835310226A044F3FE87E7F1A2, ED484E4B302596391C8D1DDCA1845BAE6E0643C93563FA87FB6FC4A9E2FC6295 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
11:03:50.0133 0x167c  Avgmfx86 - ok
11:03:50.0157 0x167c  [ 961DA8B7CE470D85D67262A3E3F45F63, 86987FAF0E69D819F7EBA30C2C11C4650AC5F6CC64977DE8E790D3D6F0639F74 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
11:03:50.0158 0x167c  Avgrkx86 - ok
11:03:50.0215 0x167c  [ E6FA261034C8F04B3E27A5BE116CD050, 0DF6643393691F6E6874D8336C457964777D7C9D298C6464C64DFCEEE24E39E7 ] avgsvc          C:\Program Files\AVG\Framework\Common\avgsvcx.exe
11:03:50.0233 0x167c  avgsvc - ok
11:03:50.0248 0x167c  [ 771EB18C15CC90C716F7A88777384BB6, 3689A1E1A356E9BB9813493D391ECE361D6FF6C5050A7C1A7B04733BA3D5C5E8 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
11:03:50.0255 0x167c  Avgtdix - ok
11:03:50.0301 0x167c  [ 29B8FDF5E026B2AC7E368BE8DC6A1423, 2921A307CB7A925FBC061E6867D3FF3B0E5A8A7606EED8F93298C035E6F81C2A ] avgwd           C:\Program Files\AVG\Av\avgwdsvcx.exe
11:03:50.0313 0x167c  avgwd - ok
11:03:50.0345 0x167c  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:03:50.0346 0x167c  Beep - ok
11:03:50.0378 0x167c  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
11:03:50.0395 0x167c  BFE - ok
11:03:50.0451 0x167c  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
11:03:50.0487 0x167c  BITS - ok
11:03:50.0549 0x167c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:03:50.0560 0x167c  Bonjour Service - ok
11:03:50.0627 0x167c  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:03:50.0629 0x167c  bowser - ok
11:03:50.0660 0x167c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:03:50.0661 0x167c  BrFiltLo - ok
11:03:50.0677 0x167c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:03:50.0678 0x167c  BrFiltUp - ok
11:03:50.0709 0x167c  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
11:03:50.0712 0x167c  Browser - ok
11:03:50.0731 0x167c  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:03:50.0735 0x167c  Brserid - ok
11:03:50.0773 0x167c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:03:50.0776 0x167c  BrSerWdm - ok
11:03:50.0816 0x167c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:03:50.0817 0x167c  BrUsbMdm - ok
11:03:50.0877 0x167c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:03:50.0879 0x167c  BrUsbSer - ok
11:03:50.0893 0x167c  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:03:50.0895 0x167c  BTHMODEM - ok
11:03:51.0040 0x167c  catchme - ok
11:03:51.0075 0x167c  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:03:51.0078 0x167c  cdfs - ok
11:03:51.0107 0x167c  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:03:51.0110 0x167c  cdrom - ok
11:03:51.0141 0x167c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
11:03:51.0144 0x167c  CertPropSvc - ok
11:03:51.0181 0x167c  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:03:51.0184 0x167c  circlass - ok
11:03:51.0222 0x167c  [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS            C:\Windows\system32\CLFS.sys
11:03:51.0239 0x167c  CLFS - ok
11:03:51.0326 0x167c  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:51.0341 0x167c  clr_optimization_v2.0.50727_32 - ok
11:03:51.0401 0x167c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:03:51.0407 0x167c  clr_optimization_v4.0.30319_32 - ok
11:03:51.0416 0x167c  [ E79CBB2195E965F6E3256E2C1B23FD1C, 176819CEDE1BC16499B0E67EBDB46D7A627189D6B0DAF733B10FBE0DD3E030A2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:03:51.0418 0x167c  cmdide - ok
11:03:51.0433 0x167c  [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:03:51.0435 0x167c  Compbatt - ok
11:03:51.0444 0x167c  COMSysApp - ok
11:03:51.0463 0x167c  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:03:51.0465 0x167c  crcdisk - ok
11:03:51.0481 0x167c  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:03:51.0484 0x167c  Crusoe - ok
11:03:51.0561 0x167c  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:03:51.0567 0x167c  CryptSvc - ok
11:03:51.0633 0x167c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:03:51.0656 0x167c  DcomLaunch - ok
11:03:51.0729 0x167c  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:03:51.0732 0x167c  DfsC - ok
11:03:51.0853 0x167c  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
11:03:51.0962 0x167c  DFSR - ok
11:03:52.0004 0x167c  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:03:52.0013 0x167c  Dhcp - ok
11:03:52.0043 0x167c  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
11:03:52.0045 0x167c  disk - ok
11:03:52.0115 0x167c  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:03:52.0120 0x167c  Dnscache - ok
11:03:52.0154 0x167c  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
11:03:52.0162 0x167c  dot3svc - ok
11:03:52.0200 0x167c  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
11:03:52.0207 0x167c  Dot4 - ok
11:03:52.0236 0x167c  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:03:52.0238 0x167c  Dot4Print - ok
11:03:52.0268 0x167c  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
11:03:52.0271 0x167c  dot4usb - ok
11:03:52.0302 0x167c  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
11:03:52.0310 0x167c  DPS - ok
11:03:52.0331 0x167c  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:03:52.0332 0x167c  drmkaud - ok
11:03:52.0388 0x167c  [ 245F62A2AA67F4A61F10174BF1017327, 350CBA05B0AB399FB808F7285BB22D25732BB244478104605C362DD6BCC82610 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
11:03:52.0393 0x167c  DSBrokerService - ok
11:03:52.0411 0x167c  [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] DSproct         C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:03:52.0412 0x167c  DSproct - ok
11:03:52.0423 0x167c  [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] dsunidrv        C:\Windows\system32\DRIVERS\dsunidrv.sys
11:03:52.0424 0x167c  dsunidrv - ok
11:03:52.0518 0x167c  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:03:52.0551 0x167c  DXGKrnl - ok
11:03:52.0605 0x167c  [ 04944F4FC4F0477185F5D26AE0DDB90E, 2D67A90905871A26FA227AF0B31F7A0026E100E3253BF3B6791F593E56619F9E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
11:03:52.0622 0x167c  e1express - ok
11:03:52.0663 0x167c  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:03:52.0669 0x167c  E1G60 - ok
11:03:52.0714 0x167c  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
11:03:52.0718 0x167c  EapHost - ok
11:03:52.0782 0x167c  [ 9BAB89DBB27891DEEF6E1F1B589A6ED4, 61BE4A6394ED5C99CB84B720F6AA6B97C7FE71A7A04D822F6EE99AB084C55606 ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:03:52.0788 0x167c  Ecache - ok
11:03:52.0852 0x167c  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:03:52.0863 0x167c  ehRecvr - ok
11:03:52.0893 0x167c  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
11:03:52.0899 0x167c  ehSched - ok
11:03:52.0913 0x167c  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
11:03:52.0915 0x167c  ehstart - ok
11:03:52.0941 0x167c  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:03:52.0958 0x167c  elxstor - ok
11:03:53.0054 0x167c  [ E798C0BDFA4913CCF8A646D29BB34796, 7CDB2BCCDD8A8A70C6248C327A357EA3488C7ADED32D4F89B933ED72AE12B73B ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:03:53.0076 0x167c  EMDMgmt - ok
11:03:53.0131 0x167c  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
11:03:53.0145 0x167c  EventSystem - ok
11:03:53.0171 0x167c  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:03:53.0176 0x167c  exfat - ok
11:03:53.0210 0x167c  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:03:53.0213 0x167c  fastfat - ok
11:03:53.0236 0x167c  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:03:53.0237 0x167c  fdc - ok
11:03:53.0264 0x167c  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
11:03:53.0265 0x167c  fdPHost - ok
11:03:53.0290 0x167c  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:03:53.0291 0x167c  FDResPub - ok
11:03:53.0319 0x167c  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:03:53.0321 0x167c  FileInfo - ok
11:03:53.0349 0x167c  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:03:53.0350 0x167c  Filetrace - ok
11:03:53.0362 0x167c  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:03:53.0363 0x167c  flpydisk - ok
11:03:53.0400 0x167c  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:03:53.0404 0x167c  FltMgr - ok
11:03:53.0460 0x167c  [ 456E786A157692A7463B3739C9ADBBF5, 9AB00B5A7CF8CCCF4332E1901286D8832508471809D8BCE45FD75CCFF9CEAD8E ] FontCache       C:\Windows\system32\FntCache.dll
11:03:53.0477 0x167c  FontCache - ok
11:03:53.0539 0x167c  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:03:53.0541 0x167c  FontCache3.0.0.0 - ok
11:03:53.0567 0x167c  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:03:53.0568 0x167c  Fs_Rec - ok
11:03:53.0594 0x167c  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:03:53.0597 0x167c  gagp30kx - ok
11:03:53.0668 0x167c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:03:53.0670 0x167c  GEARAspiWDM - ok
11:03:53.0718 0x167c  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
11:03:53.0736 0x167c  gpsvc - ok
11:03:53.0904 0x167c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:03:53.0909 0x167c  gupdate - ok
11:03:53.0929 0x167c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:03:53.0935 0x167c  gupdatem - ok
11:03:54.0011 0x167c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:03:54.0027 0x167c  gusvc - ok
11:03:54.0091 0x167c  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:03:54.0123 0x167c  HDAudBus - ok
11:03:54.0160 0x167c  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:03:54.0162 0x167c  HidBth - ok
11:03:54.0180 0x167c  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:03:54.0182 0x167c  HidIr - ok
11:03:54.0218 0x167c  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
11:03:54.0221 0x167c  hidserv - ok
11:03:54.0248 0x167c  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:03:54.0249 0x167c  HidUsb - ok
11:03:54.0279 0x167c  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:03:54.0284 0x167c  hkmsvc - ok
11:03:54.0298 0x167c  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:03:54.0301 0x167c  HpCISSs - ok
11:03:54.0425 0x167c  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:03:54.0442 0x167c  hpqcxs08 - ok
11:03:54.0506 0x167c  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:03:54.0511 0x167c  hpqddsvc - ok
11:03:54.0600 0x167c  [ 568E44F6DCFA173F3670172B69379891, D619B908770E308BE3978DD619CA0ADC229685971FC99379AA5620BE5F7C5F1C ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:03:54.0634 0x167c  HPSLPSVC - ok
11:03:54.0682 0x167c  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:03:54.0697 0x167c  HTTP - ok
11:03:54.0731 0x167c  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:03:54.0734 0x167c  i2omp - ok
11:03:54.0764 0x167c  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:03:54.0767 0x167c  i8042prt - ok
11:03:54.0817 0x167c  [ 997E8F5939F2D12CD9F2E6B395724C16, C22F10BADE29DA6F7EB79D9F5D81D9FBEC17D4D4F8B25E0AF4E5CEAE28E8ABF6 ] iaStor          C:\Windows\system32\drivers\iastor.sys
11:03:54.0833 0x167c  iaStor - ok
11:03:54.0859 0x167c  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:03:54.0876 0x167c  iaStorV - ok
11:03:54.0940 0x167c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:03:54.0945 0x167c  IDriverT - ok
11:03:55.0053 0x167c  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:03:55.0103 0x167c  idsvc - ok
11:03:55.0227 0x167c  [ C134E69CE901422D1F2D7EA8D69098FE, 38D7AB6C85C0BCE34B8F52DDBD6F0371DF551003DF6BAE20A2AB1D1349128890 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:03:55.0327 0x167c  igfx - ok
11:03:55.0350 0x167c  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:03:55.0353 0x167c  iirsp - ok
11:03:55.0441 0x167c  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:03:55.0467 0x167c  IKEEXT - ok
11:03:55.0600 0x167c  [ F8F53C5449F15B23D4C61D51D2701DA8, BDAE41E3A5798FA11E979DAE84EB5F21D9C271196A757429ED1DACD732822CF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:03:55.0700 0x167c  IntcAzAudAddService - ok
11:03:55.0736 0x167c  [ 0084046C084D68E494F8CF36BCF08186, 1A40542A8E7ADE1944892F11DFA85307F342965A31D5697425E0BB86874D45F5 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
11:03:55.0737 0x167c  intelide - ok
11:03:55.0773 0x167c  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:03:55.0776 0x167c  intelppm - ok
11:03:55.0818 0x167c  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:03:55.0823 0x167c  IPBusEnum - ok
11:03:55.0858 0x167c  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:55.0860 0x167c  IpFilterDriver - ok
11:03:55.0891 0x167c  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:03:55.0897 0x167c  iphlpsvc - ok
11:03:55.0912 0x167c  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:03:55.0914 0x167c  IPMIDRV - ok
11:03:55.0946 0x167c  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:03:55.0950 0x167c  IPNAT - ok
11:03:56.0008 0x167c  [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:03:56.0034 0x167c  iPod Service - ok
11:03:56.0066 0x167c  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:03:56.0068 0x167c  IRENUM - ok
11:03:56.0079 0x167c  [ 2F8ECE2699E7E2070545E9B0960A8ED2, 40214A9220C6EC232C245939E4F40A9FF6D30497E180EDC809B87938A922E52D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:03:56.0081 0x167c  isapnp - ok
11:03:56.0113 0x167c  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:03:56.0118 0x167c  iScsiPrt - ok
11:03:56.0131 0x167c  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:03:56.0133 0x167c  iteatapi - ok
11:03:56.0144 0x167c  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:03:56.0145 0x167c  iteraid - ok
11:03:56.0171 0x167c  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:56.0172 0x167c  kbdclass - ok
11:03:56.0203 0x167c  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:03:56.0204 0x167c  kbdhid - ok
11:03:56.0273 0x167c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
11:03:56.0274 0x167c  KeyIso - ok
11:03:56.0346 0x167c  [ E9648A2E6691B3BF0D17697640B8F7EB, 6832F086C3AD0BBB57A5D3B1B3DE8EAFB9F8E63906A70A77770B421670D61F8C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:03:56.0359 0x167c  KSecDD - ok
11:03:56.0392 0x167c  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:03:56.0409 0x167c  KtmRm - ok
11:03:56.0469 0x167c  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:03:56.0474 0x167c  LanmanServer - ok
11:03:56.0505 0x167c  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:03:56.0511 0x167c  LanmanWorkstation - ok
11:03:56.0549 0x167c  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:03:56.0551 0x167c  lltdio - ok
11:03:56.0593 0x167c  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:03:56.0600 0x167c  lltdsvc - ok
11:03:56.0619 0x167c  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:03:56.0621 0x167c  lmhosts - ok
11:03:56.0654 0x167c  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:03:56.0657 0x167c  LSI_FC - ok
11:03:56.0674 0x167c  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:03:56.0677 0x167c  LSI_SAS - ok
11:03:56.0684 0x167c  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:03:56.0687 0x167c  LSI_SCSI - ok
11:03:56.0712 0x167c  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:03:56.0714 0x167c  luafv - ok
11:03:56.0730 0x167c  MBAMSwissArmy - ok
11:03:56.0763 0x167c  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:03:56.0772 0x167c  Mcx2Svc - ok
11:03:56.0823 0x167c  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:03:56.0839 0x167c  MDM - ok
11:03:56.0858 0x167c  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:03:56.0860 0x167c  megasas - ok
11:03:56.0951 0x167c  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:03:56.0981 0x167c  Microsoft Office Groove Audit Service - ok
11:03:57.0003 0x167c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
11:03:57.0006 0x167c  MMCSS - ok
11:03:57.0055 0x167c  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
11:03:57.0060 0x167c  Modem - ok
11:03:57.0090 0x167c  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:03:57.0092 0x167c  monitor - ok
11:03:57.0130 0x167c  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:03:57.0132 0x167c  mouclass - ok
11:03:57.0164 0x167c  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:03:57.0169 0x167c  mouhid - ok
11:03:57.0234 0x167c  [ 3EAE06B0D9E32A3D45DC3E07F1FBFA97, 0C56D92C5131D60AF2FCCF071976F2932A2C544C5EC4C2A5476E99CDE17FF08C ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:03:57.0237 0x167c  MountMgr - ok
11:03:57.0276 0x167c  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:03:57.0288 0x167c  mpio - ok
11:03:57.0318 0x167c  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:03:57.0322 0x167c  mpsdrv - ok
11:03:57.0400 0x167c  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:03:57.0416 0x167c  MpsSvc - ok
11:03:57.0452 0x167c  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:03:57.0454 0x167c  Mraid35x - ok
11:03:57.0536 0x167c  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:03:57.0541 0x167c  MRxDAV - ok
11:03:57.0623 0x167c  [ 1B864548B2ACEC1C0BB29B615CC42978, E1DA3E6764A2C7072D99F2F093E5F40DB6DC809701B59C155C6B4EE327AB9E41 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:57.0627 0x167c  mrxsmb - ok
11:03:57.0707 0x167c  [ 3F39B02EEDC5B8A0ED896EA1CDF7245F, 41C1DCD82F964A398B7C3D44178DBF7C8AF1C2DBC5F2D944BE6B00E909FE083B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:57.0715 0x167c  mrxsmb10 - ok
11:03:57.0755 0x167c  [ D0670EC8E5AD3FA5BE372BF70AC0EABF, BD2D1BA151FD5409EAA41ECCBEB863FE52FF7C2D92349961FEE736D66970748E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:57.0759 0x167c  mrxsmb20 - ok
11:03:57.0821 0x167c  [ D420BC42A637AC3CC4F411220549C0DC, D991D19030D29D03BAFA846C095F460F2F31D19793E5582239964F66A837C562 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:03:57.0841 0x167c  msahci - ok
11:03:57.0867 0x167c  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:03:57.0873 0x167c  msdsm - ok
11:03:57.0945 0x167c  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
11:03:57.0965 0x167c  MSDTC - ok
11:03:58.0013 0x167c  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:03:58.0015 0x167c  Msfs - ok
11:03:58.0061 0x167c  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:03:58.0063 0x167c  msisadrv - ok
11:03:58.0225 0x167c  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:03:58.0232 0x167c  MSiSCSI - ok
11:03:58.0247 0x167c  msiserver - ok
11:03:58.0282 0x167c  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:03:58.0283 0x167c  MSKSSRV - ok
11:03:58.0307 0x167c  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:03:58.0308 0x167c  MSPCLOCK - ok
11:03:58.0332 0x167c  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:03:58.0333 0x167c  MSPQM - ok
11:03:58.0356 0x167c  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:03:58.0359 0x167c  MsRPC - ok
11:03:58.0372 0x167c  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:03:58.0374 0x167c  mssmbios - ok
11:03:58.0390 0x167c  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:03:58.0393 0x167c  MSTEE - ok
11:03:58.0418 0x167c  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:03:58.0420 0x167c  Mup - ok
11:03:58.0454 0x167c  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
11:03:58.0465 0x167c  napagent - ok
11:03:58.0505 0x167c  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:03:58.0508 0x167c  NativeWifiP - ok
11:03:58.0587 0x167c  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:03:58.0608 0x167c  NDIS - ok
11:03:58.0640 0x167c  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:03:58.0642 0x167c  NdisTapi - ok
11:03:58.0682 0x167c  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:03:58.0683 0x167c  Ndisuio - ok
11:03:58.0708 0x167c  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:03:58.0712 0x167c  NdisWan - ok
11:03:58.0748 0x167c  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:03:58.0751 0x167c  NDProxy - ok
11:03:58.0820 0x167c  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:03:58.0822 0x167c  Net Driver HPZ12 - ok
11:03:58.0857 0x167c  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:03:58.0866 0x167c  NetBIOS - ok
11:03:58.0912 0x167c  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:03:58.0919 0x167c  netbt - ok
11:03:58.0945 0x167c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
11:03:58.0947 0x167c  Netlogon - ok
11:03:58.0994 0x167c  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
11:03:59.0003 0x167c  Netman - ok
11:03:59.0062 0x167c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:59.0069 0x167c  NetMsmqActivator - ok
11:03:59.0087 0x167c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:59.0093 0x167c  NetPipeActivator - ok
11:03:59.0157 0x167c  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
11:03:59.0171 0x167c  netprofm - ok
11:03:59.0275 0x167c  [ D56E76BCED8223D721CF5A8429A4730B, CF5FD00A1741EA33A8ADA41C29AEF9FE039D1EFD3182C73AC47BC1E34D89A296 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
11:03:59.0338 0x167c  netr28u - ok
11:03:59.0353 0x167c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:59.0360 0x167c  NetTcpActivator - ok
11:03:59.0372 0x167c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:03:59.0378 0x167c  NetTcpPortSharing - ok
11:03:59.0423 0x167c  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:03:59.0428 0x167c  nfrd960 - ok
11:03:59.0501 0x167c  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:03:59.0510 0x167c  NlaSvc - ok
11:03:59.0549 0x167c  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:03:59.0559 0x167c  Npfs - ok
11:03:59.0590 0x167c  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
11:03:59.0594 0x167c  nsi - ok
11:03:59.0628 0x167c  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:03:59.0634 0x167c  nsiproxy - ok
11:03:59.0751 0x167c  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:03:59.0811 0x167c  Ntfs - ok
11:03:59.0866 0x167c  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:03:59.0883 0x167c  ntrigdigi - ok
11:03:59.0912 0x167c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
11:03:59.0914 0x167c  Null - ok
11:03:59.0934 0x167c  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:03:59.0939 0x167c  nvraid - ok
11:03:59.0951 0x167c  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:03:59.0954 0x167c  nvstor - ok
11:03:59.0968 0x167c  [ 055081FD5076401C1EE1BCAB08D81911, E6621F2D24E7E2544AFD249660F2D1026B94698CA841E79B3F1199ACB2203995 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:03:59.0974 0x167c  nv_agp - ok
11:04:00.0054 0x167c  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:04:00.0079 0x167c  odserv - ok
11:04:00.0105 0x167c  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:04:00.0109 0x167c  ohci1394 - ok
11:04:00.0146 0x167c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:04:00.0153 0x167c  ose - ok
11:04:00.0223 0x167c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:04:00.0250 0x167c  p2pimsvc - ok
11:04:00.0327 0x167c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:04:00.0353 0x167c  p2psvc - ok
11:04:00.0397 0x167c  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
11:04:00.0405 0x167c  Parport - ok
11:04:00.0434 0x167c  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:04:00.0437 0x167c  partmgr - ok
11:04:00.0453 0x167c  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:04:00.0456 0x167c  Parvdm - ok
11:04:00.0485 0x167c  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:04:00.0489 0x167c  PcaSvc - ok
11:04:00.0524 0x167c  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
11:04:00.0533 0x167c  pci - ok
11:04:00.0543 0x167c  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
11:04:00.0545 0x167c  pciide - ok
11:04:00.0566 0x167c  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:04:00.0574 0x167c  pcmcia - ok
11:04:00.0629 0x167c  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:04:00.0661 0x167c  PEAUTH - ok
11:04:00.0779 0x167c  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
11:04:00.0853 0x167c  pla - ok
11:04:00.0886 0x167c  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:04:00.0893 0x167c  PlugPlay - ok
11:04:00.0964 0x167c  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:04:00.0966 0x167c  Pml Driver HPZ12 - ok
11:04:01.0002 0x167c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:04:01.0017 0x167c  PNRPAutoReg - ok
11:04:01.0085 0x167c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:04:01.0100 0x167c  PNRPsvc - ok
11:04:01.0139 0x167c  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:04:01.0156 0x167c  PolicyAgent - ok
11:04:01.0181 0x167c  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:04:01.0189 0x167c  PptpMiniport - ok
11:04:01.0212 0x167c  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
11:04:01.0214 0x167c  Processor - ok
11:04:01.0273 0x167c  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:04:01.0280 0x167c  ProfSvc - ok
11:04:01.0293 0x167c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
11:04:01.0295 0x167c  ProtectedStorage - ok
11:04:01.0330 0x167c  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:04:01.0333 0x167c  PSched - ok
11:04:01.0364 0x167c  [ 1962166E0CEB740704F30FA55AD3D509, 22C21907D7FDCA2CBBE1EC0479D83DDD4C4FCBC07C8791A2F62414EC5E85E488 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
11:04:01.0366 0x167c  PxHelp20 - ok
11:04:01.0434 0x167c  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:04:01.0469 0x167c  ql2300 - ok
11:04:01.0498 0x167c  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:04:01.0503 0x167c  ql40xx - ok
11:04:01.0536 0x167c  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
11:04:01.0546 0x167c  QWAVE - ok
11:04:01.0570 0x167c  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:04:01.0573 0x167c  QWAVEdrv - ok
11:04:01.0743 0x167c  [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
11:04:01.0851 0x167c  R300 - ok
11:04:01.0907 0x167c  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:04:01.0909 0x167c  RasAcd - ok
11:04:01.0944 0x167c  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
11:04:01.0951 0x167c  RasAuto - ok
11:04:01.0989 0x167c  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:04:01.0994 0x167c  Rasl2tp - ok
11:04:02.0058 0x167c  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
11:04:02.0071 0x167c  RasMan - ok
11:04:02.0114 0x167c  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:04:02.0117 0x167c  RasPppoe - ok
11:04:02.0148 0x167c  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:04:02.0153 0x167c  RasSstp - ok
11:04:02.0197 0x167c  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:04:02.0208 0x167c  rdbss - ok
11:04:02.0237 0x167c  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:04:02.0243 0x167c  RDPCDD - ok
11:04:02.0284 0x167c  [ 0245418224CFA77BF4B41C2FE0622258, 532A8ABB476A1723FDD25A12EA07C97F2588F24D0AE6F86C0105112A9AECCDB9 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:04:02.0301 0x167c  rdpdr - ok
11:04:02.0318 0x167c  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:04:02.0319 0x167c  RDPENCDD - ok
11:04:02.0392 0x167c  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:04:02.0401 0x167c  RDPWD - ok
11:04:02.0437 0x167c  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:04:02.0442 0x167c  RemoteAccess - ok
11:04:02.0489 0x167c  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:04:02.0496 0x167c  RemoteRegistry - ok
11:04:02.0534 0x167c  [ 4F4A4C09CC5BE58A76CAC1C337E004E6, 5DFFB1C60709A80DAC46BCBB9BA76408332A681EFA6ABB330CD74236109F4296 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
11:04:02.0538 0x167c  RimUsb - ok
11:04:02.0605 0x167c  [ 3A5633AD615E2B15291BD0B1B97CCD8A, 17E6FE788E8FBC6CB84B68F49FAFB4F63398EA97D89AACF677B338464B68E2AD ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
11:04:02.0608 0x167c  RimVSerPort - ok
11:04:02.0643 0x167c  [ 75E8A6BFA7374ABA833AE92BF41AE4E6, 5A4CF4CDEFFCC4892D01FF4A5918D91193AA44AA29469B52E83824E6BCC877A5 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
11:04:02.0645 0x167c  ROOTMODEM - ok
11:04:02.0686 0x167c  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
11:04:02.0688 0x167c  RpcLocator - ok
11:04:02.0747 0x167c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
11:04:02.0761 0x167c  RpcSs - ok
11:04:02.0793 0x167c  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:04:02.0795 0x167c  rspndr - ok
11:04:02.0806 0x167c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
11:04:02.0807 0x167c  SamSs - ok
11:04:02.0852 0x167c  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:04:02.0855 0x167c  sbp2port - ok
11:04:02.0895 0x167c  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:04:02.0898 0x167c  SCardSvr - ok
11:04:02.0981 0x167c  [ F79CC0F814748E15538BF4D808030739, 396E94A309AFB163791095A25950CB7D85EEC43B416E1E7F056F430E1B719F4D ] Schedule        C:\Windows\system32\schedsvc.dll
11:04:02.0995 0x167c  Schedule - ok
11:04:03.0023 0x167c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:04:03.0024 0x167c  SCPolicySvc - ok
11:04:03.0074 0x167c  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:04:03.0078 0x167c  SDRSVC - ok
11:04:03.0098 0x167c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:04:03.0115 0x167c  secdrv - ok
11:04:03.0140 0x167c  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
11:04:03.0143 0x167c  seclogon - ok
11:04:03.0152 0x167c  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
11:04:03.0157 0x167c  SENS - ok
11:04:03.0190 0x167c  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:04:03.0192 0x167c  Serenum - ok
11:04:03.0206 0x167c  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
11:04:03.0210 0x167c  Serial - ok
11:04:03.0231 0x167c  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:04:03.0234 0x167c  sermouse - ok
11:04:03.0270 0x167c  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:04:03.0274 0x167c  SessionEnv - ok
11:04:03.0286 0x167c  [ 51CF56AA8BCC241F134B420B8F850406, 41DA7438039C791C35BDA5BD255D2CCFA85E5250325FAE4D5A4182AD819E71F1 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:04:03.0287 0x167c  sffdisk - ok
11:04:03.0305 0x167c  [ 96DED8B20C734AC41641CE275250E55D, E88317D0B31A98917AD30AD9F8CF6B59C1141FFBF7A150D8675A29B95FF150F3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:04:03.0307 0x167c  sffp_mmc - ok
11:04:03.0316 0x167c  [ 8B08CAB1267B2C377883FC9E56981F90, 4444AC438E805129103FAA48F22D0D6893AC5BD8FCA2A6D4DA51EBD8C75B7529 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:04:03.0318 0x167c  sffp_sd - ok
11:04:03.0328 0x167c  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:04:03.0329 0x167c  sfloppy - ok
11:04:03.0375 0x167c  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:04:03.0384 0x167c  SharedAccess - ok
11:04:03.0488 0x167c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:04:03.0497 0x167c  ShellHWDetection - ok
11:04:03.0513 0x167c  [ 08072B2FB92477FC813271A84B3A8698, A97ABDEB5E37F7B50DD6168FAAD524BE82418FC7818BB667C10951408FB6EB70 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:04:03.0516 0x167c  sisagp - ok
11:04:03.0529 0x167c  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:04:03.0532 0x167c  SiSRaid2 - ok
11:04:03.0548 0x167c  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:04:03.0552 0x167c  SiSRaid4 - ok
11:04:03.0792 0x167c  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
11:04:03.0885 0x167c  slsvc - ok
11:04:03.0946 0x167c  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:04:03.0949 0x167c  SLUINotify - ok
11:04:04.0006 0x167c  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:04:04.0009 0x167c  Smb - ok
11:04:04.0060 0x167c  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:04:04.0062 0x167c  SNMPTRAP - ok
11:04:04.0130 0x167c  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:04:04.0131 0x167c  spldr - ok
11:04:04.0204 0x167c  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
11:04:04.0209 0x167c  Spooler - ok
11:04:04.0345 0x167c  sprtsvc_dellsupportcenter - ok
11:04:04.0482 0x167c  [ DC7E6FCD8C51AEF8FF3F2E23C786014A, 02852FC293359BA89155367FA7D3A69922EC2574E5B85C842517272768BE8808 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:04:04.0506 0x167c  srv - ok
11:04:04.0568 0x167c  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:04:04.0589 0x167c  srv2 - ok
11:04:04.0621 0x167c  [ 8AE0783E3EDCED90D4B2961887056A2B, D24168259988576B13EB2A4B2C11622A736174DDF11F6718D9A0DC9837F50EA5 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:04:04.0625 0x167c  srvnet - ok
11:04:04.0674 0x167c  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:04:04.0682 0x167c  SSDPSRV - ok
11:04:04.0716 0x167c  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:04:04.0723 0x167c  SstpSvc - ok
11:04:04.0749 0x167c  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
11:04:04.0751 0x167c  StillCam - ok
11:04:04.0800 0x167c  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
11:04:04.0820 0x167c  stisvc - ok
11:04:04.0846 0x167c  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:04:04.0874 0x167c  swenum - ok
11:04:04.0917 0x167c  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
11:04:04.0931 0x167c  swprv - ok
11:04:05.0002 0x167c  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:04:05.0005 0x167c  Symc8xx - ok
11:04:05.0037 0x167c  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:04:05.0058 0x167c  Sym_hi - ok
11:04:05.0083 0x167c  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:04:05.0086 0x167c  Sym_u3 - ok
11:04:05.0140 0x167c  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
11:04:05.0163 0x167c  SysMain - ok
11:04:05.0196 0x167c  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:04:05.0202 0x167c  TabletInputService - ok
11:04:05.0340 0x167c  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:04:05.0351 0x167c  TapiSrv - ok
11:04:05.0419 0x167c  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
11:04:05.0424 0x167c  TBS - ok
11:04:05.0554 0x167c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:04:05.0588 0x167c  Tcpip - ok
11:04:05.0662 0x167c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:04:05.0696 0x167c  Tcpip6 - ok
11:04:05.0724 0x167c  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:04:05.0726 0x167c  tcpipreg - ok
11:04:05.0759 0x167c  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:04:05.0769 0x167c  TDPIPE - ok
11:04:05.0793 0x167c  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:04:05.0796 0x167c  TDTCP - ok
11:04:05.0824 0x167c  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:04:05.0828 0x167c  tdx - ok
11:04:05.0855 0x167c  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:04:05.0859 0x167c  TermDD - ok
11:04:05.0908 0x167c  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
11:04:05.0927 0x167c  TermService - ok
11:04:05.0964 0x167c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
11:04:05.0976 0x167c  Themes - ok
11:04:05.0990 0x167c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:04:05.0994 0x167c  THREADORDER - ok
11:04:06.0040 0x167c  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
11:04:06.0048 0x167c  TrkWks - ok
11:04:06.0102 0x167c  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:04:06.0104 0x167c  TrustedInstaller - ok
11:04:06.0149 0x167c  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:06.0160 0x167c  tssecsrv - ok
11:04:06.0190 0x167c  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:04:06.0192 0x167c  tunmp - ok
11:04:06.0216 0x167c  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:04:06.0218 0x167c  tunnel - ok
11:04:06.0246 0x167c  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:04:06.0250 0x167c  uagp35 - ok
11:04:06.0280 0x167c  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:04:06.0297 0x167c  udfs - ok
11:04:06.0329 0x167c  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:04:06.0334 0x167c  UI0Detect - ok
11:04:06.0352 0x167c  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD, 9102CB4B5E8B858B61DE1508C6A00D75584741891899966258E510173DBF7BB9 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:04:06.0356 0x167c  uliagpkx - ok
11:04:06.0383 0x167c  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:04:06.0400 0x167c  uliahci - ok
11:04:06.0417 0x167c  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:04:06.0423 0x167c  UlSata - ok
11:04:06.0439 0x167c  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:04:06.0446 0x167c  ulsata2 - ok
11:04:06.0481 0x167c  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:04:06.0484 0x167c  umbus - ok
11:04:06.0522 0x167c  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
11:04:06.0535 0x167c  upnphost - ok
11:04:06.0616 0x167c  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
11:04:06.0619 0x167c  USBAAPL - ok
11:04:06.0662 0x167c  [ 5353218B3265E3B8190335059F697A11, 78722D3FBC6EE58D83BE944F60190454F285FFCFCC419874837C4FC1A04BD6C1 ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
11:04:06.0664 0x167c  usbbus - ok
11:04:06.0728 0x167c  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:04:06.0743 0x167c  usbccgp - ok
11:04:06.0772 0x167c  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:04:06.0776 0x167c  usbcir - ok
11:04:06.0834 0x167c  [ 7DD3EEFC62A1EF44E5F940FA651ED9ED, C337BB497A5438B16FB13EA3CD32A25309A30CA535567E370589A864EFD44F07 ] UsbDiag         C:\Windows\system32\DRIVERS\lgusbdiag.sys
11:04:06.0837 0x167c  UsbDiag - ok
11:04:06.0863 0x167c  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:04:06.0866 0x167c  usbehci - ok
11:04:06.0885 0x167c  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:04:06.0901 0x167c  usbhub - ok
11:04:06.0922 0x167c  [ 083031A78822ECCBD7510BCCD3E20D4C, 782ED3B00B4B37CD80889DE6C6C822005C02F0A711EE25E42B1052663AD26C10 ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
11:04:06.0925 0x167c  USBModem - ok
11:04:06.0937 0x167c  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:04:06.0940 0x167c  usbohci - ok
11:04:06.0970 0x167c  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:04:06.0986 0x167c  usbprint - ok
11:04:07.0050 0x167c  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:04:07.0063 0x167c  usbscan - ok
11:04:07.0083 0x167c  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:04:07.0087 0x167c  USBSTOR - ok
11:04:07.0114 0x167c  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:04:07.0116 0x167c  usbuhci - ok
11:04:07.0135 0x167c  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
11:04:07.0139 0x167c  UxSms - ok
11:04:07.0212 0x167c  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
11:04:07.0229 0x167c  vds - ok
11:04:07.0263 0x167c  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:04:07.0276 0x167c  vga - ok
11:04:07.0304 0x167c  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:04:07.0306 0x167c  VgaSave - ok
11:04:07.0326 0x167c  [ D5929A28BDFF4367A12CAF06AF901971, DE2A60A9EE1ABACEE6221E4AD5D4AA4CBA12FED448EB36CA3B7A9A5F09A8DC8C ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:04:07.0330 0x167c  viaagp - ok
11:04:07.0346 0x167c  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:04:07.0349 0x167c  ViaC7 - ok
11:04:07.0366 0x167c  [ F3B4762EB85A2AFF4999401F14C3262B, 462B3A61AE82307292C8C75041514789AD2D1E3CF31A8A35E39A19989FD394C3 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:04:07.0369 0x167c  viaide - ok
11:04:07.0382 0x167c  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:04:07.0385 0x167c  volmgr - ok
11:04:07.0435 0x167c  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:04:07.0446 0x167c  volmgrx - ok
11:04:07.0535 0x167c  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:04:07.0544 0x167c  volsnap - ok
11:04:07.0561 0x167c  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:04:07.0572 0x167c  vsmraid - ok
11:04:07.0650 0x167c  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
11:04:07.0695 0x167c  VSS - ok
11:04:07.0949 0x167c  [ 9C7303E6CE54EBAD89E6B9980E716993, 16791A2CEFB873A3712B238FF5A0D0EC288D83A9EB90669AD17DDA2D280C4DFD ] vToolbarUpdater40.1.8 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
11:04:08.0040 0x167c  vToolbarUpdater40.1.8 - ok
11:04:08.0087 0x167c  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
11:04:08.0095 0x167c  W32Time - ok
11:04:08.0137 0x167c  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:04:08.0138 0x167c  WacomPen - ok
11:04:08.0160 0x167c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
11:04:08.0163 0x167c  Wanarp - ok
11:04:08.0168 0x167c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:04:08.0170 0x167c  Wanarpv6 - ok
11:04:08.0191 0x167c  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:04:08.0201 0x167c  wcncsvc - ok
11:04:08.0241 0x167c  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:04:08.0244 0x167c  WcsPlugInService - ok
11:04:08.0263 0x167c  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
11:04:08.0274 0x167c  Wd - ok
11:04:08.0320 0x167c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:04:08.0331 0x167c  Wdf01000 - ok
11:04:08.0356 0x167c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:04:08.0360 0x167c  WdiServiceHost - ok
11:04:08.0366 0x167c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:04:08.0370 0x167c  WdiSystemHost - ok
11:04:08.0462 0x167c  [ BB77BAA3E7FD8F1A5D092A96D37B5A2D, 880C37347091224DFB7C442252FE4A29FD7002DA6A8BA994B8CEAABC5E535593 ] WebClient       C:\Windows\System32\webclnt.dll
11:04:08.0470 0x167c  WebClient - ok
11:04:08.0556 0x167c  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:04:08.0563 0x167c  Wecsvc - ok
11:04:08.0588 0x167c  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:04:08.0593 0x167c  wercplsupport - ok
11:04:08.0635 0x167c  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:04:08.0641 0x167c  WerSvc - ok
11:04:08.0718 0x167c  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:04:08.0726 0x167c  WinDefend - ok
11:04:08.0775 0x167c  [ 94E4312D546048BF31604A8B2AD13FC0, 2B9E31DF3A6392CFE585BBF6FFB292BA8F7E357D574A9DCE5C0DD23E14BFC3AD ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
11:04:08.0784 0x167c  WinDriver6 - ok
11:04:08.0789 0x167c  WinHttpAutoProxySvc - ok
11:04:08.0918 0x167c  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:04:08.0925 0x167c  Winmgmt - ok
11:04:09.0068 0x167c  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:04:09.0135 0x167c  WinRM - ok
11:04:09.0171 0x167c  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
11:04:09.0173 0x167c  WinUsb - ok
11:04:09.0216 0x167c  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:04:09.0228 0x167c  Wlansvc - ok
11:04:09.0256 0x167c  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:04:09.0257 0x167c  WmiAcpi - ok
11:04:09.0292 0x167c  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:04:09.0296 0x167c  wmiApSrv - ok
11:04:09.0384 0x167c  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:04:09.0403 0x167c  WMPNetworkSvc - ok
11:04:09.0435 0x167c  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:04:09.0440 0x167c  WPCSvc - ok
11:04:09.0471 0x167c  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:04:09.0475 0x167c  WPDBusEnum - ok
11:04:09.0547 0x167c  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
11:04:09.0549 0x167c  WpdUsb - ok
11:04:09.0696 0x167c  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:04:09.0718 0x167c  WPFFontCache_v0400 - ok
11:04:09.0744 0x167c  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:04:09.0746 0x167c  ws2ifsl - ok
11:04:09.0776 0x167c  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
11:04:09.0780 0x167c  wscsvc - ok
11:04:09.0789 0x167c  WSearch - ok
11:04:09.0926 0x167c  [ 170C82AAA1792C7834635F12298C3A0E, 75C68E6E3C330B5FAB321BA055BF80DFCF842267D8DE319540B35119EC7AA4B3 ] WtuSystemSupport C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
11:04:09.0984 0x167c  WtuSystemSupport - ok
11:04:10.0138 0x167c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:04:10.0237 0x167c  wuauserv - ok
11:04:10.0280 0x167c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:04:10.0284 0x167c  WudfPf - ok
11:04:10.0314 0x167c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:10.0322 0x167c  WUDFRd - ok
11:04:10.0356 0x167c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:04:10.0362 0x167c  wudfsvc - ok
11:04:10.0378 0x167c  ================ Scan global ===============================
11:04:10.0454 0x167c  [ 2F2DFC846D75D680B9018823A8B5EF07, DBC823CF0C659B6D7482CB080CD042EC6BBAEDB6297DB712CADA1BCEAA8A95C8 ] C:\Windows\system32\basesrv.dll
11:04:10.0536 0x167c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
11:04:10.0578 0x167c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
11:04:10.0663 0x167c  [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
11:04:10.0675 0x167c  [ Global ] - ok
11:04:10.0676 0x167c  ================ Scan MBR ==================================
11:04:10.0698 0x167c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:04:11.0010 0x167c  \Device\Harddisk0\DR0 - ok
11:04:11.0015 0x167c  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
11:04:11.0020 0x167c  \Device\Harddisk1\DR1 - ok
11:04:11.0020 0x167c  ================ Scan VBR ==================================
11:04:11.0025 0x167c  [ 63E8A133F12E5BD938495B531CFE7810 ] \Device\Harddisk0\DR0\Partition1
11:04:11.0099 0x167c  \Device\Harddisk0\DR0\Partition1 - ok
11:04:11.0103 0x167c  [ 34F286201E2DB4FD63BE23A71AE9D086 ] \Device\Harddisk0\DR0\Partition2
11:04:11.0164 0x167c  \Device\Harddisk0\DR0\Partition2 - ok
11:04:11.0168 0x167c  [ 2D7686F0BB8E0FCCD791524790DB4EDF ] \Device\Harddisk1\DR1\Partition1
11:04:11.0169 0x167c  \Device\Harddisk1\DR1\Partition1 - ok
11:04:11.0170 0x167c  ================ Scan generic autorun ======================
11:04:11.0233 0x167c  [ CD12A46AE81306C2F14B19A58E1058B0, 699573D9C5C109813EFDA73283F9274300888002239831073FB164F91640EF65 ] C:\Windows\system32\igfxpers.exe
11:04:11.0252 0x167c  Persistence - ok
11:04:11.0500 0x167c  [ B503285B5D1CAC5AE445D60C690DCFF9, FE62BEC9A594B1D7BFE597EF1F4713C038E7F4A6231A307D5FF3A70AF8BC01A1 ] C:\Windows\RtHDVCpl.exe
11:04:11.0695 0x167c  RtHDVCpl - ok
11:04:11.0803 0x167c  [ 714C602C1B8CEF17E25C753F1BACF78D, E0B0DC548CA9DA7F3D0EEE9EDACC9058D5C845E8B03B841434EB1E03683A9B73 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
11:04:11.0805 0x167c  AppleSyncNotifier - ok
11:04:11.0883 0x167c  [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime\QTTask.exe
11:04:11.0897 0x167c  QuickTime Task - ok
11:04:11.0938 0x167c  [ 9ABF687071C649609BF7E177062A9008, 30C87C7B7B35F02446DEC0FDB4D0E606DB4CC1FF1D3B19CE205300292CA3B52C ] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
11:04:11.0955 0x167c  ISUSPM Startup - ok
11:04:12.0064 0x167c  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
11:04:12.0067 0x167c  HP Software Update - ok
11:04:12.0215 0x167c  [ EDD15222718345DEF9F12336BA2405D1, 23267A37B7E58CEA5A30BB7B0E217BF4846B07E63FCEEF404FCA66C48A21FFC6 ] C:\Program Files\Ad Muncher\AdMunch.exe
11:04:12.0236 0x167c  Ad Muncher - ok
11:04:12.0312 0x167c  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
11:04:12.0315 0x167c  GrooveMonitor - ok
11:04:12.0405 0x167c  [ 8AFBBB9B03A6457D1B1D35DEC1D73BF5, 66801EAD01AFFA1E4C8220FD4CCE66503D2B8AD9323D2C1C38DC9A1A39742E29 ] C:\Program Files\AVG\Framework\Common\avguix.exe
11:04:12.0461 0x167c  AvgUi - ok
11:04:12.0806 0x167c  [ 0959C96E471602632DA7EEB71F79148A, 2797B465076E3406FCC64D293C3F5046103E60DE584D5EB95C8960BB974A1828 ] C:\Program Files\AVG\Av\avgui.exe
11:04:12.0896 0x167c  AVG_UI - ok
11:04:13.0032 0x167c  [ 19FB54046EE582DF3E9E34CC78F8E56E, A88ACF5F70E72B18AE8E5BA1D684730A06B17B8C99516C3D86CC2DAF884E1F6A ] C:\Program Files\AVG Web TuneUp\vprot.exe
11:04:13.0151 0x167c  vProt - ok
11:04:13.0221 0x167c  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
11:04:13.0229 0x167c  ehTray.exe - ok
11:04:13.0254 0x167c  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
11:04:13.0261 0x167c  WMPNSCFG - ok
11:04:13.0313 0x167c  AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files\AVG\Av\avgwsc.exe ( 16.4.0.7161 ), 0x40000 ( disabled : updated )
11:04:13.0333 0x167c  Win FW state via NFP2: enabled ( trusted )
11:04:13.0334 0x167c  ============================================================
11:04:13.0334 0x167c  Scan finished
11:04:13.0334 0x167c  ============================================================
11:04:13.0346 0x1684  Detected object count: 0
11:04:13.0346 0x1684  Actual detected object count: 0
11:04:30.0124 0x1578  Deinitialize success
 

 

FYI, while I was running the scans, I got a call from one of the people on the contact list of the person whose computer I'm working on and was told that she received spam emails. I have expanded the headers on all 3 emails and saved them to separate txt files. If you would like me to post them, let me know.

I'm thinking there may not be a fix for this since whatever is causing this has the contact list. So even if this person changes email address, the contacts will still be receiving spam containing the person's old email address.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users