Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Abandoned Tweet Counter Hijacked With Malicious Script

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Unable to get rid of Varpes.J!plock virus

Started by foid , Dec 12 2015 10:06 AM

  • This topic is locked This topic is locked
23 replies to this topic

#1 foid

foid

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 12 December 2015 - 10:06 AM

Hello and thank you in advance for your help. My laptop became infected with this virus yesterday, along with a few other viruses that auto-installed software. I have removed everything but the Varpes virus. I am running Microsoft Security Essentials and there is an error whenever I try to quarantine or remove the virus. "Error code 0x800704ec. This program is blocked by group policy." I also do not have internet access on the infected laptop, there is some problem with DNSapi.dll. I also attempted to install Malwarebytes and was unable to (don't remember the exact error). I was following a virus removal guide on reddit yesterday that got rid of everything except the Varpes virus. I won't be running anything more until I get feedback here. I will be checking this thread every hour today and will response as fast as possible. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015
Ran by Michele (administrator) on MININT-J80TFHB (12-12-2015 09:48:04)
Running from E:\
Loaded Profiles: Michele (Available Profiles: Michele)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [lxdxmon.exe] => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [lxdxamon] => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe [16040 2010-02-04] ()
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-27] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [MusicManager] => C:\Users\Michele\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [uTorrent] => C:\Users\Michele\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-01] (BitTorrent Inc.)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [288256 2015-12-11] ()
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [DellSystemDetect] => C:\Users\Michele\AppData\Local\Apps\2.0\472XDERH.MQO\TC4LEV2T.3X9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-07-12] (Dell)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk [2013-11-10]
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2014-11-27]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2014-08-09]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk [2013-09-11]
ShortcutTarget: RCA Detective.lnk -> C:\Users\Michele\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39B8EB7E-465D-4900-9CC5-471B8D52E374}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{39B8EB7E-465D-4900-9CC5-471B8D52E374}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll [2013-08-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2013-08-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP3779E1A3-9337-4414-BD22-069563C850BB&D=121115
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=55&CUI=&UM=8&UP=SP3779E1A3-9337-4414-BD22-069563C850BB&D=121115&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-09] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL [2013-08-27] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-08-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Michele\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Michele\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michele\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Michele\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Michele\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF user.js: detected! => C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\user.js [2015-12-11]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\searchplugins\trovi.xml [2015-12-11]
FF HKLM\...\Firefox\Extensions: [{0B168186-AFDC-4C76-8772-D58CAB62EA61}] - C:\Program Files\shopperz111220151001\Firefox\{0B168186-AFDC-4C76-8772-D58CAB62EA61}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{0B168186-AFDC-4C76-8772-D58CAB62EA61}] - C:\Program Files\shopperz111220151001\Firefox\{0B168186-AFDC-4C76-8772-D58CAB62EA61}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://swagbucks.com/?sfp=h&t=w&p=1&q=search","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=55&CUI=&UM=8&UP=SP3779E1A3-9337-4414-BD22-069563C850BB&D=121115&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Michele\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21]
CHR Extension: (Google Search) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Clear Cache) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2015-01-05]
CHR Extension: (Tampermonkey) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Auto Text Expander for Google Chrome™) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibninhmiggehlcdolcilmhacighjamp [2015-06-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"FindingDiscount" => service was unlocked. <===== ATTENTION
"RuntimeManager" => service was unlocked. <===== ATTENTION
 
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [330240 2015-09-27] () [File not signed]
S2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
S2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2009-10-16] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
S2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-22] (Pharos Systems International) [File not signed]
S2 rizyqibe; C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831\jnsp2AE4.tmp [307712 2015-12-11] () [File not signed]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
S2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [101888 2015-09-27] () [File not signed]
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 wampapache64; C:\Users\Michele\Documents\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; C:\Users\Michele\Documents\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 picozyko; C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831\knsf11A4.tmpfs [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [32896 2012-03-19] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-11] (Cherimoya Ltd)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36608 2013-02-06] (Atheros)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [59856 2014-05-06] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 09:47 - 2015-12-12 09:48 - 00000000 ____D C:\FRST
2015-12-11 20:17 - 2015-12-11 20:17 - 00000000 ____D C:\Users\Michele\My Backup Files
2015-12-11 19:52 - 2015-12-11 19:52 - 00032727 _____ C:\ComboFix.txt
2015-12-11 19:24 - 2015-12-11 19:24 - 00000000 ____D C:\Users\Michele\AppData\Local\VS Revo Group
2015-12-11 19:24 - 2015-12-11 19:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-12-11 19:24 - 2015-12-11 19:24 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-12-11 19:24 - 2015-12-11 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-12-11 19:24 - 2015-12-11 19:24 - 00000000 ____D C:\Program Files\VS Revo Group
2015-12-11 19:24 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-12-11 19:22 - 2015-12-11 19:24 - 00214030 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_19.22.49_log.txt
2015-12-11 19:00 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-11 19:00 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-11 19:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-11 19:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-11 19:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-11 19:00 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-11 19:00 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-11 19:00 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-11 18:59 - 2015-12-11 19:52 - 00000000 ____D C:\Qoobox
2015-12-11 18:58 - 2015-12-12 09:47 - 00356852 _____ C:\Windows\ntbtlog.txt
2015-12-11 18:58 - 2015-12-11 19:20 - 00000000 ____D C:\Windows\erdnt
2015-12-11 17:55 - 2015-12-11 17:55 - 00000000 ____D C:\Program Files\CCleaner
2015-12-11 16:42 - 2015-12-11 19:09 - 00000000 ____D C:\ProgramData\DataFile
2015-12-11 16:39 - 2015-12-11 16:39 - 00004800 _____ C:\Windows\SysWOW64\Hotbujgyb.ini
2015-12-11 16:39 - 2015-12-11 16:39 - 00003592 _____ C:\Windows\System32\Tasks\GoogleUp
2015-12-11 16:39 - 2015-12-11 16:39 - 00003584 _____ C:\Windows\System32\Tasks\import
2015-12-11 16:39 - 2015-12-11 16:39 - 00003582 _____ C:\Windows\System32\Tasks\impo
2015-12-11 16:39 - 2015-12-11 16:39 - 00003474 _____ C:\Windows\System32\Tasks\Googleuptodate
2015-12-11 16:39 - 2015-12-11 16:39 - 00003466 _____ C:\Windows\System32\Tasks\MyDailyBackup
2015-12-11 16:39 - 2015-12-11 16:39 - 00003462 _____ C:\Windows\System32\Tasks\win
2015-12-11 16:39 - 2015-12-11 16:39 - 00002512 _____ C:\Windows\SysWOW64\HotbujgybOff.ini
2015-12-11 16:39 - 2015-12-11 16:39 - 00002512 _____ C:\Windows\system32\HotbujgybOff.ini
2015-12-11 16:39 - 2015-12-11 16:39 - 00000000 ____D C:\Windows\system32\nigv
2015-12-11 16:39 - 2015-12-11 16:39 - 00000000 ____D C:\Users\Michele\AppData\Roaming\AidoTayf
2015-12-11 16:39 - 2015-12-11 16:39 - 00000000 ____D C:\Users\Michele\AppData\Local\Tempfolder
2015-12-11 16:39 - 2015-12-11 15:29 - 00375120 _____ C:\Windows\system32\Hotbujgyb64.dll
2015-12-11 16:39 - 2015-12-11 15:29 - 00289104 _____ C:\Windows\SysWOW64\Hotbujgyb.dll
2015-12-11 16:38 - 2015-12-11 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-11 16:38 - 2015-12-11 16:38 - 00003586 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-1982298361-2193398931-2922598473-1004
2015-12-11 16:38 - 2015-12-11 16:38 - 00003468 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-1982298361-2193398931-2922598473-1004
2015-12-11 16:38 - 2015-12-11 16:38 - 00003346 _____ C:\Windows\System32\Tasks\Pafviag
2015-12-11 16:38 - 2015-12-11 16:38 - 00000000 ____D C:\Users\Michele\AppData\LocalLow\Company
2015-12-11 16:38 - 2015-12-11 16:38 - 00000000 ____D C:\Users\Michele\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-11 16:38 - 2015-12-11 16:38 - 00000000 ____D C:\uninst
2015-12-11 16:37 - 2015-12-11 16:37 - 00003968 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-12-11 16:37 - 2015-12-11 16:37 - 00003716 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-12-11 16:37 - 2015-12-11 16:37 - 00003502 _____ C:\Windows\System32\Tasks\bvxvyxxvcy
2015-12-11 16:37 - 2015-12-11 16:37 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-12-11 16:17 - 2015-12-11 16:17 - 00003446 _____ C:\Windows\System32\Tasks\Ulsnainnud
2015-12-11 16:17 - 2015-12-11 16:17 - 00000000 ____D C:\ProgramData\Ulsnainnud
2015-12-11 11:05 - 2015-12-11 11:05 - 00003276 _____ C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Start
2015-12-11 11:05 - 2015-12-11 11:05 - 00000000 ____D C:\Users\Michele\Documents\ProfessionalCleaningSoftware
2015-12-11 11:05 - 2015-12-11 11:05 - 00000000 ____D C:\Users\Michele\AppData\Local\Professional_Cleaning_Sof
2015-12-11 11:00 - 2015-12-11 11:00 - 00003164 _____ C:\Windows\System32\Tasks\updateTask
2015-12-11 11:00 - 2015-12-11 11:00 - 00000296 _____ C:\task.vbs
2015-12-11 10:59 - 2015-12-11 16:40 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.10788
2015-12-11 10:58 - 2015-12-11 16:36 - 00004054 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-12-11 10:58 - 2015-12-11 10:58 - 00003384 _____ C:\Windows\System32\Tasks\DMQGHYEITAJENIAY
2015-12-11 10:58 - 2015-12-11 10:58 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-11 10:27 - 2015-12-11 10:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
2015-12-11 10:20 - 2015-12-11 10:20 - 00000000 ____D C:\Users\Michele\AppData\Local\4C4C4544-1449829247-5710-8059-C7C04F325831
2015-12-11 10:19 - 2015-12-11 15:31 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831
2015-12-11 10:19 - 2015-12-11 10:20 - 00000000 ____D C:\ProgramData\COMODO
2015-12-11 10:19 - 2015-12-11 10:19 - 00000000 ____D C:\ProgramData\Windows Discount
2015-12-11 10:19 - 2015-12-11 10:19 - 00000000 ____D C:\Program Files\COMODO
2015-12-11 10:19 - 2015-12-11 10:19 - 00000000 ____D C:\Program Files (x86)\Windows Discount
2015-12-11 10:19 - 2015-12-11 10:19 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-12-11 10:18 - 2015-12-11 10:19 - 00000000 ____D C:\Program Files (x86)\DownloaderOSU
2015-12-11 03:04 - 2015-12-11 16:38 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-09 08:55 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 08:55 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 08:55 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 08:55 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 08:55 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 08:55 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 08:55 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 08:55 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 08:55 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 08:55 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 08:55 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 08:55 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 08:55 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 08:55 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 08:55 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 08:55 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 08:55 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 08:55 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 08:55 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 08:55 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 08:55 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 08:55 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 08:55 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 08:55 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 08:55 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 08:55 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 08:55 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 08:55 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 08:55 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 08:55 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 08:55 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 08:55 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 08:55 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 08:55 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 08:55 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 08:55 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 08:55 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 08:55 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 08:55 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 08:55 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 08:55 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 08:55 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 08:55 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 08:55 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 08:55 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 08:55 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 08:55 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 08:55 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 08:55 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 08:55 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 08:55 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 08:55 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 08:55 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 08:55 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 08:55 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 08:55 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 08:55 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 08:55 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 08:55 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 08:55 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 08:55 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 08:55 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 08:55 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 08:55 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 08:55 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 08:55 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 08:55 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 08:55 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 08:55 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 08:55 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 08:55 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 08:55 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 08:55 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 08:55 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 08:55 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 08:55 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 08:55 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 17:10 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 17:10 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-11-29 08:59 - 2015-11-29 08:59 - 00942080 _____ C:\Users\Michele\Downloads\PrintMyCouponAnywhereInstaller.msi
2015-11-29 08:59 - 2015-11-29 08:59 - 00000000 ____D C:\Program Files (x86)\PrintMyCouponAnywhere
2015-11-29 08:38 - 2015-11-29 08:38 - 00000000 ____D C:\Program Files (x86)\Digital Coupon Printer
2015-11-29 08:37 - 2015-11-29 08:37 - 18640896 _____ C:\Users\Michele\Downloads\DigitalCouponPrinter-3.50.0.0.msi
2015-11-26 10:26 - 2015-12-11 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-24 20:29 - 2015-11-24 21:27 - 00015413 _____ C:\Users\Michele\Desktop\kai.xlsx
2015-11-24 12:46 - 2015-11-24 12:46 - 01090512 _____ (Unity Technologies ApS) C:\Users\Michele\Downloads\UnityWebPlayer.exe
2015-11-24 12:46 - 2015-11-24 12:46 - 00000000 ____D C:\Users\Michele\AppData\LocalLow\Unity
2015-11-24 12:46 - 2015-11-24 12:46 - 00000000 ____D C:\Users\Michele\AppData\Local\Unity
2015-11-14 20:41 - 2015-11-14 20:42 - 01732608 _____ C:\Users\Michele\Downloads\RevTraxPrintMyCoupon(1).msi
2015-11-14 11:02 - 2015-11-14 11:02 - 00230171 _____ C:\Users\Michele\Downloads\RegistrationForm14052982.pdf
2015-11-13 16:26 - 2015-11-13 16:26 - 00072081 _____ C:\Users\Michele\Downloads\Receipt.html
2015-11-13 11:18 - 2015-11-13 11:18 - 02166416 _____ (Valassis) C:\Users\Michele\Downloads\P@H_prod308-9R5kkWfR.exe
2015-11-13 11:18 - 2015-11-13 11:18 - 00000000 ____D C:\Program Files (x86)\Valassis
2015-11-12 10:09 - 2015-11-12 10:32 - 00000000 ____D C:\Users\Michele\Desktop\catsnov
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 09:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-12 09:42 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-12 09:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-11 20:18 - 2013-08-13 07:15 - 00000000 ____D C:\Temp
2015-12-11 20:17 - 2013-08-26 09:34 - 00000000 ____D C:\Users\Michele
2015-12-11 20:17 - 2013-08-13 07:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-11 20:16 - 2014-07-12 12:53 - 00000000 ____D C:\Users\Michele\AppData\Local\Apps\2.0
2015-12-11 20:07 - 2013-08-26 14:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 20:07 - 2013-08-26 14:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 20:02 - 2009-07-13 23:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 20:02 - 2009-07-13 23:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 19:58 - 2013-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-11 19:57 - 2013-11-23 11:52 - 00001714 _____ C:\Windows\Sandboxie.ini
2015-12-11 19:57 - 2013-08-13 07:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-12-11 19:57 - 2013-08-13 07:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-12-11 19:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 19:49 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-12-11 19:26 - 2014-08-20 17:44 - 00000000 ____D C:\Users\Michele\AppData\Local\ElevatedDiagnostics
2015-12-11 19:26 - 2014-07-25 19:54 - 00000000 ____D C:\Program Files (x86)\WOMic
2015-12-11 18:31 - 2013-08-26 15:44 - 00000000 ____D C:\Users\Michele\AppData\Local\Thunderbird
2015-12-11 18:30 - 2015-11-04 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-11 17:57 - 2013-08-26 14:44 - 00000000 ____D C:\Users\Michele\AppData\Roaming\uTorrent
2015-12-11 17:57 - 2012-02-27 12:09 - 00000000 ____D C:\Windows\Panther
2015-12-11 17:22 - 2015-05-05 09:17 - 00000000 ____D C:\Users\Michele\Desktop\Cats
2015-12-11 17:20 - 2013-08-28 12:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-11 17:14 - 2013-08-26 09:35 - 00001423 _____ C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-11 16:44 - 2012-02-27 10:19 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-12-11 16:40 - 2013-08-26 17:19 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004UA.job
2015-12-11 16:05 - 2009-07-13 23:45 - 00496928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 16:03 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-11 16:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-11 14:35 - 2013-08-28 11:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-11 12:29 - 2013-08-26 20:49 - 00000000 ____D C:\Windows\system32\MRT
2015-12-11 11:57 - 2014-07-04 19:38 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-11 11:51 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
2015-12-11 10:26 - 2013-08-26 09:35 - 00131296 _____ C:\Users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-11 10:25 - 2013-08-26 14:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-10 20:53 - 2014-09-12 06:42 - 00000000 ____D C:\Users\Michele\AppData\Roaming\.minecraft
2015-12-10 18:40 - 2013-08-26 17:19 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004Core.job
2015-12-09 20:41 - 2013-08-26 14:46 - 00000000 ____D C:\eclipse
2015-12-09 20:31 - 2013-08-28 12:09 - 00000000 ____D C:\Users\Michele\AppData\Local\Last.fm
2015-12-08 22:39 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-04 20:02 - 2013-08-26 14:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 20:02 - 2013-08-26 14:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 18:35 - 2013-08-26 17:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004UA
2015-12-03 18:35 - 2013-08-26 17:19 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004Core
2015-11-29 13:50 - 2013-08-26 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-24 10:13 - 2014-07-12 12:53 - 00000000 ____D C:\Users\Michele\AppData\Local\Deployment
2015-11-24 10:06 - 2014-05-14 14:28 - 00000000 __SHD C:\Users\Michele\AppData\Local\EmieUserList
2015-11-24 10:06 - 2014-05-14 14:28 - 00000000 __SHD C:\Users\Michele\AppData\Local\EmieSiteList
2015-11-23 19:10 - 2013-08-26 20:49 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-17 09:27 - 2015-04-14 12:26 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2015-07-01 09:54 - 2015-07-01 09:54 - 0893239 _____ () C:\Users\Michele\AppData\Local\a.zip
2015-02-04 21:21 - 2015-02-04 21:21 - 0015157 _____ () C:\Users\Michele\AppData\Local\algs4.ps1
2015-07-01 09:54 - 2015-07-01 09:54 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Michele\AppData\Local\BcsKtYcHW.dll
2015-06-06 14:53 - 2015-06-06 14:53 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-02-27 10:19] - [2015-12-11 16:44] - 0357888 ____A (Microsoft Corporation) 2B782846F64E4333945B719F4A8E4699
 
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
 
LastRegBack: 2015-12-11 13:17
 
==================== End of FRST.txt ============================

Attached Files


Edited by foid, 12 December 2015 - 10:13 AM.

BC AdBot (Login to Remove)

 

#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 12 December 2015 - 02:48 PM

Hello foid and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.


Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#3 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 12 December 2015 - 06:36 PM

Hi foid,
There are many problems in the system. :)
========================================

Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

====================================================================================

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Please uninstall the following applications:

uTorrent
Trovi
shopperz
swagbucks.com
CinePlus
Windows Discount
PCAPDownloader
Digital Coupon Printer
SpaceSondPro
Catalina Savings Printer
Consumer Input Update Helper
Coupon Printer for Windows
PrintMyCouponAnywhere
RevTraxPrintMyCoupon
Professional Cleaning Software
C:\Program Files (x86)\Professional Cleaning Software
C:\ProgramData\DataFile
C:\Program Files\shopperz
C:\Program Files (x86)\CinePlus-1.44V31.10
C:\Program Files (x86)\SpaceSondPro
C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831
C:\Program Files (x86)\Windows Discount
C:\Program Files (x86)\PCAPDownloader
C:\Program Files (x86)\PrintMyCouponAnywhere
C:\Program Files (x86)\Digital Coupon Printer

 

And PC restart now.

=============================================================================

ATTENTION: System Restore is disabled

if required:

How to Enable and Disable System Restore: https://support.microsoft.com/en-us/kb/264887

 

Create a System Restore Point

  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

===================================================================================
http=127.0.0.1:47574

Did you make this proxy settings? please you give me info
===================================================================================
 
SystemLook by jpshortstuff

  • Please download SystemLook to a USB from a clean computer and transfer it to the sick computer's desktop..<<==IMPORTANT

Download Mirror For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*dnsapi.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Thanks,

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#4 foid

foid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 12 December 2015 - 07:13 PM

Thank you very much for your advice and help so far. I had already removed almost all of those programs yesterday.

 

http=127.0.0.1:47574

Did you make this proxy settings? please you give me info
===================================================================================
 

 

I did not have anything to do with that as far as I know.

 

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:49 on 12/12/2015 by Michele
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*dnsapi.dll"
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0F1C591F-2A13-13AB-3F3D-B41E471F7F9D}-dnsapi.dll --a---- 270336 bytes [21:40 11/12/2015] [21:40 11/12/2015] D61D78B0A3E1AA347BD8BA43120F3EC4
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{84E0F3B0-6A33-E319-433C-D12A3DD3B214}-dnsapi.dll --a---- 357888 bytes [21:40 11/12/2015] [21:40 11/12/2015] 2D861DA151E7E9A8FFD05D67331432AC
C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{0F1C591F-2A13-13AB-3F3D-B41E471F7F9D}-dnsapi.dll --a---- 270336 bytes [21:40 11/12/2015] [21:40 11/12/2015] D61D78B0A3E1AA347BD8BA43120F3EC4
C:\Users\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{84E0F3B0-6A33-E319-433C-D12A3DD3B214}-dnsapi.dll --a---- 357888 bytes [21:40 11/12/2015] [21:40 11/12/2015] 2D861DA151E7E9A8FFD05D67331432AC
C:\Windows\System32\dnsapi.dll --a---- 357888 bytes [15:19 27/02/2012] [21:44 11/12/2015] 2B782846F64E4333945B719F4A8E4699
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll --a---- 357888 bytes [03:24 21/11/2010] [03:24 21/11/2010] A52B6CC24063CC83C78C0E6F24DEEC01
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll --a---- 357888 bytes [15:19 27/02/2012] [06:24 03/03/2011] 492D07D79E7024CA310867B526D9636D
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll --a---- 357888 bytes [15:19 27/02/2012] [06:12 03/03/2011] DCC0888655823103F19EF8FFD330080D
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll --a---- 270336 bytes [03:24 21/11/2010] [03:24 21/11/2010] 59DF156711A76BCB993253EC6C9BBF41
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll --a---- 270336 bytes [15:19 27/02/2012] [05:38 03/03/2011] B40420876B9288E0A1C8CCA8A84E5DC9
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll --a---- 270336 bytes [15:19 27/02/2012] [05:12 03/03/2011] 1F79F611109C2B97260B68FD6B4FC7DD
 
-= EOF =-

Edited by foid, 12 December 2015 - 07:16 PM.

#5 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 12 December 2015 - 07:50 PM

İmportant: Be sure to temporarily disable all antivirus/anti-spyware softwares

 

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
start
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#6 foid

foid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 12 December 2015 - 07:57 PM

 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015
Ran by Michele (2015-12-12 19:55:41) Run:1
Running from E:\
Loaded Profiles: Michele (Available Profiles: Michele)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
EmptyTemp:
end
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
 
=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
 
 
 
 
Windows Resource Protection found corrupt files and successfully repaired 
 
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For 
 
example C:\Windows\Logs\CBS\CBS.log
 
 
 
The system file repair changes will take effect after the next reboot.
 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 
 
 
There is a system repair pending which requires reboot to complete.  Restart 
 
Windows and run sfc again.
 
 
========= End of CMD: =========
 
EmptyTemp: => 131.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:56:25 ====

#7 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 13 December 2015 - 01:10 PM

Hi foid,

Please do the following,

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   11.88KB   2 downloads  and save it in the same directory as FRST.

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 6:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#8 foid

foid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 13 December 2015 - 04:22 PM

====================================================================================

FRST

====================================================================================



Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015
Ran by Michele (2015-12-13 15:12:44) Run:3
Running from E:\
Loaded Profiles: Michele (Available Profiles: Michele)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [288256 2015-12-11] ()
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF ProfilePath: C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP3779E1A3-9337-4414-BD22-069563C850BB&D=121115
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=55&CUI=&UM=8&UP=SP3779E1A3-9337-4414-BD22-069563C850BB&
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Michele\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-1982298361-2193398931-2922598473-1004: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Michele\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF user.js: detected! => C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\user.js [2015-12-11]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\searchplugins\trovi.xml [2015-12-11]
FF HKLM\...\Firefox\Extensions: [{0B168186-AFDC-4C76-8772-D58CAB62EA61}] - C:\Program Files\shopperz111220151001\Firefox\{0B168186-AFDC-4C76-8772-D58CAB62EA61}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{0B168186-AFDC-4C76-8772-D58CAB62EA61}] - C:\Program Files\shopperz111220151001\Firefox\{0B168186-AFDC-4C76-8772-D58CAB62EA61}.xpi => not found
CHR StartupUrls: Default -> "hxxp://swagbucks.com/?sfp=h&t=w&p=1&q=search","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=55&CUI=&UM=8&UP=SP3779E1A3-9337-4414-BD22-069563C850BB&D=121115&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Michele\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
"FindingDiscount" => service was unlocked. <===== ATTENTION
"RuntimeManager" => service was unlocked. <===== ATTENTION
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S2 rizyqibe; C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831\jnsp2AE4.tmp [307712 2015-12-11] () [File not signed]
S2 picozyko; C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831\knsf11A4.tmpfs 
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-11] (Cherimoya Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
2015-12-11 16:39 - 2015-12-11 16:39 - 00003584 _____ C:\Windows\System32\Tasks\import
2015-12-11 16:39 - 2015-12-11 16:39 - 00003582 _____ C:\Windows\System32\Tasks\impo
2015-12-11 16:39 - 2015-12-11 16:39 - 00003582 _____ C:\Windows\System32\Tasks\impo
2015-12-11 16:39 - 2015-12-11 16:39 - 00003474 _____ C:\Windows\System32\Tasks\Googleuptodate
2015-12-11 16:39 - 2015-12-11 16:39 - 00003466 _____ C:\Windows\System32\Tasks\MyDailyBackup
2015-12-11 16:39 - 2015-12-11 16:39 - 00003462 _____ C:\Windows\System32\Tasks\win
Task: {8E5D266B-70F0-42AE-8A37-A4A425FB0E8D} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
C:\Windows\System32\Tasks\Pafviag
2015-12-11 16:38 - 2015-12-11 16:38 - 00000000 ____D C:\Users\Michele\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
C:\Windows\System32\Tasks\bvxvyxxvcy
2015-12-11 11:05 - 2015-12-11 11:05 - 00003276 _____ C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Start
2015-12-11 11:05 - 2015-12-11 11:05 - 00000000 ____D C:\Users\Michele\Documents\ProfessionalCleaningSoftware
2015-12-11 11:05 - 2015-12-11 11:05 - 00000000 ____D C:\Users\Michele\AppData\Local\Professional_Cleaning_Sof
C:\Windows\System32\Tasks\updateTask
2015-12-11 10:59 - 2015-12-11 16:40 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.10788
2015-12-11 10:58 - 2015-12-11 16:36 - 00004054 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-12-11 10:58 - 2015-12-11 10:58 - 00003384 _____ C:\Windows\System32\Tasks\DMQGHYEITAJENIAY
2015-12-11 10:58 - 2015-12-11 10:58 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-11 10:20 - 2015-12-11 10:20 - 00000000 ____D C:\Users\Michele\AppData\Local\4C4C4544-1449829247-5710-8059-C7C04F325831
2015-12-11 10:19 - 2015-12-11 15:31 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831
C:\ProgramData\COMODO
D C:\Program Files\COMODO
C:\Program Files (x86)\Windows Discount
C:\Program Files (x86)\PCAPDownloader
2015-12-11 03:04 - 2015-12-11 16:38 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-11-29 08:59 - 2015-11-29 08:59 - 00942080 _____ C:\Users\Michele\Downloads\PrintMyCouponAnywhereInstaller.msi
2015-11-29 08:59 - 2015-11-29 08:59 - 00000000 ____D C:\Program Files (x86)\PrintMyCouponAnywhere
2015-11-29 08:38 - 2015-11-29 08:38 - 00000000 ____D C:\Program Files (x86)\Digital Coupon Printer
2015-11-29 08:37 - 2015-11-29 08:37 - 18640896 _____ C:\Users\Michele\Downloads\DigitalCouponPrinter-3.50.0.0.msi
C:\Users\Michele\Downloads\RevTraxPrintMyCoupon(1).msi
C:\Users\Michele\AppData\Roaming\uTorrent
C:\Users\Michele\AppData\Roaming\.minecraft
2015-11-24 10:06 - 2014-05-14 14:28 - 00000000 __SHD C:\Users\Michele\AppData\Local\EmieUserList
2015-11-24 10:06 - 2014-05-14 14:28 - 00000000 __SHD C:\Users\Michele\AppData\Local\EmieSiteList
C:\ProgramData\Ament.ini
C:\Users\Michele\AppData\Local\BcsKtYcHW.dll
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Task: {0684F840-49E4-4D3E-AE12-62C8FC471A26} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {0C203F1B-FA41-4618-8E2E-42AABCACFE05} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {22105B18-4E18-4EB6-816E-6991805F2F0A} - System32\Tasks\bvxvyxxvcy => C:\Users\Michele\AppData\Local\bvxvyxxvcy\bvxvyxxvcy.exe <==== ATTENTION
Task: {2DE1C55B-5DB9-4287-B09B-8BCE63A330EA} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {365F471D-A3AA-476F-AB2A-6F94F209150D} - System32\Tasks\DMQGHYEITAJENIAY => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {4FDE459E-6F7E-414F-B43C-B6FA2675B140} - System32\Tasks\impo => C:\Windows\system32\bs1.exe
Task: {5F676E50-9485-4E3A-866A-0B9A623DC5D8} - System32\Tasks\CIMT_S-1-5-21-1982298361-2193398931-2922598473-1004 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {6F3A4AC3-3027-40EB-87D1-F216BAB1BE1E} - System32\Tasks\updateTask => c:\task.vbs [2015-12-11] ()
Task: {73273F5F-63EA-46D1-B095-798D27A59DB2} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {8FA7C370-7B31-4309-B8B0-9F02204BF33C} - System32\Tasks\Pafviag => C:\PROGRA~1\SHOPPE~1\Iuiesuoy.bat
Task: {94631887-08CC-4D05-973B-38F5201A0DB3} - System32\Tasks\Ulsnainnud => C:\ProgramData\Ulsnainnud\1.0.7.1\ufifaeim.exe [2015-12-11] ()
Task: {A613174C-F598-4AA4-8976-F818AE772386} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Michele\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {CD80A6B0-62D8-4113-B4A4-6B8AB5A33CB2} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {DEA875F2-3B27-45E6-BE77-57DD5CCC5B6E} - System32\Tasks\CIMT_daily_S-1-5-21-1982298361-2193398931-2922598473-1004 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {F6177A4A-E265-47E0-B579-D6EB2190CB32} - System32\Tasks\ProfessionalCleaningSoftware_Start => C:\Program Files (x86)\Professional Cleaning Software\ProfessionalCleaningSoftware.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004Core.job => C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004UA.job => C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe
FirewallRules: [TCP Query User{1A449023-7508-425A-A83C-84CFA028231A}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{3B9D904E-D5FC-40C6-A902-AA5AB3A876A2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{B0DDC03C-8C20-4FF2-87D7-16D192BDF5D1}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{4DC91F13-5646-45D0-8867-FD19EE4FB51A}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget:
cmd: type C:\TDSSKiller.3.1.0.8_11.12.2015_19.22.49_log.txt
cmd: dir /a C:\uninst
cmd: dir /a C:\Windows\System32\Tasks\Ulsnainnud
ShortcutTarget:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:
Reboot:
 
 
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Digital Coupon Print Driver => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Http Listener => value removed successfully
HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Windi => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
FF ProfilePath: C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550 => FRST is scripted not to move this directory.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => key removed successfully
C:\Users\Michele\AppData\Roaming\CATALI~1\NPBCSK~1.DLL => moved successfully
"HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\Software\MozillaPlugins\revtrax.com/RevTraxPrintMyCoupon" => key removed successfully
C:\Users\Michele\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll => moved successfully
C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\user.js => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully
C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\searchplugins\trovi.xml => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{0B168186-AFDC-4C76-8772-D58CAB62EA61} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0B168186-AFDC-4C76-8772-D58CAB62EA61} => value removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => not found.
C:\Users\Michele\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
"HKU\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"FindingDiscount" => service was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
"RuntimeManager" => service was unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
CouponPrinterService => service removed successfully
rizyqibe => service removed successfully
picozyko => service removed successfully
cherimoya => Unable to stop service.
cherimoya => service removed successfully
catchme => service removed successfully
swsedrvr_vt_1_10_0_25 => service removed successfully
C:\Windows\System32\Tasks\import => moved successfully
C:\Windows\System32\Tasks\impo => moved successfully
"C:\Windows\System32\Tasks\impo" => not found.
C:\Windows\System32\Tasks\Googleuptodate => moved successfully
C:\Windows\System32\Tasks\MyDailyBackup => moved successfully
C:\Windows\System32\Tasks\win => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E5D266B-70F0-42AE-8A37-A4A425FB0E8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E5D266B-70F0-42AE-8A37-A4A425FB0E8D}" => key removed successfully
C:\Windows\System32\Tasks\Googleuptodate => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Googleuptodate" => key removed successfully
C:\Windows\System32\Tasks\Pafviag => moved successfully
C:\Users\Michele\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => moved successfully
C:\Windows\System32\Tasks\bvxvyxxvcy => moved successfully
C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Start => moved successfully
C:\Users\Michele\Documents\ProfessionalCleaningSoftware => moved successfully
C:\Users\Michele\AppData\Local\Professional_Cleaning_Sof => moved successfully
C:\Windows\System32\Tasks\updateTask => moved successfully
"C:\Program Files (x86)\SpaceSondPro_v53.10788" => not found.
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully
C:\Windows\System32\Tasks\DMQGHYEITAJENIAY => moved successfully
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully
C:\Users\Michele\AppData\Local\4C4C4544-1449829247-5710-8059-C7C04F325831 => moved successfully
C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831 => moved successfully
C:\ProgramData\COMODO => moved successfully
D C:\Program Files\COMODO => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Windows Discount => moved successfully
C:\Program Files (x86)\PCAPDownloader => moved successfully
C:\Windows\system32\Drivers\cherimoya.sys => moved successfully
C:\Users\Michele\Downloads\PrintMyCouponAnywhereInstaller.msi => moved successfully
C:\Program Files (x86)\PrintMyCouponAnywhere => moved successfully
C:\Program Files (x86)\Digital Coupon Printer => moved successfully
C:\Users\Michele\Downloads\DigitalCouponPrinter-3.50.0.0.msi => moved successfully
C:\Users\Michele\Downloads\RevTraxPrintMyCoupon(1).msi => moved successfully
C:\Users\Michele\AppData\Roaming\uTorrent => moved successfully
C:\Users\Michele\AppData\Roaming\.minecraft => moved successfully
C:\Users\Michele\AppData\Local\EmieUserList => moved successfully
C:\Users\Michele\AppData\Local\EmieSiteList => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\Michele\AppData\Local\BcsKtYcHW.dll => moved successfully
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION => Error: No automatic fix found for this entry.
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0684F840-49E4-4D3E-AE12-62C8FC471A26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0684F840-49E4-4D3E-AE12-62C8FC471A26}" => key removed successfully
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C203F1B-FA41-4618-8E2E-42AABCACFE05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C203F1B-FA41-4618-8E2E-42AABCACFE05}" => key removed successfully
C:\Windows\System32\Tasks\MyDailyBackup => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22105B18-4E18-4EB6-816E-6991805F2F0A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22105B18-4E18-4EB6-816E-6991805F2F0A}" => key removed successfully
C:\Windows\System32\Tasks\bvxvyxxvcy => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxxvcy" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DE1C55B-5DB9-4287-B09B-8BCE63A330EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DE1C55B-5DB9-4287-B09B-8BCE63A330EA}" => key removed successfully
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{365F471D-A3AA-476F-AB2A-6F94F209150D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{365F471D-A3AA-476F-AB2A-6F94F209150D}" => key removed successfully
C:\Windows\System32\Tasks\DMQGHYEITAJENIAY => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DMQGHYEITAJENIAY" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FDE459E-6F7E-414F-B43C-B6FA2675B140}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FDE459E-6F7E-414F-B43C-B6FA2675B140}" => key removed successfully
C:\Windows\System32\Tasks\impo => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F676E50-9485-4E3A-866A-0B9A623DC5D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F676E50-9485-4E3A-866A-0B9A623DC5D8}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_S-1-5-21-1982298361-2193398931-2922598473-1004 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-1982298361-2193398931-2922598473-1004" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F3A4AC3-3027-40EB-87D1-F216BAB1BE1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F3A4AC3-3027-40EB-87D1-F216BAB1BE1E}" => key removed successfully
C:\Windows\System32\Tasks\updateTask => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73273F5F-63EA-46D1-B095-798D27A59DB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73273F5F-63EA-46D1-B095-798D27A59DB2}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FA7C370-7B31-4309-B8B0-9F02204BF33C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FA7C370-7B31-4309-B8B0-9F02204BF33C}" => key removed successfully
C:\Windows\System32\Tasks\Pafviag => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pafviag" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{94631887-08CC-4D05-973B-38F5201A0DB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94631887-08CC-4D05-973B-38F5201A0DB3}" => key removed successfully
C:\Windows\System32\Tasks\Ulsnainnud => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ulsnainnud" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A613174C-F598-4AA4-8976-F818AE772386}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A613174C-F598-4AA4-8976-F818AE772386}" => key removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD80A6B0-62D8-4113-B4A4-6B8AB5A33CB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD80A6B0-62D8-4113-B4A4-6B8AB5A33CB2}" => key removed successfully
C:\Windows\System32\Tasks\import => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\import" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEA875F2-3B27-45E6-BE77-57DD5CCC5B6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA875F2-3B27-45E6-BE77-57DD5CCC5B6E}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-1982298361-2193398931-2922598473-1004 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-1982298361-2193398931-2922598473-1004" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6177A4A-E265-47E0-B579-D6EB2190CB32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6177A4A-E265-47E0-B579-D6EB2190CB32}" => key removed successfully
C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Start => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalCleaningSoftware_Start" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982298361-2193398931-2922598473-1004UA.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1A449023-7508-425A-A83C-84CFA028231A}C:\program files\java\jre1.8.0_40\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3B9D904E-D5FC-40C6-A902-AA5AB3A876A2}C:\program files\java\jre1.8.0_40\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B0DDC03C-8C20-4FF2-87D7-16D192BDF5D1}C:\program files\java\jre1.8.0_40\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4DC91F13-5646-45D0-8867-FD19EE4FB51A}C:\program files\java\jre1.8.0_40\bin\javaw.exe => value removed successfully
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk => not found.
ShortcutTarget: => Error: No automatic fix found for this entry.
 
=========  type C:\TDSSKiller.3.1.0.8_11.12.2015_19.22.49_log.txt =========
 
19:22:49.0437 0x05d0  TDSS rootkit removing tool 3.1.0.8 Dec  5 2015 01:19:03
19:22:52.0526 0x05d0  ============================================================
19:22:52.0526 0x05d0  Current date / time: 2015/12/11 19:22:52.0526
19:22:52.0526 0x05d0  SystemInfo:
19:22:52.0526 0x05d0  
19:22:52.0526 0x05d0  OS Version: 6.1.7601 ServicePack: 1.0
19:22:52.0526 0x05d0  Product type: Workstation
19:22:52.0526 0x05d0  ComputerName: MININT-J80TFHB
19:22:52.0526 0x05d0  UserName: Michele
19:22:52.0526 0x05d0  Windows directory: C:\Windows
19:22:52.0526 0x05d0  System windows directory: C:\Windows
19:22:52.0526 0x05d0  Running under WOW64
19:22:52.0526 0x05d0  Processor architecture: Intel x64
19:22:52.0526 0x05d0  Number of processors: 4
19:22:52.0526 0x05d0  Page size: 0x1000
19:22:52.0526 0x05d0  Boot type: Safe boot with network
19:22:52.0526 0x05d0  ============================================================
19:22:55.0427 0x05d0  KLMD registered as C:\Windows\system32\drivers\21061542.sys
19:22:55.0630 0x05d0  System UUID: {14ED8B2C-2255-2F21-C59A-2478A24522A6}
19:22:56.0129 0x05d0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:22:56.0145 0x05d0  Drive \Device\Harddisk1\DR1 - Size: 0x775F8000 ( 1.87 Gb ), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:22:56.0145 0x05d0  ============================================================
19:22:56.0145 0x05d0  \Device\Harddisk0\DR0:
19:22:56.0145 0x05d0  MBR partitions:
19:22:56.0145 0x05d0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x72BAD800
19:22:56.0145 0x05d0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72BAE000, BlocksNum 0x1B58000
19:22:56.0145 0x05d0  \Device\Harddisk1\DR1:
19:22:56.0145 0x05d0  MBR partitions:
19:22:56.0145 0x05d0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3E, BlocksNum 0x3BA6A6
19:22:56.0145 0x05d0  ============================================================
19:22:56.0176 0x05d0  C: <-> \Device\Harddisk0\DR0\Partition1
19:22:56.0176 0x05d0  ============================================================
19:22:56.0176 0x05d0  Initialize success
19:22:56.0176 0x05d0  ============================================================
19:23:02.0884 0x0590  ============================================================
19:23:02.0884 0x0590  Scan started
19:23:02.0884 0x0590  Mode: Manual; 
19:23:02.0884 0x0590  ============================================================
19:23:02.0884 0x0590  KSN ping started
19:23:02.0931 0x0590  KSN ping finished: false
19:23:03.0961 0x0590  ================ Scan system memory ========================
19:23:03.0961 0x0590  System memory - ok
19:23:03.0961 0x0590  ================ Scan services =============================
19:23:04.0101 0x0590  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:23:04.0117 0x0590  1394ohci - ok
19:23:04.0148 0x0590  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:23:04.0163 0x0590  ACPI - ok
19:23:04.0179 0x0590  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:23:04.0195 0x0590  AcpiPmi - ok
19:23:04.0304 0x0590  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:23:04.0319 0x0590  AdobeARMservice - ok
19:23:04.0366 0x0590  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:23:04.0382 0x0590  adp94xx - ok
19:23:04.0429 0x0590  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:23:04.0429 0x0590  adpahci - ok
19:23:04.0460 0x0590  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:23:04.0460 0x0590  adpu320 - ok
19:23:04.0507 0x0590  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:23:04.0507 0x0590  AeLookupSvc - ok
19:23:04.0585 0x0590  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:23:04.0585 0x0590  AERTFilters - ok
19:23:04.0647 0x0590  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
19:23:04.0663 0x0590  AFD - ok
19:23:04.0709 0x0590  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:23:04.0709 0x0590  agp440 - ok
19:23:04.0725 0x0590  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:23:04.0741 0x0590  ALG - ok
19:23:04.0772 0x0590  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:23:04.0772 0x0590  aliide - ok
19:23:04.0772 0x0590  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:23:04.0772 0x0590  amdide - ok
19:23:04.0803 0x0590  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:23:04.0803 0x0590  AmdK8 - ok
19:23:04.0819 0x0590  [ FFCB1F4FEAC8AB77887031F8AD0D7C06, 59C95E0B6560A0A5B90090152814A996CBDE11DD461328BDB3ECD4F8D6BFA8E5 ] amdkmpfd        C:\Windows\system32\drivers\amdkmpfd.sys
19:23:04.0819 0x0590  amdkmpfd - ok
19:23:04.0819 0x0590  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:23:04.0834 0x0590  AmdPPM - ok
19:23:04.0850 0x0590  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:23:04.0850 0x0590  amdsata - ok
19:23:04.0881 0x0590  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:23:04.0881 0x0590  amdsbs - ok
19:23:04.0897 0x0590  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:23:04.0897 0x0590  amdxata - ok
19:23:04.0943 0x0590  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
19:23:04.0943 0x0590  AppID - ok
19:23:04.0975 0x0590  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:23:04.0975 0x0590  AppIDSvc - ok
19:23:05.0006 0x0590  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
19:23:05.0006 0x0590  Appinfo - ok
19:23:05.0037 0x0590  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
19:23:05.0053 0x0590  arc - ok
19:23:05.0068 0x0590  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:23:05.0068 0x0590  arcsas - ok
19:23:05.0162 0x0590  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:23:05.0162 0x0590  aspnet_state - ok
19:23:05.0193 0x0590  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:05.0193 0x0590  AsyncMac - ok
19:23:05.0224 0x0590  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:23:05.0224 0x0590  atapi - ok
19:23:05.0271 0x0590  [ 8567AB744F51539C11BCFCB7D8FF6784, 17CEFACBE921D69A464E42E1AD3FAE0F8FBD18B86260316E020B6046B6BC3265 ] AthDfu          C:\Windows\System32\Drivers\AthDfu.sys
19:23:05.0271 0x0590  AthDfu - ok
19:23:05.0333 0x0590  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:23:05.0349 0x0590  AudioEndpointBuilder - ok
19:23:05.0380 0x0590  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:23:05.0396 0x0590  AudioSrv - ok
19:23:05.0427 0x0590  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:23:05.0427 0x0590  AxInstSV - ok
19:23:05.0489 0x0590  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:23:05.0521 0x0590  b06bdrv - ok
19:23:05.0567 0x0590  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:23:05.0567 0x0590  b57nd60a - ok
19:23:05.0599 0x0590  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:23:05.0614 0x0590  BDESVC - ok
19:23:05.0614 0x0590  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:23:05.0614 0x0590  Beep - ok
19:23:05.0661 0x0590  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:23:05.0692 0x0590  BFE - ok
19:23:05.0755 0x0590  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
19:23:05.0770 0x0590  BITS - ok
19:23:05.0786 0x0590  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:23:05.0801 0x0590  blbdrive - ok
19:23:05.0817 0x0590  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:23:05.0817 0x0590  bowser - ok
19:23:05.0848 0x0590  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:23:05.0848 0x0590  BrFiltLo - ok
19:23:05.0848 0x0590  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:23:05.0848 0x0590  BrFiltUp - ok
19:23:05.0864 0x0590  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:23:05.0864 0x0590  BridgeMP - ok
19:23:05.0895 0x0590  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:23:05.0895 0x0590  Browser - ok
19:23:05.0926 0x0590  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:23:05.0926 0x0590  Brserid - ok
19:23:05.0942 0x0590  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:23:05.0942 0x0590  BrSerWdm - ok
19:23:05.0942 0x0590  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:23:05.0942 0x0590  BrUsbMdm - ok
19:23:05.0942 0x0590  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:23:05.0942 0x0590  BrUsbSer - ok
19:23:05.0973 0x0590  [ 3FE1E64011BF4EA727AD0C8A26C303C2, E0161C2232DC4BB591427EE3A45F86A61C2ACE8CF1A9A81BC9BA7D3F737FF120 ] BTATH_BUS       C:\Windows\system32\drivers\btath_bus.sys
19:23:05.0973 0x0590  BTATH_BUS - ok
19:23:05.0989 0x0590  [ 6EFA8C93009E0BE0886C2422C7D20BC5, 55717C459893B533C9F21FAA997004001646F43629F4DA9D8464408E20575F02 ] BTATH_HCRP      C:\Windows\system32\drivers\btath_hcrp.sys
19:23:06.0004 0x0590  BTATH_HCRP - ok
19:23:06.0020 0x0590  [ 5DDA87869BBCEC62A866211CB7B5DE9E, 1378E7C2D261D1620D83190ED65D741137B71DA0CBB5CF62DA3AF8FEB0F54FD5 ] BTATH_RCP       C:\Windows\system32\drivers\btath_rcp.sys
19:23:06.0020 0x0590  BTATH_RCP - ok
19:23:06.0067 0x0590  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:23:06.0082 0x0590  BthEnum - ok
19:23:06.0098 0x0590  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:23:06.0113 0x0590  BTHMODEM - ok
19:23:06.0129 0x0590  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:23:06.0129 0x0590  BthPan - ok
19:23:06.0191 0x0590  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:23:06.0207 0x0590  BTHPORT - ok
19:23:06.0254 0x0590  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:23:06.0254 0x0590  bthserv - ok
19:23:06.0301 0x0590  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:23:06.0301 0x0590  BTHUSB - ok
19:23:06.0316 0x0590  catchme - ok
19:23:06.0363 0x0590  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:23:06.0363 0x0590  cdfs - ok
19:23:06.0379 0x0590  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:23:06.0394 0x0590  cdrom - ok
19:23:06.0425 0x0590  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:23:06.0425 0x0590  CertPropSvc - ok
19:23:06.0472 0x0590  [ 2FED22167820DA74DD6FFD68F375166B, DA5EDDA3860142746F468C018DAB086592F80629ADC405D1FCE9DF82F2471B6C ] cherimoya       C:\Windows\system32\drivers\cherimoya.sys
19:23:06.0472 0x0590  cherimoya - ok
19:23:06.0503 0x0590  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:23:06.0519 0x0590  circlass - ok
19:23:06.0550 0x0590  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
19:23:06.0566 0x0590  CLFS - ok
19:23:06.0644 0x0590  [ BB86F147B2A7152E4B4D71A2F0A87D41, AC2FA799E30BD4FB4B41B12DEECF926B9165B7A6718876B7017B35C453D5EF52 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
19:23:06.0659 0x0590  CLKMSVC10_9EC60124 - ok
19:23:06.0706 0x0590  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:06.0706 0x0590  clr_optimization_v2.0.50727_32 - ok
19:23:06.0753 0x0590  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:23:06.0753 0x0590  clr_optimization_v2.0.50727_64 - ok
19:23:06.0847 0x0590  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:06.0847 0x0590  clr_optimization_v4.0.30319_32 - ok
19:23:06.0878 0x0590  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:23:06.0878 0x0590  clr_optimization_v4.0.30319_64 - ok
19:23:06.0909 0x0590  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:06.0909 0x0590  CmBatt - ok
19:23:06.0925 0x0590  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:23:06.0925 0x0590  cmdide - ok
19:23:06.0956 0x0590  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:23:06.0971 0x0590  CNG - ok
19:23:07.0018 0x0590  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:23:07.0018 0x0590  Compbatt - ok
19:23:07.0018 0x0590  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:23:07.0018 0x0590  CompositeBus - ok
19:23:07.0034 0x0590  COMSysApp - ok
19:23:07.0112 0x0590  [ F49C902F71D91BD8A2497BF2F0838275, F0735B524AADE790F887A4272F4B8EF49FD3839CAEC51B3C438EAE743A7BE848 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe
19:23:07.0112 0x0590  CouponPrinterService - ok
19:23:07.0205 0x0590  [ 78AF1C499BF02F9814DF959A04A4F9C9, 9D569A57551C7ACE032C3ECC7BEB8C7606D6BAF58AC1660B4E9FBE907F47E274 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:23:07.0221 0x0590  cphs - ok
19:23:07.0283 0x0590  [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
19:23:07.0283 0x0590  cpudrv64 - ok
19:23:07.0299 0x0590  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:23:07.0299 0x0590  crcdisk - ok
19:23:07.0346 0x0590  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:23:07.0346 0x0590  CryptSvc - ok
19:23:07.0393 0x0590  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:23:07.0393 0x0590  CtClsFlt - ok
19:23:07.0439 0x0590  [ A193FAE9BF40D981C3094252B17DE601, 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
19:23:07.0439 0x0590  ctxusbm - ok
19:23:07.0486 0x0590  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:23:07.0502 0x0590  DcomLaunch - ok
19:23:07.0549 0x0590  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:23:07.0549 0x0590  defragsvc - ok
19:23:07.0580 0x0590  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:23:07.0580 0x0590  DfsC - ok
19:23:07.0627 0x0590  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:23:07.0627 0x0590  Dhcp - ok
19:23:07.0642 0x0590  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:23:07.0642 0x0590  discache - ok
19:23:07.0673 0x0590  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
19:23:07.0673 0x0590  Disk - ok
19:23:07.0705 0x0590  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:23:07.0705 0x0590  Dnscache - ok
19:23:07.0736 0x0590  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:23:07.0751 0x0590  dot3svc - ok
19:23:07.0767 0x0590  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:23:07.0767 0x0590  DPS - ok
19:23:07.0814 0x0590  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:23:07.0814 0x0590  drmkaud - ok
19:23:07.0861 0x0590  [ 0040A0132AAC1004E50055F8FBB14C08, A336CA41DA09AC749242852827C1F2FB645E8E81A707217C360C5E4ACD1760BA ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:23:07.0861 0x0590  dsNcAdpt - ok
19:23:07.0970 0x0590  [ E31A3D8CBABCA2C0756634F0DF121303, 0E00D944ADB7B38A479DA2461B57E8C3C272656DE199D606DEB7A85DB84E3C73 ] dsNcService     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
19:23:08.0001 0x0590  dsNcService - ok
19:23:08.0079 0x0590  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:23:08.0110 0x0590  DXGKrnl - ok
19:23:08.0141 0x0590  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:23:08.0141 0x0590  EapHost - ok
19:23:08.0266 0x0590  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:23:08.0375 0x0590  ebdrv - ok
19:23:08.0422 0x0590  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
19:23:08.0422 0x0590  EFS - ok
19:23:08.0500 0x0590  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:23:08.0531 0x0590  ehRecvr - ok
19:23:08.0563 0x0590  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:23:08.0563 0x0590  ehSched - ok
19:23:08.0609 0x0590  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:23:08.0641 0x0590  elxstor - ok
19:23:08.0656 0x0590  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:23:08.0656 0x0590  ErrDev - ok
19:23:08.0687 0x0590  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:23:08.0703 0x0590  EventSystem - ok
19:23:08.0719 0x0590  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:23:08.0734 0x0590  exfat - ok
19:23:08.0765 0x0590  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:23:08.0765 0x0590  fastfat - ok
19:23:08.0812 0x0590  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:23:08.0859 0x0590  Fax - ok
19:23:08.0875 0x0590  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
19:23:08.0875 0x0590  fdc - ok
19:23:08.0890 0x0590  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:23:08.0906 0x0590  fdPHost - ok
19:23:08.0921 0x0590  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:23:08.0921 0x0590  FDResPub - ok
19:23:08.0937 0x0590  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:23:08.0937 0x0590  FileInfo - ok
19:23:08.0953 0x0590  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:23:08.0953 0x0590  Filetrace - ok
19:23:08.0968 0x0590  Suspicious service (NoAccess): FindingDiscount
19:23:08.0999 0x0590  FindingDiscount - detected LockedService.Multi.Generic ( 1 )
19:23:09.0093 0x0590  FindingDiscount ( LockedService.Multi.Generic ) - warning
19:23:09.0124 0x0590  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:23:09.0124 0x0590  flpydisk - ok
19:23:09.0155 0x0590  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:23:09.0171 0x0590  FltMgr - ok
19:23:09.0233 0x0590  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
19:23:09.0280 0x0590  FontCache - ok
19:23:09.0327 0x0590  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:23:09.0343 0x0590  FontCache3.0.0.0 - ok
19:23:09.0358 0x0590  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:23:09.0358 0x0590  FsDepends - ok
19:23:09.0389 0x0590  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:23:09.0389 0x0590  Fs_Rec - ok
19:23:09.0436 0x0590  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:23:09.0436 0x0590  fvevol - ok
19:23:09.0452 0x0590  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:23:09.0467 0x0590  gagp30kx - ok
19:23:09.0483 0x0590  GEARAspiWDM - ok
19:23:09.0530 0x0590  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:23:09.0561 0x0590  gpsvc - ok
19:23:09.0623 0x0590  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:23:09.0623 0x0590  gupdate - ok
19:23:09.0639 0x0590  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:23:09.0639 0x0590  gupdatem - ok
19:23:09.0655 0x0590  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:23:09.0655 0x0590  hcw85cir - ok
19:23:09.0686 0x0590  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:23:09.0701 0x0590  HdAudAddService - ok
19:23:09.0717 0x0590  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:09.0717 0x0590  HDAudBus - ok
19:23:09.0733 0x0590  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:23:09.0733 0x0590  HidBatt - ok
19:23:09.0748 0x0590  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:23:09.0748 0x0590  HidBth - ok
19:23:09.0764 0x0590  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:23:09.0764 0x0590  HidIr - ok
19:23:09.0779 0x0590  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
19:23:09.0779 0x0590  hidserv - ok
19:23:09.0826 0x0590  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:23:09.0826 0x0590  HidUsb - ok
19:23:09.0842 0x0590  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:23:09.0842 0x0590  hkmsvc - ok
19:23:09.0857 0x0590  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:23:09.0873 0x0590  HomeGroupListener - ok
19:23:09.0889 0x0590  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:23:09.0904 0x0590  HomeGroupProvider - ok
19:23:09.0935 0x0590  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:23:09.0935 0x0590  HpSAMD - ok
19:23:09.0998 0x0590  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:23:10.0029 0x0590  HTTP - ok
19:23:10.0091 0x0590  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:23:10.0091 0x0590  hwpolicy - ok
19:23:10.0138 0x0590  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:10.0138 0x0590  i8042prt - ok
19:23:10.0201 0x0590  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044, 0486DDD6EC60A9695BC8D030158503E02BB0561EEA4B9F4A7FB19F89B3622C90 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
19:23:10.0216 0x0590  iaStorA - ok
19:23:10.0232 0x0590  [ 711241EA1BA9DB44F34D03D2AD00ED08, D23AA8D0495F2783E0395F0E1266A9781BED3FD0504712F9B9D30B88411514B5 ] iaStorF         C:\Windows\system32\drivers\iaStorF.sys
19:23:10.0232 0x0590  iaStorF - ok
19:23:10.0279 0x0590  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:23:10.0294 0x0590  iaStorV - ok
19:23:10.0357 0x0590  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:23:10.0388 0x0590  idsvc - ok
19:23:10.0419 0x0590  IEEtwCollectorService - ok
19:23:10.0622 0x0590  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:23:10.0793 0x0590  igfx - ok
19:23:10.0825 0x0590  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:23:10.0825 0x0590  iirsp - ok
19:23:10.0903 0x0590  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:23:10.0934 0x0590  IKEEXT - ok
19:23:11.0074 0x0590  [ 5C0BBE779BA3D6F84EB5AE3CB8793E11, EA729B622F30E847E2700787E6747A33769B405DD08D36175AACF42BE7A8600F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:23:11.0230 0x0590  IntcAzAudAddService - ok
19:23:11.0261 0x0590  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:23:11.0261 0x0590  IntcDAud - ok
19:23:11.0293 0x0590  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:23:11.0293 0x0590  intelide - ok
19:23:11.0324 0x0590  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:23:11.0324 0x0590  intelppm - ok
19:23:11.0355 0x0590  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:23:11.0355 0x0590  IPBusEnum - ok
19:23:11.0371 0x0590  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:11.0386 0x0590  IpFilterDriver - ok
19:23:11.0402 0x0590  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:23:11.0433 0x0590  iphlpsvc - ok
19:23:11.0449 0x0590  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:23:11.0449 0x0590  IPMIDRV - ok
19:23:11.0480 0x0590  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:23:11.0495 0x0590  IPNAT - ok
19:23:11.0511 0x0590  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:23:11.0511 0x0590  IRENUM - ok
19:23:11.0527 0x0590  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:23:11.0527 0x0590  isapnp - ok
19:23:11.0558 0x0590  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:23:11.0558 0x0590  iScsiPrt - ok
19:23:11.0589 0x0590  [ 75779002A6084C1A011E195E421A9C75, 03D84CE7E50EEA1DFB298F4CE3669F478920ECEB33513FE2DC16C8BF90DF3830 ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
19:23:11.0589 0x0590  iusb3hcs - ok
19:23:11.0620 0x0590  [ F390B641FE6115F536B8B78AA71B8814, 8F26FCEC9B1442224A8DEE3B6459F788DBCEDFB206846BFAA3B26E40B06E2D28 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:23:11.0620 0x0590  iusb3hub - ok
19:23:11.0683 0x0590  [ 653B86AA174FF7661D00EE1E524B234F, F4598336206097DD3C838F7315D87D989D8AB755F773ED613E984C2CC95D511B ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:23:11.0698 0x0590  iusb3xhc - ok
19:23:11.0776 0x0590  [ 41F25FC9FACEA5EDAA2D73736360AFCA, E6606554CB89C025CD476E7BA497715EF235795CF934ECD4EC3B6330BBD34E31 ] iWinTrusted     C:\Program Files (x86)\iWin Games\iWinTrusted.exe
19:23:11.0776 0x0590  iWinTrusted - ok
19:23:11.0807 0x0590  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:11.0807 0x0590  kbdclass - ok
19:23:11.0823 0x0590  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:23:11.0823 0x0590  kbdhid - ok
19:23:11.0854 0x0590  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
19:23:11.0854 0x0590  KeyIso - ok
19:23:11.0885 0x0590  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:23:11.0885 0x0590  KSecDD - ok
19:23:11.0917 0x0590  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:23:11.0917 0x0590  KSecPkg - ok
19:23:11.0932 0x0590  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:23:11.0932 0x0590  ksthunk - ok
19:23:11.0963 0x0590  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:23:11.0979 0x0590  KtmRm - ok
19:23:12.0010 0x0590  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:23:12.0010 0x0590  LanmanServer - ok
19:23:12.0057 0x0590  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:23:12.0057 0x0590  LanmanWorkstation - ok
19:23:12.0073 0x0590  [ B860021815B03C9DF661A197651C1412, 913BED33163E9DBFD72FFD02B11E408DBA5B707DA4CA3AE69ED99F494720A4CB ] lehidmini       C:\Windows\system32\drivers\leath_hid.sys
19:23:12.0073 0x0590  lehidmini - ok
19:23:12.0119 0x0590  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:23:12.0119 0x0590  lltdio - ok
19:23:12.0135 0x0590  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:23:12.0151 0x0590  lltdsvc - ok
19:23:12.0182 0x0590  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:23:12.0182 0x0590  lmhosts - ok
19:23:12.0229 0x0590  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:23:12.0229 0x0590  LSI_FC - ok
19:23:12.0244 0x0590  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:23:12.0244 0x0590  LSI_SAS - ok
19:23:12.0260 0x0590  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:23:12.0260 0x0590  LSI_SAS2 - ok
19:23:12.0307 0x0590  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:23:12.0307 0x0590  LSI_SCSI - ok
19:23:12.0338 0x0590  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:23:12.0338 0x0590  luafv - ok
19:23:12.0416 0x0590  [ 4208B958E35F0E596AA241EFB664636B, 16848BA9052A58D03B420E2E803605CDE59D99E01691CA0FEA92EFE43CB8F318 ] lxdxCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe
19:23:12.0416 0x0590  lxdxCATSCustConnectService - ok
19:23:12.0431 0x0590  lxdx_device - ok
19:23:12.0463 0x0590  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:23:12.0463 0x0590  Mcx2Svc - ok
19:23:12.0478 0x0590  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:23:12.0478 0x0590  megasas - ok
19:23:12.0509 0x0590  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:23:12.0509 0x0590  MegaSR - ok
19:23:12.0556 0x0590  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:23:12.0556 0x0590  MEIx64 - ok
19:23:12.0587 0x0590  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:23:12.0587 0x0590  MMCSS - ok
19:23:12.0603 0x0590  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:23:12.0603 0x0590  Modem - ok
19:23:12.0619 0x0590  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:23:12.0634 0x0590  monitor - ok
19:23:12.0634 0x0590  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:23:12.0634 0x0590  mouclass - ok
19:23:12.0665 0x0590  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:23:12.0665 0x0590  mouhid - ok
19:23:12.0681 0x0590  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:23:12.0697 0x0590  mountmgr - ok
19:23:12.0759 0x0590  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:23:12.0759 0x0590  MozillaMaintenance - ok
19:23:12.0821 0x0590  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:23:12.0837 0x0590  MpFilter - ok
19:23:12.0868 0x0590  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:23:12.0868 0x0590  mpio - ok
19:23:12.0884 0x0590  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:23:12.0884 0x0590  mpsdrv - ok
19:23:12.0931 0x0590  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:23:12.0962 0x0590  MpsSvc - ok
19:23:12.0993 0x0590  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:23:12.0993 0x0590  MRxDAV - ok
19:23:13.0040 0x0590  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:13.0040 0x0590  mrxsmb - ok
19:23:13.0055 0x0590  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:13.0071 0x0590  mrxsmb10 - ok
19:23:13.0087 0x0590  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:13.0087 0x0590  mrxsmb20 - ok
19:23:13.0118 0x0590  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:23:13.0118 0x0590  msahci - ok
19:23:13.0149 0x0590  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:23:13.0149 0x0590  msdsm - ok
19:23:13.0165 0x0590  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:23:13.0180 0x0590  MSDTC - ok
19:23:13.0196 0x0590  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:23:13.0196 0x0590  Msfs - ok
19:23:13.0211 0x0590  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:23:13.0211 0x0590  mshidkmdf - ok
19:23:13.0227 0x0590  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:23:13.0227 0x0590  msisadrv - ok
19:23:13.0274 0x0590  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:23:13.0274 0x0590  MSiSCSI - ok
19:23:13.0274 0x0590  msiserver - ok
19:23:13.0305 0x0590  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:23:13.0305 0x0590  MSKSSRV - ok
19:23:13.0383 0x0590  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:23:13.0383 0x0590  MsMpSvc - ok
19:23:13.0399 0x0590  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:13.0399 0x0590  MSPCLOCK - ok
19:23:13.0414 0x0590  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:23:13.0414 0x0590  MSPQM - ok
19:23:13.0445 0x0590  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:23:13.0445 0x0590  MsRPC - ok
19:23:13.0477 0x0590  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:23:13.0477 0x0590  mssmbios - ok
19:23:13.0492 0x0590  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:23:13.0492 0x0590  MSTEE - ok
19:23:13.0508 0x0590  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:23:13.0508 0x0590  MTConfig - ok
19:23:13.0523 0x0590  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:23:13.0523 0x0590  Mup - ok
19:23:13.0555 0x0590  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:23:13.0586 0x0590  napagent - ok
19:23:13.0617 0x0590  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:23:13.0633 0x0590  NativeWifiP - ok
19:23:13.0695 0x0590  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:23:13.0711 0x0590  NDIS - ok
19:23:13.0726 0x0590  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:23:13.0742 0x0590  NdisCap - ok
19:23:13.0757 0x0590  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:13.0757 0x0590  NdisTapi - ok
19:23:13.0773 0x0590  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:13.0773 0x0590  Ndisuio - ok
19:23:13.0789 0x0590  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:13.0789 0x0590  NdisWan - ok
19:23:13.0804 0x0590  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:23:13.0804 0x0590  NDProxy - ok
19:23:13.0835 0x0590  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:23:13.0835 0x0590  NetBIOS - ok
19:23:13.0867 0x0590  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:23:13.0867 0x0590  NetBT - ok
19:23:13.0882 0x0590  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
19:23:13.0882 0x0590  Netlogon - ok
19:23:13.0929 0x0590  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:23:13.0945 0x0590  Netman - ok
19:23:14.0007 0x0590  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:14.0007 0x0590  NetMsmqActivator - ok
19:23:14.0038 0x0590  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:14.0038 0x0590  NetPipeActivator - ok
19:23:14.0054 0x0590  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:23:14.0085 0x0590  netprofm - ok
19:23:14.0101 0x0590  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:14.0116 0x0590  NetTcpActivator - ok
19:23:14.0116 0x0590  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:14.0116 0x0590  NetTcpPortSharing - ok
19:23:14.0506 0x0590  [ 15DD4062534F0DA05FF6BCAA2E678CA8, 4A1FB99E61437CA0883B9BF107773140951CCA6A3DE0D30AB33A192E3F22FAED ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
19:23:14.0771 0x0590  NETwNs64 - ok
19:23:14.0818 0x0590  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:23:14.0818 0x0590  nfrd960 - ok
19:23:14.0865 0x0590  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:23:14.0865 0x0590  NisDrv - ok
19:23:14.0896 0x0590  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:23:14.0912 0x0590  NisSrv - ok
19:23:14.0927 0x0590  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:23:14.0943 0x0590  NlaSvc - ok
19:23:14.0959 0x0590  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:23:14.0959 0x0590  Npfs - ok
19:23:14.0990 0x0590  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:23:14.0990 0x0590  nsi - ok
19:23:14.0990 0x0590  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:23:14.0990 0x0590  nsiproxy - ok
19:23:15.0083 0x0590  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:23:15.0115 0x0590  Ntfs - ok
19:23:15.0130 0x0590  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:23:15.0130 0x0590  Null - ok
19:23:15.0146 0x0590  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
19:23:15.0146 0x0590  nusb3hub - ok
19:23:15.0177 0x0590  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
19:23:15.0177 0x0590  nusb3xhc - ok
19:23:15.0208 0x0590  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:23:15.0208 0x0590  nvraid - ok
19:23:15.0224 0x0590  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:23:15.0239 0x0590  nvstor - ok
19:23:15.0239 0x0590  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:23:15.0255 0x0590  nv_agp - ok
19:23:15.0380 0x0590  [ 5239571EC40C990C6FC4B03685D56777, DF252AF0ACB2E3792892E4589F06ECE09F4B6EECE7CCBBD0E438BBB8B7FB472C ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
19:23:15.0442 0x0590  OfficeSvc - ok
19:23:15.0458 0x0590  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:23:15.0458 0x0590  ohci1394 - ok
19:23:15.0520 0x0590  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:23:15.0520 0x0590  ose64 - ok
19:23:15.0723 0x0590  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:23:15.0895 0x0590  osppsvc - ok
19:23:15.0926 0x0590  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:23:15.0941 0x0590  p2pimsvc - ok
19:23:15.0988 0x0590  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:23:16.0004 0x0590  p2psvc - ok
19:23:16.0035 0x0590  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
19:23:16.0035 0x0590  Parport - ok
19:23:16.0066 0x0590  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:23:16.0066 0x0590  partmgr - ok
19:23:16.0113 0x0590  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:23:16.0113 0x0590  PcaSvc - ok
19:23:16.0144 0x0590  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:23:16.0144 0x0590  pci - ok
19:23:16.0175 0x0590  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:23:16.0175 0x0590  pciide - ok
19:23:16.0207 0x0590  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:23:16.0207 0x0590  pcmcia - ok
19:23:16.0222 0x0590  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:23:16.0222 0x0590  pcw - ok
19:23:16.0269 0x0590  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:23:16.0285 0x0590  PEAUTH - ok
19:23:16.0347 0x0590  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:23:16.0347 0x0590  PerfHost - ok
19:23:16.0409 0x0590  [ 41EAB79598B57AFF63CCE8DD5057D1DA, 5C90462DE28227A3CD4FF7548E6E43968B445C6E14A3211436573930FD0CEF7B ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
19:23:16.0409 0x0590  Pharos Systems ComTaskMaster - ok
19:23:16.0472 0x0590  [ B11DDFAF10E5798C309D83B4160BD5EC, 50E7ED97ED0DE32424B00559C7A1D6CFBEF338530011E42D677674E292091525 ] picozyko        C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831\knsf11A4.tmpfs
19:23:16.0487 0x0590  picozyko - ok
19:23:16.0550 0x0590  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:23:16.0659 0x0590  pla - ok
19:23:16.0690 0x0590  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:23:16.0706 0x0590  PlugPlay - ok
19:23:16.0721 0x0590  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:23:16.0721 0x0590  PNRPAutoReg - ok
19:23:16.0737 0x0590  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:23:16.0753 0x0590  PNRPsvc - ok
19:23:16.0799 0x0590  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:23:16.0815 0x0590  PolicyAgent - ok
19:23:16.0831 0x0590  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:23:16.0846 0x0590  Power - ok
19:23:16.0862 0x0590  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:23:16.0877 0x0590  PptpMiniport - ok
19:23:16.0893 0x0590  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
19:23:16.0893 0x0590  Processor - ok
19:23:16.0940 0x0590  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:23:16.0955 0x0590  ProfSvc - ok
19:23:16.0971 0x0590  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:23:16.0971 0x0590  ProtectedStorage - ok
19:23:17.0002 0x0590  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:23:17.0002 0x0590  Psched - ok
19:23:17.0033 0x0590  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:23:17.0049 0x0590  PxHlpa64 - ok
19:23:17.0111 0x0590  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:23:17.0158 0x0590  ql2300 - ok
19:23:17.0189 0x0590  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:23:17.0189 0x0590  ql40xx - ok
19:23:17.0221 0x0590  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:23:17.0236 0x0590  QWAVE - ok
19:23:17.0252 0x0590  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:23:17.0252 0x0590  QWAVEdrv - ok
19:23:17.0267 0x0590  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:23:17.0267 0x0590  RasAcd - ok
19:23:17.0283 0x0590  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:23:17.0283 0x0590  RasAgileVpn - ok
19:23:17.0299 0x0590  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:23:17.0314 0x0590  RasAuto - ok
19:23:17.0330 0x0590  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:17.0330 0x0590  Rasl2tp - ok
19:23:17.0345 0x0590  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:23:17.0361 0x0590  RasMan - ok
19:23:17.0377 0x0590  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:17.0377 0x0590  RasPppoe - ok
19:23:17.0392 0x0590  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:23:17.0392 0x0590  RasSstp - ok
19:23:17.0423 0x0590  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:23:17.0423 0x0590  rdbss - ok
19:23:17.0439 0x0590  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:23:17.0439 0x0590  rdpbus - ok
19:23:17.0470 0x0590  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:17.0470 0x0590  RDPCDD - ok
19:23:17.0486 0x0590  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:23:17.0486 0x0590  RDPENCDD - ok
19:23:17.0501 0x0590  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:23:17.0501 0x0590  RDPREFMP - ok
19:23:17.0533 0x0590  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:23:17.0548 0x0590  RDPWD - ok
19:23:17.0579 0x0590  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:23:17.0579 0x0590  rdyboost - ok
19:23:17.0611 0x0590  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:23:17.0611 0x0590  RemoteAccess - ok
19:23:17.0642 0x0590  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:23:17.0642 0x0590  RemoteRegistry - ok
19:23:17.0673 0x0590  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:23:17.0673 0x0590  RFCOMM - ok
19:23:17.0720 0x0590  [ DF8D3F59EA174828A7CFECD5657E056D, 35E18915A25DDC646F863AA2B38642C73C46EA417BEC82A19AB4B899D3953C13 ] rizyqibe        C:\Program Files (x86)\4C4C4544-1449847175-5710-8059-C7C04F325831\jnsp2AE4.tmp
19:23:17.0720 0x0590  rizyqibe - ok
19:23:17.0860 0x0590  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:23:17.0907 0x0590  RoxMediaDB12OEM - ok
19:23:17.0954 0x0590  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:23:17.0969 0x0590  RoxWatch12 - ok
19:23:18.0001 0x0590  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:23:18.0001 0x0590  RpcEptMapper - ok
19:23:18.0016 0x0590  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:23:18.0016 0x0590  RpcLocator - ok
19:23:18.0047 0x0590  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:23:18.0063 0x0590  RpcSs - ok
19:23:18.0110 0x0590  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:23:18.0110 0x0590  rspndr - ok
19:23:18.0141 0x0590  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
19:23:18.0141 0x0590  RSUSBVSTOR - ok
19:23:18.0188 0x0590  [ A10CF010E1A2B4337230B4929E0FE4A1, AE9F6896029FE00F8642E1DDD705D4F35E77ECD4BC6CE59C96351BC21499150A ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
19:23:18.0188 0x0590  RtkAudioService - ok
19:23:18.0235 0x0590  [ 3713DACCA1025B05A6343104112708D9, 77830F361775166ED2408CFF9F0DBEDFF225895DD0FAC93F3DC5FFD8DBE0ED2B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:23:18.0250 0x0590  RTL8167 - ok
19:23:18.0266 0x0590  Suspicious service (NoAccess): RuntimeManager
19:23:18.0313 0x0590  RuntimeManager - detected LockedService.Multi.Generic ( 1 )
19:23:18.0313 0x0590  RuntimeManager ( LockedService.Multi.Generic ) - warning
19:23:18.0328 0x0590  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
19:23:18.0328 0x0590  SamSs - ok
19:23:18.0375 0x0590  [ AD7231A60287E71E6D754264D55F3386, 4197E6CB06C6BAF9B850879CCB6DDBD5EBE977CA7981237903C0E67ACEC0EE3D ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
19:23:18.0391 0x0590  SbieDrv - ok
19:23:18.0422 0x0590  [ A9E1788755F2E37E5FC37A8D56845C92, 5FDEC64FAFC7FA9B4EDEAEE3CF0E12CD3D766B2B4D7F3B2307675476F3B87C62 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
19:23:18.0422 0x0590  SbieSvc - ok
19:23:18.0453 0x0590  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:23:18.0453 0x0590  sbp2port - ok
19:23:18.0484 0x0590  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:23:18.0500 0x0590  SCardSvr - ok
19:23:18.0500 0x0590  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:23:18.0500 0x0590  scfilter - ok
19:23:18.0547 0x0590  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:23:18.0578 0x0590  Schedule - ok
19:23:18.0640 0x0590  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:23:18.0656 0x0590  SCPolicySvc - ok
19:23:18.0671 0x0590  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:23:18.0671 0x0590  SDRSVC - ok
19:23:18.0703 0x0590  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:23:18.0703 0x0590  secdrv - ok
19:23:18.0734 0x0590  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:23:18.0749 0x0590  seclogon - ok
19:23:18.0765 0x0590  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:23:18.0765 0x0590  SENS - ok
19:23:18.0781 0x0590  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:23:18.0781 0x0590  SensrSvc - ok
19:23:18.0796 0x0590  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:23:18.0796 0x0590  Serenum - ok
19:23:18.0827 0x0590  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
19:23:18.0827 0x0590  Serial - ok
19:23:18.0843 0x0590  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:23:18.0843 0x0590  sermouse - ok
19:23:18.0874 0x0590  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:23:18.0874 0x0590  SessionEnv - ok
19:23:18.0874 0x0590  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:23:18.0890 0x0590  sffdisk - ok
19:23:18.0905 0x0590  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:23:18.0905 0x0590  sffp_mmc - ok
19:23:18.0921 0x0590  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:23:18.0921 0x0590  sffp_sd - ok
19:23:18.0937 0x0590  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:23:18.0937 0x0590  sfloppy - ok
19:23:19.0046 0x0590  [ 4215C271D6E6898C3F4DABAB4F387DC9, 10D845466AC239E18A381FA3BCF1DA1CDCF7CC4363D3A6B4695D6562B3EF7541 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:23:19.0124 0x0590  SftService - ok
19:23:19.0155 0x0590  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:23:19.0171 0x0590  SharedAccess - ok
19:23:19.0202 0x0590  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:23:19.0217 0x0590  ShellHWDetection - ok
19:23:19.0233 0x0590  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:23:19.0233 0x0590  SiSRaid2 - ok
19:23:19.0264 0x0590  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:23:19.0264 0x0590  SiSRaid4 - ok
19:23:19.0295 0x0590  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:23:19.0295 0x0590  Smb - ok
19:23:19.0311 0x0590  [ 258257B32F90496B67ABC93E922086BC, 0CABCD08BDE5FF2698E68DF6142D53145E1BA833667692FCEE8103CA662BC688 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
19:23:19.0311 0x0590  SmbDrvI - ok
19:23:19.0358 0x0590  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:23:19.0373 0x0590  SNMPTRAP - ok
19:23:19.0373 0x0590  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:23:19.0389 0x0590  spldr - ok
19:23:19.0420 0x0590  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
19:23:19.0436 0x0590  Spooler - ok
19:23:19.0545 0x0590  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:23:19.0670 0x0590  sppsvc - ok
19:23:19.0685 0x0590  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:23:19.0685 0x0590  sppuinotify - ok
19:23:19.0717 0x0590  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:23:19.0732 0x0590  srv - ok
19:23:19.0763 0x0590  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:23:19.0779 0x0590  srv2 - ok
19:23:19.0795 0x0590  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:23:19.0795 0x0590  srvnet - ok
19:23:19.0841 0x0590  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:23:19.0841 0x0590  SSDPSRV - ok
19:23:19.0857 0x0590  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:23:19.0857 0x0590  SstpSvc - ok
19:23:19.0919 0x0590  [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:23:19.0951 0x0590  Steam Client Service - ok
19:23:19.0982 0x0590  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:23:19.0982 0x0590  stexstor - ok
19:23:20.0013 0x0590  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:23:20.0013 0x0590  StillCam - ok
19:23:20.0060 0x0590  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:23:20.0091 0x0590  stisvc - ok
19:23:20.0122 0x0590  [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:23:20.0122 0x0590  stllssvr - ok
19:23:20.0153 0x0590  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:23:20.0169 0x0590  swenum - ok
19:23:20.0200 0x0590  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:23:20.0231 0x0590  swprv - ok
19:23:20.0247 0x0590  swsedrvr_vt_1_10_0_25 - ok
19:23:20.0294 0x0590  [ 35FB49002249D2D77EC0CDF28B2F204C, FC7CCE7567EEB7C32EF727D2157BC858D38ABBFC6E223AC21414488FC01D5557 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:23:20.0309 0x0590  SynTP - ok
19:23:20.0387 0x0590  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:23:20.0450 0x0590  SysMain - ok
19:23:20.0481 0x0590  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:23:20.0481 0x0590  TabletInputService - ok
19:23:20.0497 0x0590  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:23:20.0512 0x0590  TapiSrv - ok
19:23:20.0543 0x0590  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:23:20.0543 0x0590  TBS - ok
19:23:20.0637 0x0590  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:23:20.0684 0x0590  Tcpip - ok
19:23:20.0762 0x0590  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:23:20.0793 0x0590  TCPIP6 - ok
19:23:20.0824 0x0590  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:23:20.0824 0x0590  tcpipreg - ok
19:23:20.0840 0x0590  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:23:20.0840 0x0590  TDPIPE - ok
19:23:20.0871 0x0590  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:23:20.0871 0x0590  TDTCP - ok
19:23:20.0918 0x0590  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:23:20.0918 0x0590  tdx - ok
19:23:20.0949 0x0590  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:23:20.0949 0x0590  TermDD - ok
19:23:21.0011 0x0590  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:23:21.0027 0x0590  TermService - ok
19:23:21.0043 0x0590  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:23:21.0058 0x0590  Themes - ok
19:23:21.0074 0x0590  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:23:21.0089 0x0590  THREADORDER - ok
19:23:21.0105 0x0590  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:23:21.0105 0x0590  TrkWks - ok
19:23:21.0152 0x0590  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:23:21.0152 0x0590  TrustedInstaller - ok
19:23:21.0183 0x0590  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:21.0183 0x0590  tssecsrv - ok
19:23:21.0230 0x0590  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:23:21.0230 0x0590  TsUsbFlt - ok
19:23:21.0230 0x0590  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:23:21.0230 0x0590  TsUsbGD - ok
19:23:21.0261 0x0590  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:23:21.0261 0x0590  tunnel - ok
19:23:21.0277 0x0590  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:23:21.0292 0x0590  uagp35 - ok
19:23:21.0292 0x0590  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:23:21.0308 0x0590  udfs - ok
19:23:21.0339 0x0590  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:23:21.0339 0x0590  UI0Detect - ok
19:23:21.0339 0x0590  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:23:21.0339 0x0590  uliagpkx - ok
19:23:21.0370 0x0590  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:23:21.0370 0x0590  umbus - ok
19:23:21.0386 0x0590  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:23:21.0386 0x0590  UmPass - ok
19:23:21.0417 0x0590  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:23:21.0433 0x0590  upnphost - ok
19:23:21.0448 0x0590  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:21.0464 0x0590  usbccgp - ok
19:23:21.0495 0x0590  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:23:21.0495 0x0590  usbcir - ok
19:23:21.0511 0x0590  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:23:21.0511 0x0590  usbehci - ok
19:23:21.0557 0x0590  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:23:21.0573 0x0590  usbhub - ok
19:23:21.0604 0x0590  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:23:21.0604 0x0590  usbohci - ok
19:23:21.0651 0x0590  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:23:21.0651 0x0590  usbprint - ok
19:23:21.0682 0x0590  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:23:21.0682 0x0590  usbscan - ok
19:23:21.0729 0x0590  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
19:23:21.0729 0x0590  usbser - ok
19:23:21.0745 0x0590  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:21.0745 0x0590  USBSTOR - ok
19:23:21.0776 0x0590  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:23:21.0776 0x0590  usbuhci - ok
19:23:21.0807 0x0590  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:23:21.0823 0x0590  usbvideo - ok
19:23:21.0838 0x0590  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:23:21.0854 0x0590  UxSms - ok
19:23:21.0869 0x0590  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
19:23:21.0869 0x0590  VaultSvc - ok
19:23:21.0901 0x0590  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:23:21.0901 0x0590  vdrvroot - ok
19:23:21.0932 0x0590  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:23:21.0963 0x0590  vds - ok
19:23:21.0979 0x0590  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:21.0979 0x0590  vga - ok
19:23:21.0994 0x0590  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:23:21.0994 0x0590  VgaSave - ok
19:23:22.0010 0x0590  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:23:22.0010 0x0590  vhdmp - ok
19:23:22.0025 0x0590  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:23:22.0025 0x0590  viaide - ok
19:23:22.0041 0x0590  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:23:22.0041 0x0590  volmgr - ok
19:23:22.0072 0x0590  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:23:22.0088 0x0590  volmgrx - ok
19:23:22.0103 0x0590  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:23:22.0119 0x0590  volsnap - ok
19:23:22.0135 0x0590  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:23:22.0135 0x0590  vsmraid - ok
19:23:22.0213 0x0590  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:23:22.0275 0x0590  VSS - ok
19:23:22.0291 0x0590  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:23:22.0291 0x0590  vwifibus - ok
19:23:22.0322 0x0590  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:23:22.0322 0x0590  vwififlt - ok
19:23:22.0353 0x0590  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:23:22.0369 0x0590  W32Time - ok
19:23:22.0384 0x0590  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:23:22.0384 0x0590  WacomPen - ok
19:23:22.0509 0x0590  [ 4FC7BAC09543260A47AB9BFC7EDF446F, 109A56B6F921DCD80EE123D9F3202C8B640A89FF8C8A064260570D138488ECFA ] wampapache64    C:\Users\Michele\Documents\wamp\bin\apache\apache2.4.9\bin\httpd.exe
19:23:22.0509 0x0590  wampapache64 - ok
19:23:22.0556 0x0590  wampmysqld64 - ok
19:23:22.0603 0x0590  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:23:22.0603 0x0590  WANARP - ok
19:23:22.0603 0x0590  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:23:22.0618 0x0590  Wanarpv6 - ok
19:23:22.0696 0x0590  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:23:22.0774 0x0590  WatAdminSvc - ok
19:23:22.0837 0x0590  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:23:22.0883 0x0590  wbengine - ok
19:23:22.0899 0x0590  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:23:22.0915 0x0590  WbioSrvc - ok
19:23:22.0930 0x0590  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:23:22.0946 0x0590  wcncsvc - ok
19:23:22.0961 0x0590  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:23:22.0961 0x0590  WcsPlugInService - ok
19:23:22.0977 0x0590  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
19:23:22.0977 0x0590  Wd - ok
19:23:23.0039 0x0590  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:23:23.0071 0x0590  Wdf01000 - ok
19:23:23.0086 0x0590  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:23:23.0102 0x0590  WdiServiceHost - ok
19:23:23.0102 0x0590  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:23:23.0102 0x0590  WdiSystemHost - ok
19:23:23.0133 0x0590  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
19:23:23.0149 0x0590  WebClient - ok
19:23:23.0164 0x0590  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:23:23.0180 0x0590  Wecsvc - ok
19:23:23.0195 0x0590  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:23:23.0195 0x0590  wercplsupport - ok
19:23:23.0227 0x0590  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:23:23.0227 0x0590  WerSvc - ok
19:23:23.0242 0x0590  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:23.0242 0x0590  WfpLwf - ok
19:23:23.0273 0x0590  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:23:23.0289 0x0590  WimFltr - ok
19:23:23.0289 0x0590  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:23:23.0289 0x0590  WIMMount - ok
19:23:23.0305 0x0590  WinDefend - ok
19:23:23.0320 0x0590  WinHttpAutoProxySvc - ok
19:23:23.0383 0x0590  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:23:23.0383 0x0590  Winmgmt - ok
19:23:23.0476 0x0590  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:23:23.0554 0x0590  WinRM - ok
19:23:23.0601 0x0590  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:23:23.0601 0x0590  WinUsb - ok
19:23:23.0648 0x0590  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:23:23.0679 0x0590  Wlansvc - ok
19:23:23.0835 0x0590  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:23:23.0913 0x0590  wlidsvc - ok
19:23:23.0929 0x0590  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:23:23.0929 0x0590  WmiAcpi - ok
19:23:23.0944 0x0590  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:23:23.0960 0x0590  wmiApSrv - ok
19:23:23.0975 0x0590  WMPNetworkSvc - ok
19:23:24.0007 0x0590  [ 41F5E7066E8590A32E8DEBB4DF345BC2, B2BF196A8A045E163D72BCB53C15605BCBE2BFA68256D2B818B7DD88F61DA4F5 ] wovad_micarray  C:\Windows\system32\drivers\womic.sys
19:23:24.0007 0x0590  wovad_micarray - ok
19:23:24.0022 0x0590  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:23:24.0038 0x0590  WPCSvc - ok
19:23:24.0053 0x0590  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:23:24.0053 0x0590  WPDBusEnum - ok
19:23:24.0085 0x0590  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:23:24.0085 0x0590  ws2ifsl - ok
19:23:24.0100 0x0590  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:23:24.0100 0x0590  wscsvc - ok
19:23:24.0116 0x0590  WSearch - ok
19:23:24.0209 0x0590  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:23:24.0303 0x0590  wuauserv - ok
19:23:24.0334 0x0590  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:23:24.0334 0x0590  WudfPf - ok
19:23:24.0365 0x0590  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:24.0365 0x0590  WUDFRd - ok
19:23:24.0397 0x0590  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:23:24.0397 0x0590  wudfsvc - ok
19:23:24.0412 0x0590  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:23:24.0428 0x0590  WwanSvc - ok
19:23:24.0459 0x0590  ================ Scan global ===============================
19:23:24.0475 0x0590  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
19:23:24.0506 0x0590  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
19:23:24.0521 0x0590  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
19:23:24.0568 0x0590  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:23:24.0615 0x0590  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
19:23:24.0615 0x0590  [ Global ] - ok
19:23:24.0615 0x0590  ================ Scan MBR ==================================
19:23:24.0631 0x0590  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:23:24.0849 0x0590  \Device\Harddisk0\DR0 - ok
19:23:24.0865 0x0590  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
19:23:24.0865 0x0590  \Device\Harddisk1\DR1 - ok
19:23:24.0865 0x0590  ================ Scan VBR ==================================
19:23:24.0865 0x0590  [ 8C9EB3DA4336084403E63FF7AF25E091 ] \Device\Harddisk0\DR0\Partition1
19:23:24.0911 0x0590  \Device\Harddisk0\DR0\Partition1 - ok
19:23:24.0911 0x0590  [ EBE3C81DF3BF661FE93451389095E30D ] \Device\Harddisk0\DR0\Partition2
19:23:24.0911 0x0590  \Device\Harddisk0\DR0\Partition2 - ok
19:23:24.0927 0x0590  [ 973F3800E3B662209B4ADD61F9E3A72A ] \Device\Harddisk1\DR1\Partition1
19:23:24.0927 0x0590  \Device\Harddisk1\DR1\Partition1 - ok
19:23:24.0927 0x0590  ================ Scan generic autorun ======================
19:23:24.0958 0x0590  [ 483BAA4246B80BDE1EA562C618BBA4A1, 0340A483F2F00A329ADC625940E5B2E951E1AA362CB088477EFC92D245207CEA ] C:\Windows\system32\igfxtray.exe
19:23:24.0958 0x0590  IgfxTray - ok
19:23:24.0989 0x0590  [ 40CAEC9DBC892ED1915704CC54CB382E, 38976A5EF1461027FF8F07397793A9BEFD0B3B47EB1B86F0F3FB88818E5917C9 ] C:\Windows\system32\hkcmd.exe
19:23:25.0005 0x0590  HotKeysCmds - ok
19:23:25.0036 0x0590  [ C88B01661694F2013F8DF1BD66B8B39E, 5BB40F448A85EE00FC090D61BFAB2D15874946E355F92B4FA40482153F0EB83E ] C:\Windows\system32\igfxpers.exe
19:23:25.0052 0x0590  Persistence - ok
19:23:25.0301 0x0590  [ DB333A5F69B00A6B550901A5C854929F, 7CAB6D0D20CDE3AE41B06826C9045CC3E3438AB94BB3D9D5C0E50EEF3C41101F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:23:25.0520 0x0590  RTHDVCPL - ok
19:23:25.0567 0x0590  [ E9752E0CD9FB37612474B23973443FC9, B497B77BCC70A721D74DDE5551C0314D43FDAFE547D071C26750F0314128FCB8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:23:25.0613 0x0590  RtHDVBg - ok
19:23:25.0613 0x0590  SynTPEnh - ok
19:23:25.0707 0x0590  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
19:23:25.0754 0x0590  MSC - ok
19:23:25.0816 0x0590  [ BE0D4F98717DBAABBE0A785C9B854F21, 3C7EA33A6E3E4398C44CDD337CE1466A7B8ADEBD3F09ECB0C61EB29982275228 ] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
19:23:25.0847 0x0590  lxdxmon.exe - ok
19:23:25.0879 0x0590  [ 415BE7CBC49A34E501D869706E01E656, FD9AED7BA327CD6CAFBF00C7D78682ECC3BBDD0B5DD84F0EA1E5D01BCC85DE0F ] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
19:23:25.0879 0x0590  lxdxamon - ok
19:23:25.0925 0x0590  [ 88FD47E3BD31BC358AD1EF14E75C7681, 0177A849A8E63122628D42AAB97F29224413B10C5E9720F7ED9E109E509EC7ED ] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
19:23:25.0925 0x0590  RemoteControl9 - ok
19:23:25.0957 0x0590  [ A4A59E38A82781985AF76BA2038C78BE, 0E349A07EFC7FB0BB6E9CD3A6B9E72CDA4FD45001EEAB3AAC5D885E2AE0CEF77 ] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
19:23:25.0957 0x0590  PDVD9LanguageShortcut - ok
19:23:25.0972 0x0590  [ FC38AC14A394D470182092AB22D98836, 5438385657DDA912DC3499A9FA66D37055EC90217B09C2FA294E7A60F83DB82D ] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
19:23:25.0972 0x0590  BDRegion - ok
19:23:26.0269 0x0590  [ FC9AC796ACCF950D202DB32B19684F15, 0BBA73C4B24A90141EDADD8B32949E714229F3F6DFA7B8860FD15BC3E2D69B9D ] C:\Users\Michele\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
19:23:26.0518 0x0590  MusicManager - ok
19:23:26.0674 0x0590  [ C355D12FA264B22BA44FC67323EBE819, 22FF84541E3FA15150E95658010EBD09BD928EA64903D14ADC5FEA8FE7B8ADA3 ] C:\Users\Michele\AppData\Roaming\uTorrent\uTorrent.exe
19:23:26.0752 0x0590  uTorrent - ok
19:23:26.0861 0x0590  [ 776F1F9447FDA3F568EC6D1FB74DDD27, A53409B29ACDDB901D395EC4217F5BF366B3F8AFF2817B007AC7558505D18863 ] C:\Program Files (x86)\Steam\steam.exe
19:23:26.0924 0x0590  Steam - ok
19:23:26.0986 0x0590  [ 9D564AFCF58022E4801FF84CE597F7EB, 780E3D560A79A618963FA3160E7FED8F2F18455464D04D21B4BE88D2A01A7419 ] C:\Program Files\Sandboxie\SbieCtrl.exe
19:23:27.0017 0x0590  SandboxieControl - ok
19:23:27.0049 0x0590  GoogleDriveSync - ok
19:23:27.0158 0x0590  [ 74376E37036BC71703EE8A1A9F8ACC3D, 71654F810C3131B72A87B708CBE80C4E797696D9979C8DDC68D445B48E1AB2DF ] C:\Users\Michele\AppData\Local\Apps\2.0\472XDERH.MQO\TC4LEV2T.3X9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
19:23:27.0158 0x0590  DellSystemDetect - ok
19:23:27.0220 0x0590  [ A73D71B94FE81294C95B92EA3CB51D55, 39564E115EAD532C00AE7F1FA1D799404084AB2763C170644D1694A7A75B6C13 ] C:\ProgramData\DataFile\Windi.exe
19:23:27.0220 0x0590  Windi - ok
19:23:27.0922 0x0590  [ 40335C8877B6B84842AF03A40E1BB206, 33433ED8961B1AEEBD30F8DD53A541C711C403D019F1074406FF9C9D1E9F4113 ] C:\Program Files\CCleaner\CCleaner64.exe
19:23:28.0421 0x0590  CCleaner Monitoring - ok
19:23:28.0562 0x0590  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
19:23:28.0577 0x0590  Win FW state via NFP2: enabled ( trusted )
19:23:28.0577 0x0590  ============================================================
19:23:28.0577 0x0590  Scan finished
19:23:28.0577 0x0590  ============================================================
19:23:28.0577 0x033c  Detected object count: 2
19:23:28.0577 0x033c  Actual detected object count: 2
19:24:01.0213 0x033c  FindingDiscount ( LockedService.Multi.Generic ) - User select action: Quarantine 
19:24:01.0228 0x033c  RuntimeManager ( LockedService.Multi.Generic ) - User select action: Quarantine 
19:24:04.0458 0x0560  Deinitialize success
 
========= End of CMD: =========
 
 
=========  dir /a C:\uninst =========
 
 Volume in drive C is OSDisk
 Volume Serial Number is DE22-970E
 
 Directory of C:\uninst
 
12/11/2015  04:38 PM    <DIR>          .
12/11/2015  04:38 PM    <DIR>          ..
12/11/2015  04:38 PM               176 uninstall.html
               1 File(s)            176 bytes
               2 Dir(s)  692,755,177,472 bytes free
 
========= End of CMD: =========
 
 
=========  dir /a C:\Windows\System32\Tasks\Ulsnainnud =========
 
 Volume in drive C is OSDisk
 Volume Serial Number is DE22-970E
 
 Directory of C:\Windows\System32\Tasks
 
File Not Found
 
========= End of CMD: =========
 
ShortcutTarget: => Error: No automatic fix found for this entry.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 15.3 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:13:16 ====

 

 

 

====================================================================================

AdwCleaner
====================================================================================
 


 

# AdwCleaner v5.025 - Logfile created 13/12/2015 at 15:18:33

# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Michele - MININT-J80TFHB
# Running from : C:\Users\Michele\Desktop\adwcleaner_5.025.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : FindingDiscount
Service Found : RuntimeManager
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager
Folder Found : C:\Program Files (x86)\iwin games
Folder Found : C:\ProgramData\Windows Discount
Folder Found : C:\ProgramData\iwin games
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
Folder Found : C:\Users\Michele\AppData\Local\Installer\Install_891
Folder Found : C:\Users\Michele\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Found : C:\Windows\SysWOW64\C2MP
 
***** [ Files ] *****
 
File Found : C:\task.vbs
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : RunAsStdUser Task
Task Found : amiupdaterExd
Task Found : amiupdaterExi
 
***** [ Registry ] *****
 
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [codec Settings UAC Manager]
Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74
Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8
Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE24AA8C-0BF1-46B8-8A9B-882B0E6631C2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE89DEF8-26D5-4220-94AA-0FEA20DBBD5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DC6B471E-2502-4CD3-9DA2-F93585CBF529}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE24AA8C-0BF1-46B8-8A9B-882B0E6631C2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE89DEF8-26D5-4220-94AA-0FEA20DBBD5A}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\tstamptoken
Key Found : HKCU\Software\Microsoft\Tinstalls
Key Found : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\FlashBeat
Key Found : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\SpaceSondPro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
Key Found : [x64] HKLM\SOFTWARE\FlashBeat
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{39B8EB7E-465D-4900-9CC5-471B8D52E374} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{39B8EB7E-465D-4900-9CC5-471B8D52E374} [NameServer] - 104.197.191.4
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{39B8EB7E-465D-4900-9CC5-471B8D52E374} [NameServer] - 104.197.191.4
 
***** [ Web browsers ] *****
 
[C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP3779E1A3-9337-441[...]
[C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MA726D412-C5A4-4467-A1DD-9900A068B1E7&SearchSource=55&CUI=&UM=8&UP=SP3779E1A3-9337-4414-BD22[...]
[C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6169 bytes] ##########
 

 

====================================================================================

JRT

====================================================================================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64 
Ran by Michele (Limited) on Sun 12/13/2015 at 15:28:10.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Users\Michele\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\Michele\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Windows\couponprinter.ocx (File) 
 
Deleted the following from C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\b2cj5zk7.default-1431957154550\prefs.js
user_pref(browser.search.selectedEngine, Trovi);
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/13/2015 at 15:29:24.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

====================================================================================
ZHPCleaner

====================================================================================
 


 

~ ZHPCleaner v2015.12.13.397 by Nicolas Coolman (2015/12/13)

~ Run by Michele (Administrator)  (13/12/2015 15:39:37)
~ State version : No network file
~ Type : Repair
~ Report : C:\Users\Michele\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Michele\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
 
 
---\\  Browser internet (3)
REPLACED Chrome Preferences: "http://www.trovi.com/"  =>PUP.Optional.Trovigo
DELETED data: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=475740B0000003C2D6C6F6F70626166B3E000000000400000000000000A45FFD7AA2CE010000000000000000000000000100000002000000C0A80102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 <-Loopback>]  =>Hijacker.Proxy
DELETED data: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=475740B0000003C2D6C6F6F70626166B3E000000000400000000000000A45FFD7AA2CE010000000000000000000000000100000002000000C0A80102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 <-Loopback>]  =>Hijacker.Proxy
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (4)
MOVED file: C:\Windows\Prefetch\SMARTWEBAPP.EXE-3D6BCA40.pf    =>PUP.Optional.SmartWebSearch
MOVED file: C:\Windows\Prefetch\SMARTWEBHELPER.EXE-3691C81B.pf    =>PUP.Optional.SmartWebSearch
MOVED file: C:\Users\Michele\Downloads\stdlib.jar    =>PUP.Optional.LinkiDoo
MOVED file: C:\Users\Michele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk    =>PUP.Optional.iWinArcade
 
 
---\\  Registry ( Key, Value, Data) (10)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\iWinTrusted [C:\Program Files (x86)\iWin Games\iWinTrusted.exe (Not File)]  =>PUP.Optional.iWinArcade
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\iWinTrusted [C:\Program Files (x86)\iWin Games\iWinTrusted.exe (Not File)]  =>PUP.Optional.iWinArcade
DELETED key*: HKEY_USERS\S-1-5-21-1982298361-2193398931-2922598473-1004\SOFTWARE\iWinArcade []  =>PUP.Optional.iWinArcade
DELETED key*: HKEY_USERS\.DEFAULT\Software\iWinArcade []  =>PUP.Optional.iWinArcade
DELETED key: HKCU\Software\iWinArcade []  =>PUP.Optional.iWinArcade
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\ForseRemove []  =>PUP.Optional.iWinArcade
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\iWinArcade []  =>PUP.Optional.iWinArcade
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SwiftSearch_1.10.0.25 []  =>PUP.Optional.Generic
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\ForseRemove []  =>PUP.Optional.iWinArcade
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWinArcade [iWin Games]  =>PUP.Optional.iWinArcade
 
 
---\\  Summary of the elements found (6)
http://www.nicolascoolman.fr/?p=1042  =>PUP.Optional.Trovigo
http://www.nicolascoolman.fr/?p=29  =>PUP.Optional.SmartWebSearch
http://www.nicolascoolman.fr/?p=62  =>PUP.Optional.LinkiDoo
http://www.nicolascoolman.fr/?p=542  =>PUP.Optional.iWinArcade
 
 
---\\  Other deletions. (33)
~ Registry Keys Tracing deleted (33)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 1255
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 18
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-13122015-15_40_19.txt
ZHPCleaner-[S]-13122015-15_39_07.txt
 

 

Zoef and Emisoft logs attached as requested. Thank you

 

Attached Files


#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 13 December 2015 - 05:29 PM

you press delete button on the Adwcleaner? Please press delete button ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 13 December 2015 - 05:41 PM

Hi,

ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#11 foid

foid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 13 December 2015 - 06:39 PM

you press delete button on the Adwcleaner? Please press delete button ?

 

Yes I did, and it rebooted my computer and said the report would pop up once it started back up, but it did not pop up.

 

Here is the Combofix log. Note I did run Combofix the other day while following a virus removal guide on reddit (posted in my original post):

 

ComboFix 15-12-12.01 - Michele 12/13/2015  18:18:47.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8067.7153 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-13 to 2015-12-13  )))))))))))))))))))))))))))))))
.
.
2015-12-13 23:27 . 2015-12-13 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-13 21:01 . 2015-12-13 21:01 -------- d-----w- C:\EEK
2015-12-13 20:56 . 2015-12-13 23:27 -------- d-----w- c:\users\Michele\AppData\Local\Temp
2015-12-13 20:56 . 2015-12-13 20:41 24064 ----a-w- c:\windows\zoek-delete.exe
2015-12-13 20:41 . 2015-12-13 20:54 -------- d-----w- C:\zoek_backup
2015-12-13 20:30 . 2015-12-13 20:40 -------- d-----w- c:\users\Michele\AppData\Roaming\ZHP
2015-12-13 20:18 . 2015-12-13 23:13 -------- d-----w- C:\AdwCleaner
2015-12-12 14:47 . 2015-12-13 20:17 -------- d-----w- C:\FRST
2015-12-12 01:17 . 2015-12-12 01:17 -------- d-----w- c:\users\Michele\My Backup Files
2015-12-12 01:05 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A92D37A-39B7-4AD9-960B-1AC46FD19EA7}\mpengine.dll
2015-12-12 00:24 . 2015-12-12 00:24 -------- d-----w- c:\users\Michele\AppData\Local\VS Revo Group
2015-12-12 00:24 . 2015-12-12 00:24 -------- d-----w- c:\programdata\VS Revo Group
2015-12-12 00:24 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-12-12 00:24 . 2015-12-12 00:24 -------- d-----w- c:\program files\VS Revo Group
2015-12-12 00:24 . 2015-12-12 00:24 -------- d-----w- C:\TDSSKiller_Quarantine
2015-12-11 22:55 . 2015-12-11 22:55 -------- d-----w- c:\program files\CCleaner
2015-12-11 21:42 . 2015-12-12 00:09 -------- d-----w- c:\programdata\DataFile
2015-12-11 21:39 . 2015-12-11 20:29 375120 ----a-w- c:\windows\system32\Hotbujgyb64.dll
2015-12-11 21:39 . 2015-12-11 20:29 289104 ----a-w- c:\windows\SysWow64\Hotbujgyb.dll
2015-12-11 21:39 . 2015-12-11 21:39 -------- d-----w- c:\windows\system32\nigv
2015-12-11 21:39 . 2015-12-11 21:39 -------- d-----w- c:\users\Michele\AppData\Roaming\AidoTayf
2015-12-11 21:38 . 2015-12-11 21:38 -------- d-----w- C:\uninst
2015-12-11 21:17 . 2015-12-11 21:17 -------- d-----w- c:\programdata\Ulsnainnud
2015-12-11 04:33 . 2015-07-02 20:02 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A030CD41-01DA-46D9-A5AB-3D9ADB198C58}\gapaengine.dll
2015-12-09 14:02 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-12-08 22:10 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2015-12-08 22:10 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-11-26 15:26 . 2015-12-11 23:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-11-18 20:57 . 2015-11-18 20:57 34072 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-24 00:10 . 2013-08-27 01:49 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-10-20 01:12 . 2015-11-10 23:29 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-10 23:29 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-10 23:29 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-10 23:29 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-10 23:29 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-10 23:29 243712 ----a-w- c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-10 23:29 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-10 23:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-10 23:29 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-10 23:29 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-10 23:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-10 23:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-10 23:29 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-10 23:29 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-10 23:29 28160 ----a-w- c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-10 23:29 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-10 23:29 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-10 23:29 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-10 23:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-10 23:29 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-10 23:29 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-10 23:29 729600 ----a-w- c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-10 23:29 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-10 23:29 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-10 23:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-10 23:29 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-10 23:29 22016 ----a-w- c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-10 23:29 112640 ----a-w- c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-10 23:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-10 23:29 31232 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-10 23:29 338432 ----a-w- c:\windows\system32\conhost.exe
2015-10-20 01:04 . 2015-11-10 23:29 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 01:00 . 2015-11-10 23:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:59 . 2015-11-10 23:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:53 . 2015-11-10 23:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:53 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-20 00:53 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-20 00:52 . 2015-11-10 23:29 3991488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52 . 2015-11-10 23:29 3935680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48 . 2015-11-10 23:29 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-10-20 00:45 . 2015-11-10 23:29 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-10-20 00:45 . 2015-11-10 23:29 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-10-20 00:45 . 2015-11-10 23:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-10-20 00:45 . 2015-11-10 23:29 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-10 23:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-10-20 00:45 . 2015-11-10 23:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-10-20 00:45 . 2015-11-10 23:29 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-10-20 00:45 . 2015-11-10 23:29 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-10-20 00:45 . 2015-11-10 23:29 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-10-20 00:45 . 2015-11-10 23:29 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-10-20 00:45 . 2015-11-10 23:29 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-10-20 00:45 . 2015-11-10 23:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-20 00:45 . 2015-11-10 23:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-10-20 00:44 . 2015-11-10 23:29 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-10-20 00:44 . 2015-11-10 23:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-10-20 00:44 . 2015-11-10 23:29 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-10-20 00:44 . 2015-11-10 23:29 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-10-20 00:44 . 2015-11-10 23:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-10-20 00:39 . 2015-11-10 23:29 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-10-20 00:39 . 2015-11-10 23:29 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-10-20 00:35 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:35 . 2015-11-10 23:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-11-10 20:50 1731800 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-11-10 20:50 1731800 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-11-10 20:50 1731800 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Michele\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-11-17 7643136]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-08-28 1939136]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-11-04 22790776]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
"DellSystemDetect"="c:\users\Michele\AppData\Local\Apps\2.0\472XDERH.MQO\TC4LEV2T.3X9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" [2014-07-12 262720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-02 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-02 153992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\users\Michele\Documents\RCA Detective\RCADetective.exe [2013-9-11 1069056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BodyMedia Sync.lnk - c:\program files (x86)\BodyMedia\Sync\BodyMediaSync.exe /startup [2013-1-9 631808]
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe   [2014-8-9 3432960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 epp64;epp64;c:\eek\bin\epp64.sys;c:\eek\bin\epp64.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/08/13 06:52;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe;c:\windows\SYSNATIVE\lxdxcoms.exe [x]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdxserv.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys;c:\windows\SYSNATIVE\drivers\leath_hid.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wampapache64;wampapache64;c:\users\Michele\Documents\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\users\Michele\Documents\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
R3 wampmysqld64;wampmysqld64;c:\users\Michele\Documents\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\users\Michele\Documents\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys;c:\windows\SYSNATIVE\drivers\womic.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-08 21:13 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 19:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 19:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 19:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-11-10 20:45 2339032 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-11-10 20:45 2339032 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-11-10 20:45 2339032 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-15 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-15 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-15 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"lxdxamon"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: amazonaws.com\s3
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{39B8EB7E-465D-4900-9CC5-471B8D52E374}: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\users\Michele\AppData\Roaming\uTorrent\uTorrent.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe
AddRemove-Media Player - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-uTorrent - c:\users\Michele\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1982298361-2193398931-2922598473-1004\Software\SecuROM\License information*]
"datasecu"=hex:1c,9a,02,df,d6,e1,66,99,08,b9,24,84,74,fa,b0,7c,e0,4d,d6,ee,ef,
   d7,a7,4a,d3,a7,7f,7f,02,1f,7f,6a,b2,66,ef,6a,9f,b2,f3,9a,1e,c5,3c,bb,9e,f0,\
"rkeysecu"=hex:c1,b5,e4,e3,30,99,e4,22,fa,e9,28,f7,d2,9d,99,3f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-13  18:30:25
ComboFix-quarantined-files.txt  2015-12-13 23:30
ComboFix2.txt  2015-12-12 00:52
ComboFix3.txt  2015-12-12 00:22
.
Pre-Run: 692,400,336,896 bytes free
Post-Run: 692,263,559,168 bytes free
.
- - End Of File - - 301C2715A4DE9EABD360608092784441
A36C5E4F47E84449FF07ED3517B43A31

#12 foid

foid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 14 December 2015 - 10:32 AM

Just wanted to update to say that the virus appears to be gone but I still do not have internet access.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 14 December 2015 - 02:33 PM

Just wanted to update to say that the virus appears to be gone but I still do not have internet access.

Good.
================
For internet access:
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
netsh int ip reset reset.log
netsh winsock reset catalog

Restart computer.
 
 is there internet access now ? If not still, what is problem and any errors ?
 
 IP and DNS settings are automatic?
========================================================
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Windows\system32\nigv
C:\Windows\SysWOW64\HotbujgybOff.ini
C:\Windows\system32\HotbujgybOff.ini
C:\Windows\system32\Hotbujgyb64.dll
C:\Windows\SysWOW64\Hotbujgyb.dll
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#14 foid

foid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  

Posted 14 December 2015 - 04:10 PM

ipconfig /flushdns gives me the error "ipconfig.exe - Application Error: The application was unable to start correctly (0xc0000022)." All of the other ipconfig commands give the same error.

net stop "dns client" gives the error "The DNS Client service is not started"

net start "dns client" gives the error "The DNS Client service could not be started. A system error has occurred. System error 5 has occurred. Access is denied."

The netsh commands worked and I restarted. Upon restart I get an error: "Receiver.exe - Application Error: The application was unable to start correctly (0xc0000022) "

Another problem now is I am being told my copy of Windows is not genuine - it is, it came installed on my laptop right from the factory.

#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 PM

Posted 14 December 2015 - 04:46 PM

Please try again.

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

 

ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
netsh int ip reset reset.log
netsh winsock reset catalog

Restart computer.
 
 is there internet access now ? If not still, what is problem and any errors ?
 
 IP and DNS settings are automatic?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·