W3i.IQ5.fraud and others. [Archive] - Safer-Networking Forums

View Full Version : W3i.IQ5.fraud and others.

chayes001

2013-11-18, 02:51

My wifes laptop has been having trouble lately. She would continually get a popup notification from Win 7 Home Premium that stated that a hard disk error was noticed and that a backup should be performed. I copied her files to my external hard drive then did a scan with Spybot, Spyware Blaster, and Comodo Antivirus. I found W3i.IQ5.fraud. Comodo was supposed to have taken care of it but the disk error message still appeared. I did numerous chkdsk c: /r /x but no bad sectors were found. She cannot access Internet Explorer, the screen just flashes then returns to the desktop. I found a reference to W3i.IQ5.fraud on a Microsoft support site and followed their directions for manual removal. I didn't find any entries in regedit that were listed. I then went to Kaspersky's website and performed an online scan, the following were found:

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Dee\Downloads\ArcadeFrontierGames (1).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Dee\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Dee\Downloads\Firefox_Setup_17.0.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined

That was a few days ago. Tonight her computer rebooted itself and presented the following error messages:
PXE-E61: Media test failure
PXE-M0F: Exiting Broadcom

I tried to repair her operating system by booting from a Win 7 cd. One of the screens showed her hard disk as "Boot :X" instead of "Gateway :C".
I'm able to get into Safe mode and the correct drive designation is listed. Can you assist me in cleaning her system up?

ken545

2013-11-26, 19:03

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR

Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)

Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

chayes001

2013-11-26, 19:47

Thanks for help Ken. DDS only generated one report and that is attached as well as "aswMBR". I ran DDS twice but it still ran only one report.

ken545

2013-11-26, 19:56

I really need to see the main DDS report, not the attached

Lets try this one instead

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

chayes001

2013-11-26, 20:23

Alright Ken, the scan took almost 25 minutes. Here is the first document:

OTL logfile created on: 11/26/2013 1:02:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 62.60% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 399.71 Gb Free Space | 88.30% Space Free | Partition Type: NTFS
Drive E: | 120.73 Mb Total Space | 57.99 Mb Free Space | 48.04% Space Free | Partition Type: FAT

Computer Name: DEE-PC | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\GbPlugin\gbpsv.exe ( )
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Walgreens PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Users\Dee\AppData\Roaming\PictureMover\Bin\Core.dll ()
MOD - C:\Users\Dee\AppData\Roaming\PictureMover\WG-EN-US\Presentation.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GbpSv) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe ( )
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmeaext) -- C:\Windows\SysNative\drivers\ZTEusbnmeaext.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbgps) -- C:\Windows\SysNative\drivers\ZTEusbgps.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (GbpKm) -- C:\Windows\SysWOW64\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 12:50:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 12:50:31 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Gmail = C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/25 18:27:18 | 000,450,619 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1122988514-126629761-105748036-1001..\Run: [Best Buy pc app] C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.55.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B291C53-C65A-495D-BDD7-DBB57B6C6ACB}: DhcpNameServer = 192.168.55.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f032d5e-86ec-11e0-9bf2-4c0f6e3d6690}\Shell - "" = AutoRun
O33 - MountPoints2\{2f032d5e-86ec-11e0-9bf2-4c0f6e3d6690}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{2f032d66-86ec-11e0-9bf2-4c0f6e3d6690}\Shell - "" = AutoRun
O33 - MountPoints2\{2f032d66-86ec-11e0-9bf2-4c0f6e3d6690}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{a59f437e-8ddb-11e2-81c6-88ae1d605766}\Shell - "" = AutoRun
O33 - MountPoints2\{a59f437e-8ddb-11e2-81c6-88ae1d605766}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 13:00:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2013/11/26 12:28:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dee\Desktop\aswMBR.exe
[2013/11/26 12:28:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dee\Desktop\dds.com
[2013/11/25 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Dee\Documents\ProcAlyzer Dumps
[2013/11/25 18:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/11/25 18:05:11 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/11/25 18:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/11/14 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/11/14 08:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/11/14 08:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/11/14 08:50:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/11/14 08:49:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/11/14 08:49:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/11/14 08:49:41 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/11/14 08:49:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/11/14 08:49:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/11/14 08:49:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/11/14 08:49:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/11/14 08:49:27 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/11/14 08:49:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/11/14 08:49:27 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/11/14 08:49:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/11/14 08:49:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/11/14 08:49:27 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/11/14 08:49:26 | 005,698,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/11/14 08:49:25 | 006,578,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/11/14 08:49:25 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2013/11/14 08:49:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2013/11/14 08:13:15 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2013/11/14 08:13:12 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2013/11/14 07:16:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/14 07:16:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/14 07:16:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/14 07:16:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/14 07:16:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/14 07:16:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/14 07:16:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/14 07:16:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/14 07:16:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/14 07:16:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/14 07:16:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/14 07:16:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/14 07:16:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/14 07:16:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/14 07:16:33 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 18:15:47 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 18:15:24 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 18:15:23 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 18:15:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 18:15:23 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 18:15:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 18:15:09 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 18:15:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 18:15:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 18:15:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 18:15:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 18:14:51 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/01 14:53:09 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/01 14:53:09 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/27 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\{775971D8-287A-4AAE-94DD-DAA3743BA909}
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/26 13:00:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2013/11/26 12:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 12:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 12:40:41 | 000,000,512 | ---- | M] () -- C:\Users\Dee\Desktop\MBR.dat
[2013/11/26 12:35:07 | 000,003,669 | ---- | M] () -- C:\Users\Dee\Desktop\attach.zip
[2013/11/26 12:29:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dee\Desktop\aswMBR.exe
[2013/11/26 12:28:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dee\Desktop\dds.com
[2013/11/26 12:23:28 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 12:23:28 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/26 12:23:28 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/26 12:22:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 12:22:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 12:18:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 12:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 12:16:12 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 18:27:18 | 000,450,619 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/25 18:05:22 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/25 18:05:14 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/14 14:42:32 | 000,000,494 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/14 08:56:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/26 12:40:41 | 000,000,512 | ---- | C] () -- C:\Users\Dee\Desktop\MBR.dat
[2013/11/26 12:35:07 | 000,003,669 | ---- | C] () -- C:\Users\Dee\Desktop\attach.zip
[2013/11/25 18:05:22 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/25 18:05:14 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/25 18:05:14 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/14 08:56:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/10/31 09:36:17 | 000,000,494 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/19 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Artogon
[2013/11/14 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\DefaultTab
[2010/11/18 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Packard Bell
[2012/09/13 10:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PictureMover
[2011/05/25 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Smith Micro
[2011/12/23 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SNS
[2013/03/13 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SoftGrid Client
[2011/01/02 15:52:07 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\TP
[2011/02/20 12:52:38 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Windows Live Writer
[2013/11/09 07:45:24 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

chayes001

2013-11-26, 20:25

Here's the "Extras.txt".

OTL Extras logfile created on: 11/26/2013 1:02:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 62.60% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 399.71 Gb Free Space | 88.30% Space Free | Partition Type: NTFS
Drive E: | 120.73 Mb Total Space | 57.99 Mb Free Space | 48.04% Space Free | Partition Type: FAT

Computer Name: DEE-PC | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1915AE94-735C-42F9-B113-0DAEC9C32946}" = lport=139 | protocol=6 | dir=in | app=system |
"{19F12838-541D-4D07-A539-A48F681ED47D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3317CD7E-22FD-47DD-8A2B-9BF048412CA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{364D6C94-0D00-4C47-AEF6-65E286A1D470}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BB96553-F977-4810-8A6D-0B71EBF8CFFB}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D063A15-19B6-40F2-9025-83CB049AEC3B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E2D3E59-3D02-4F02-AE71-FE0C5BB95306}" = rport=138 | protocol=17 | dir=out | app=system |
"{502DB6A2-C41D-4660-B453-7235700E82E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{505FBF38-4175-429D-9881-9ACF92E1A072}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{54A7FAA1-90CE-476A-BFD2-1E0815899EC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63873E09-A259-460F-AAFB-670CFD25DEE8}" = lport=138 | protocol=17 | dir=in | app=system |
"{70E54765-F7B0-4FDC-9E84-0BB956908516}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70EDA895-67B9-4246-8085-DCA5D928824F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{79F8673D-A0E5-4C74-AB85-D78007032366}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A35C341-91C6-47F7-BD27-0DFF0FF3CCDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D1B7F4-1985-4CF5-83BF-62D5466F0424}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{847CD954-94AC-4948-9B1B-5B8FA850E15D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A79E5B48-484C-49DE-B550-5006961015CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9920069-0943-4EA1-92C0-20D8BF5C7E9C}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB624EF7-8815-42A6-B73C-F67FC22C669B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2389834-1058-44BF-AD0F-3FAA0B87AADD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D37AEB73-CCAA-4B20-A8F4-2890D29571C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E48898E7-5E90-40A0-8162-3E1F5451BE0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EACB6946-216D-4C6A-8D40-B3FD7D8AD792}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECFF830C-236D-40A2-B95B-80C30D6B22A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED552580-767F-44D2-99AA-75B619680C34}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5D64DDD-B015-45B7-9C07-8C6C2E04E3F6}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011DEB73-ED06-4E11-9C0F-EA5C8758ED0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{13505822-DF03-489C-9259-F17B8FF25078}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{1A15818B-A770-4BBC-9F63-DE1010192AF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{28FF3D2F-FF56-43EA-A479-AC38A6485238}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{294C0031-94F7-49B3-93E5-CBE086E02E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{309E20FD-22B9-458C-AD8B-854792378424}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317C8DBB-83AD-4411-97C2-B48D82AFB8EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{32A5EB41-0231-453A-B7BA-204EA7983A8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{338C471F-6941-43DC-9EA8-FBEE75DA2523}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{368631DF-B23A-4973-9CB5-04E8A7C06672}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3B4ED752-D99A-48DE-844C-ECC84C9D1DEA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3B7B5861-8DA3-4BCD-ABF8-14C039F18AAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3E37BF0B-1AB3-4F3F-9B12-EEF87689B311}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44160D17-0AC5-4D5D-AFD4-7271C4CFEF8E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{4D1F3695-4BB0-4C1F-8E4D-64E18750B4C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D54F16A-CF70-4642-BACE-861F92472DE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{557F8CD1-CE0B-4157-9B93-4FE3873A1C2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5E255E86-9CAD-4E9C-8C4C-4CBC730839D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{672F249C-EDE4-4F3C-B068-FB156FD8DA09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D455A91-097D-4C94-8F4A-ED464A772301}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7173EBF9-EE15-4716-92F9-7979E41AB86C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{84D991E1-36C6-43A1-AE66-A83D892FED64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{89E8184C-265C-4B78-A260-97ED6BBCBF9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{9180A193-9C6B-4227-8E1C-1BAAAE7DC320}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{93A3F9DD-A58C-4AB0-8F26-ACFB645D949C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95402F35-54B4-4AD0-AD48-37785B835AA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2D3EF41-F65B-4C49-9405-65EC0A74C366}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{A37804E1-19F3-4BDE-B6BF-3304CE4E5C8F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A40AF240-0682-4551-B4A1-A92969D684C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A909DDDF-7C40-4552-A2A9-4F189B39D721}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AAC9A0D4-CD12-4A04-878C-31E93447D6AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{B1416692-CB28-4C92-9C9E-613BABE0CB7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B2263C56-1B8E-4480-98C9-988D3E91C6F6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B2D6941A-8F16-4E1E-9666-75BAD8C477EC}" = protocol=6 | dir=out | app=system |
"{BB961680-FA61-4041-9323-623C0F08964A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC7CB3FB-7F84-49A8-AFB4-5DFFBF0B17A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{BE26666C-EB35-44BF-BED1-8B894CED4E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF62F8C1-0E0F-406C-9794-1DE35237646B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF66B8C7-C602-4114-B1F7-18091E324315}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C73D3A72-2AE0-42A1-8E16-908980CC1A27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CC7CB653-5977-4AC7-8DA2-A3654E710CC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEBD3848-CA08-45D0-8CA8-C14B86EBA090}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D97EBC2F-EF2E-4BCE-BD26-1D391E47F7D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{E499C927-1E7C-43B5-AA17-D4CDCEC61618}" = protocol=58 | dir=in | app=system |
"{E5B3D519-0E90-47AD-A7D6-060CA0B7F4E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED259565-6BEF-4945-BCAA-8F24786CB374}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EE0B3951-13E8-43EB-9F68-1B3F1364AD10}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F551A8BA-6D86-4007-B657-F01542585F7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FA203E8C-F210-42C7-807B-30746BBEC928}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FE0303B1-9548-4F20-98CD-8F4EE0D4CDF3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{113DE59D-B57A-4075-9D4F-5803DFA69EB7}" = Walgreens PictureMover
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C5BB2C4-54F9-4A17-8845-090C7BEC232C}" = ZTE USB Drivers
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"BFGC" = Big Fish Games: Game Manager
"BFG-Treasure Seekers - The Time Has Come" = Treasure Seekers: The Time Has Come
"ESET Online Scanner" = ESET Online Scanner v3
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SpywareBlaster_is1" = SpywareBlaster 5.0
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2013 9:46:59 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 11/14/2013 9:47:09 AM | Computer Name = Dee-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 11/14/2013 9:59:03 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.
%windir%\system32\spp\tokens\ppdlic\networksecurity-ppdlic.xrm-ms

Error - 11/14/2013 9:59:04 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.
%windir%\system32\spp\tokens\ppdlic\networksecurity-ppdlic.xrm-ms

Error - 11/14/2013 10:02:10 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 11/14/2013 10:02:11 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 11/14/2013 10:04:25 AM | Computer Name = Dee-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 11/14/2013 10:04:55 AM | Computer Name = Dee-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 11/14/2013 10:46:47 AM | Computer Name = Dee-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/14/2013 10:50:15 AM | Computer Name = Dee-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 9/29/2011 4:49:41 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = 3:49:41 PM - Error connecting to the internet. 3:49:41 PM - Unable
to contact server..

Error - 9/29/2011 4:51:13 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = 3:50:13 PM - Error connecting to the internet. 3:50:13 PM - Unable
to contact server..

Error - 10/18/2011 9:23:31 AM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = 8:23:23 AM - Error connecting to the internet. 8:23:23 AM - Unable
to contact server..

[ System Events ]
Error - 11/25/2013 9:14:31 PM | Computer Name = Dee-PC | Source = DCOM | ID = 10005
Description =

Error - 11/25/2013 9:17:42 PM | Computer Name = Dee-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 11/25/2013 9:18:14 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 11/25/2013 9:18:14 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 11/25/2013 9:18:45 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 11/25/2013 9:18:45 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 11/25/2013 9:24:54 PM | Computer Name = Dee-PC | Source = DCOM | ID = 10010
Description =

Error - 11/26/2013 2:10:17 PM | Computer Name = Dee-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:48:19 PM on ?11/?25/?2013 was unexpected.

Error - 11/26/2013 2:10:27 PM | Computer Name = Dee-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 11/26/2013 2:16:20 PM | Computer Name = Dee-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

< End of report >

ken545

2013-11-26, 20:50

Lets run a different program, so far not seeing any malware

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

chayes001

2013-11-26, 21:09

I've been MalwareBytes for several years and used it before coming to this forum. Attached is the current scan.

ken545

2013-11-26, 22:57

If you can, just copy and paste the logs we ask for in lew of attaching them please

So far no malware

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

chayes001

2013-11-27, 05:41

I ran ESET and it found no malware. My wife related that some time back her e-mail account was hacked and messages of a sexual nature was sent to everyone in her contact list including her employer. I'm in safe mode as when I try to start Windows normally I get an error message stating that windows could not configure windows update, reverting changes then restarts and does the same process.

ken545

2013-11-27, 11:54

Good Morning,

As far as your wife's email, hope she went ahead and changed her password, make it something strong, at least a mixture of 12 numbers and letters

You may have a problem with how your system is configured to boot up, have you gone into the BIOS and changed any settings ?

This may or may not help

Go to Start> Shut off your Computer> Restart
Or if the computer is off press the power button
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good Configuration
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

chayes001

2013-11-27, 15:23

Good morning to you Ken. I followed the process you indicated and it really hasn't seem to make a difference. No changes in BIOS have been made or the addition of any programs. On startup I immediately get the message about a hard disk problem and IE is killed as soon as you attempt to open it.

ken545

2013-11-27, 15:49

Let me see this report

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

chayes001

2013-11-27, 16:23

Here is the text:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: NV53A
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 164):
0x03008000 \SystemRoot\system32\ntoskrnl.exe
0x035ED000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C72000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C7F000 \SystemRoot\system32\PSHED.dll
0x00C93000 \SystemRoot\system32\CLFS.SYS
0x00CF1000 \SystemRoot\system32\CI.dll
0x00EEF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FB1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC1000 \SystemRoot\system32\drivers\pciide.sys
0x00FC8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FD8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF2000 \SystemRoot\system32\drivers\atapi.sys
0x00DB1000 \SystemRoot\system32\drivers\ataport.SYS
0x00DDB000 \SystemRoot\system32\drivers\msahci.sys
0x00DE6000 \SystemRoot\system32\drivers\amdxata.sys
0x0100A000 \SystemRoot\system32\drivers\fltmgr.sys
0x01056000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0106A000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010C8000 \SystemRoot\System32\Drivers\cng.sys
0x013DA000 \SystemRoot\System32\drivers\pcw.sys
0x013EB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01480000 \SystemRoot\system32\drivers\ndis.sys
0x01572000 \SystemRoot\system32\drivers\NETIO.SYS
0x015D2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0113A000 \SystemRoot\system32\drivers\volsnap.sys
0x01449000 \SystemRoot\System32\Drivers\spldr.sys
0x01186000 \SystemRoot\System32\drivers\rdyboost.sys
0x01451000 \SystemRoot\System32\Drivers\mup.sys
0x01463000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x0183C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0186C000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x018AC000 \SystemRoot\System32\DRIVERS\cmderd.sys
0x018B4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018DE000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x01920000 \SystemRoot\System32\Drivers\Null.SYS
0x01929000 \SystemRoot\System32\Drivers\Beep.SYS
0x01930000 \SystemRoot\System32\drivers\vga.sys
0x0193E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01963000 \SystemRoot\System32\drivers\watchdog.sys
0x01973000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0197C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01985000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0198E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01999000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019AA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019CC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x019D9000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x03A6D000 \SystemRoot\system32\drivers\afd.sys
0x03AF6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B80000 \SystemRoot\system32\DRIVERS\inspect.sys
0x03B98000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BA7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BC2000 \SystemRoot\system32\drivers\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x03BD6000 \SystemRoot\System32\drivers\discache.sys
0x01800000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BE5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C93000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03CB9000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03CCE000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048E1000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x03D02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F50000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F96000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04800000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04020000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04244000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04251000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04259000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04261000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0426C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042C2000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x042CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042E0000 \SystemRoot\system32\drivers\i8042prt.sys
0x042FE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0430D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0435C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0435E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0436D000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04376000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0437B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0438B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x043A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043C5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043D1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04851000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04872000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0401B000 \SystemRoot\system32\drivers\swenum.sys
0x0488C000 \SystemRoot\system32\drivers\ks.sys
0x048CF000 \SystemRoot\system32\drivers\umbus.sys
0x03C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04FBA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03C5A000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x0564F000 \SystemRoot\system32\drivers\portcls.sys
0x0568C000 \SystemRoot\system32\drivers\drmk.sys
0x056AE000 \SystemRoot\system32\drivers\ksthunk.sys
0x05843000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05A61000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A7E000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05A95000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05A9E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05AAC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05AC5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05AD3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05AE0000 \SystemRoot\system32\DRIVERS\point64.sys
0x05AF1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05B1F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05B2D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05B39000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05B44000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05B57000 \SystemRoot\System32\drivers\Dxapi.sys
0x05B63000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x05B71000 \SystemRoot\system32\drivers\luafv.sys
0x05B94000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05B9F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x056B4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05BB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05BC7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05BDF000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x05707000 \SystemRoot\system32\drivers\HTTP.sys
0x05800000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0581E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x057D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04FCF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05465000 \SystemRoot\system32\drivers\peauth.sys
0x0550B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05516000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x05400000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x01874000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0544E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0808B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x080F4000 \SystemRoot\System32\DRIVERS\srv.sys
0x0818C000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x77120000 \Windows\System32\ntdll.dll
0x480E0000 \Windows\System32\smss.exe
0xFF440000 \Windows\System32\apisetschema.dll

Processes (total 95):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
444 csrss.exe
508 C:\Windows\System32\wininit.exe
544 csrss.exe
580 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
844 C:\PROGRA~2\GbPlugin\gbpsv.exe
888 C:\Windows\System32\svchost.exe
940 C:\Program Files\COMODO\COMODO Internet Security\upd7C.tmp
108 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\atiesrxx.exe
648 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\atieclxx.exe
1444 C:\Windows\System32\spoolsv.exe
1524 C:\Windows\System32\svchost.exe
1628 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1660 C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
1736 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1760 C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
1784 C:\Windows\System32\svchost.exe
1812 C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
1844 C:\Windows\SysWOW64\svchost.exe
1868 C:\Windows\System32\svchost.exe
1904 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
1944 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\DFDWiz.exe
2096 C:\Windows\System32\dwm.exe
2112 C:\Windows\System32\taskhost.exe
2180 C:\Windows\explorer.exe
2208 C:\Windows\System32\taskeng.exe
2272 C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
2284 C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
2504 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2512 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2520 C:\Windows\PLFSetI.exe
2528 C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
2556 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
2592 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2620 C:\Program Files (x86)\Walgreens PictureMover\Bin\PictureMover.exe
2880 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
2972 C:\Program Files (x86)\Launch Manager\LManager.exe
2988 C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
3016 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3052 C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
1064 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1164 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
1836 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
400 C:\Program Files (x86)\Launch Manager\LMworker.exe
3088 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3112 C:\Windows\System32\svchost.exe
3144 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
3200 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3304 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
3324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3460 WmiPrvSE.exe
3596 C:\Windows\System32\wbem\unsecapp.exe
3688 C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
4056 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
4080 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2568 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2912 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1828 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4400 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
4600 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4652 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
4968 C:\Windows\System32\SearchIndexer.exe
5024 C:\Windows\System32\svchost.exe
2608 C:\Windows\System32\svchost.exe
4820 C:\Program Files\Windows Media Player\wmpnetwk.exe
5068 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1996 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3824 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
424 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4288 C:\Windows\System32\svchost.exe
4428 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
5748 dllhost.exe
5376 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5792 C:\Windows\servicing\TrustedInstaller.exe
3536 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\audiodg.exe
4312 C:\Windows\System32\svchost.exe
6084 C:\Windows\System32\SearchProtocolHost.exe
4904 C:\Windows\System32\SearchFilterHost.exe
5900 C:\Users\Dee\Desktop\MBRCheck.exe
2768 C:\Windows\System32\conhost.exe
4980 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD5000BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

ken545

2013-11-27, 16:53

Looking at the report I would like to check for a trojan, run this program, do not cure, I just want to see the report first

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan

As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

chayes001

2013-11-27, 17:04

I have a question first before I start the scan. When I open TDSSKiller a pop up says that there is an update available and that it should be downloaded before doing the scan. When I click on "update" I just get a flash of a screen attempting to open but the dies. The update must be attempting to access IE as whatever I have kills IE. Should I continue with the scan without the update or is there a way to get the update through another browser such as Google Chrome? Firefox or IE won't work with whatever this is.

ken545

2013-11-27, 17:49

Lets try this first

Go to Start > Control Panel > Internet Options and when it opens go to the Advanced Tab. Then click on RESET INTERNET EXPLORER SETTING > RESET. This will take a few seconds , when it done ok your way out. Then try Opening IE and see if it works. If it does than give TDSSkiller another try, if not let me know and we can try something else

chayes001

2013-11-27, 18:03

Sorry Ken, that didn't work. IE flashes and dies.....

ken545

2013-11-27, 18:17

OK, open up Firefox and go to Tools > Options > Advanced Tab and down on the bottom click on Make FF my default browser, then close it out and use FF and try TDSSKiller again

chayes001

2013-11-27, 18:31

Here's the log, it didn't find anything. The log is too large to submit at one time so I'm going to have to split it.

11:22:10.0837 0x0988 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
11:22:17.0875 0x0988 ============================================================
11:22:17.0875 0x0988 Current date / time: 2013/11/27 11:22:17.0875
11:22:17.0875 0x0988 SystemInfo:
11:22:17.0875 0x0988
11:22:17.0875 0x0988 OS Version: 6.1.7601 ServicePack: 1.0
11:22:17.0875 0x0988 Product type: Workstation
11:22:17.0876 0x0988 ComputerName: DEE-PC
11:22:17.0876 0x0988 UserName: Dee
11:22:17.0876 0x0988 Windows directory: C:\Windows
11:22:17.0876 0x0988 System windows directory: C:\Windows
11:22:17.0876 0x0988 Running under WOW64
11:22:17.0876 0x0988 Processor architecture: Intel x64
11:22:17.0877 0x0988 Number of processors: 2
11:22:17.0877 0x0988 Page size: 0x1000
11:22:17.0877 0x0988 Boot type: Normal boot
11:22:17.0877 0x0988 ============================================================
11:22:21.0129 0x0988 KLMD registered as C:\Windows\system32\drivers\32262919.sys
11:22:21.0855 0x0988 System UUID: {56AC6828-E31B-4E54-3A38-581F213B4ECF}
11:22:23.0835 0x0988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:22:23.0840 0x0988 ============================================================
11:22:23.0840 0x0988 \Device\Harddisk0\DR0:
11:22:23.0840 0x0988 MBR partitions:
11:22:23.0840 0x0988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
11:22:23.0840 0x0988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
11:22:23.0840 0x0988 ============================================================
11:22:23.0875 0x0988 C: <-> \Device\Harddisk0\DR0\Partition2
11:22:23.0875 0x0988 ============================================================
11:22:23.0876 0x0988 Initialize success
11:22:23.0876 0x0988 ============================================================
11:22:53.0921 0x12fc ============================================================
11:22:53.0921 0x12fc Scan started
11:22:53.0921 0x12fc Mode: Manual; TDLFS;
11:22:53.0921 0x12fc ============================================================
11:22:53.0921 0x12fc KSN ping started
11:22:57.0916 0x12fc KSN ping finished: true
11:22:59.0259 0x12fc ================ Scan system memory ========================
11:22:59.0259 0x12fc System memory - ok
11:22:59.0260 0x12fc ================ Scan services =============================
11:22:59.0506 0x12fc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:22:59.0566 0x12fc 1394ohci - ok
11:22:59.0710 0x12fc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:22:59.0745 0x12fc ACPI - ok
11:22:59.0782 0x12fc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:22:59.0784 0x12fc AcpiPmi - ok
11:22:59.0943 0x12fc [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:22:59.0948 0x12fc AdobeARMservice - ok
11:23:00.0115 0x12fc [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:00.0132 0x12fc AdobeFlashPlayerUpdateSvc - ok
11:23:00.0222 0x12fc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:23:00.0275 0x12fc adp94xx - ok
11:23:00.0294 0x12fc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:23:00.0317 0x12fc adpahci - ok
11:23:00.0329 0x12fc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:23:00.0337 0x12fc adpu320 - ok
11:23:00.0384 0x12fc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:23:00.0391 0x12fc AeLookupSvc - ok
11:23:00.0565 0x12fc [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
11:23:00.0615 0x12fc AFD - ok
11:23:00.0645 0x12fc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:23:00.0651 0x12fc agp440 - ok
11:23:00.0688 0x12fc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:23:00.0692 0x12fc ALG - ok
11:23:00.0721 0x12fc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:23:00.0727 0x12fc aliide - ok
11:23:00.0879 0x12fc [ FF6F0F6A2D72065AE4300426FA414693, 124FEB2AFA0050D3418FB1E341FC8A5E8EE8D6EDEFE4A192BE948057CE5EB74E ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
11:23:00.0892 0x12fc Amazon Download Agent - ok
11:23:00.0944 0x12fc [ D865F8ABFF031563E860D16A38BD5A35, 9C1A078B75303B4C6BE4FED54867C75B9BA6537FA7A60A0758B7DE8B1FE3BD83 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:23:00.0950 0x12fc AMD External Events Utility - ok
11:23:00.0971 0x12fc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:23:00.0974 0x12fc amdide - ok
11:23:01.0034 0x12fc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:23:01.0045 0x12fc AmdK8 - ok
11:23:01.0439 0x12fc [ 83418F6EE5A81DDDD8E248FCBFC99AF6, FDDF142CFB12F4644C87CA25096869DBBB7579F7CFBBCFC48A455EC1B75C5A52 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
11:23:01.0699 0x12fc amdkmdag - ok
11:23:01.0868 0x12fc [ 7E58B5E1DEAA70BD46997068DF06B4E3, C81D45CCBAAFBEE87D0148E0678A764C632CAA54A33898A3B7F7CB39896E0E2C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:23:01.0884 0x12fc amdkmdap - ok
11:23:01.0926 0x12fc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:23:01.0930 0x12fc AmdPPM - ok
11:23:01.0979 0x12fc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:23:01.0988 0x12fc amdsata - ok
11:23:02.0059 0x12fc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:23:02.0082 0x12fc amdsbs - ok
11:23:02.0108 0x12fc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:23:02.0111 0x12fc amdxata - ok
11:23:02.0147 0x12fc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
11:23:02.0152 0x12fc AppID - ok
11:23:02.0195 0x12fc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:23:02.0198 0x12fc AppIDSvc - ok
11:23:02.0246 0x12fc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
11:23:02.0250 0x12fc Appinfo - ok
11:23:02.0284 0x12fc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:23:02.0290 0x12fc arc - ok
11:23:02.0306 0x12fc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:23:02.0319 0x12fc arcsas - ok
11:23:02.0386 0x12fc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:02.0392 0x12fc AsyncMac - ok
11:23:02.0438 0x12fc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:23:02.0442 0x12fc atapi - ok
11:23:02.0648 0x12fc [ 70260C7C98CC0101316F5B2650C3BB44, 15F5DBDB1251D3F2EF2A0764BC2829A02448B98A0DF9AF316C8466F83BA9241F ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:23:02.0808 0x12fc athr - ok
11:23:02.0892 0x12fc [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:23:02.0896 0x12fc AtiPcie - ok
11:23:02.0991 0x12fc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:23:03.0044 0x12fc AudioEndpointBuilder - ok
11:23:03.0081 0x12fc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:23:03.0098 0x12fc AudioSrv - ok
11:23:03.0131 0x12fc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:23:03.0135 0x12fc AxInstSV - ok
11:23:03.0220 0x12fc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:23:03.0270 0x12fc b06bdrv - ok
11:23:03.0304 0x12fc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:23:03.0315 0x12fc b57nd60a - ok
11:23:03.0378 0x12fc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:23:03.0386 0x12fc BDESVC - ok
11:23:03.0452 0x12fc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:23:03.0456 0x12fc Beep - ok
11:23:03.0535 0x12fc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:23:03.0564 0x12fc BFE - ok
11:23:03.0682 0x12fc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
11:23:03.0734 0x12fc BITS - ok
11:23:03.0762 0x12fc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:23:03.0765 0x12fc blbdrive - ok
11:23:03.0832 0x12fc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:23:03.0843 0x12fc bowser - ok
11:23:03.0886 0x12fc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:23:03.0890 0x12fc BrFiltLo - ok
11:23:03.0921 0x12fc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:23:03.0925 0x12fc BrFiltUp - ok
11:23:03.0982 0x12fc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:23:03.0992 0x12fc Browser - ok
11:23:04.0023 0x12fc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:23:04.0037 0x12fc Brserid - ok
11:23:04.0061 0x12fc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:23:04.0065 0x12fc BrSerWdm - ok
11:23:04.0074 0x12fc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:23:04.0076 0x12fc BrUsbMdm - ok
11:23:04.0102 0x12fc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:23:04.0104 0x12fc BrUsbSer - ok
11:23:04.0129 0x12fc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:23:04.0133 0x12fc BTHMODEM - ok
11:23:04.0181 0x12fc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:23:04.0189 0x12fc bthserv - ok
11:23:04.0229 0x12fc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:23:04.0235 0x12fc cdfs - ok
11:23:04.0274 0x12fc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:23:04.0283 0x12fc cdrom - ok
11:23:04.0326 0x12fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:23:04.0331 0x12fc CertPropSvc - ok
11:23:04.0372 0x12fc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:23:04.0376 0x12fc circlass - ok
11:23:04.0507 0x12fc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
11:23:04.0530 0x12fc CLFS - ok
11:23:04.0618 0x12fc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:04.0624 0x12fc clr_optimization_v2.0.50727_32 - ok
11:23:04.0695 0x12fc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:23:04.0703 0x12fc clr_optimization_v2.0.50727_64 - ok
11:23:04.0769 0x12fc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:23:04.0779 0x12fc clr_optimization_v4.0.30319_32 - ok
11:23:04.0832 0x12fc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:23:04.0842 0x12fc clr_optimization_v4.0.30319_64 - ok
11:23:04.0889 0x12fc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:23:04.0893 0x12fc CmBatt - ok
11:23:05.0173 0x12fc [ 65FB5097D9EE7E3A99E932CFA0E4B344, 42BFD514204CDFD37BDF388DE0BEB5909F24777807A10C0BB2CEF763B9FEC876 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:23:05.0247 0x12fc cmdAgent - ok
11:23:05.0339 0x12fc [ 2D6DC31AA55BFF702519235DEF0DA68E, 4B92D235528E82411E914556A9B11A1487F015051BE37D6335B2C4D64F383385 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
11:23:05.0343 0x12fc cmderd - ok
11:23:05.0505 0x12fc [ 919ACCC22ABDC1C3CA68326C0E5DEAF9, 25AFA22BD3D5A50C7BE9C05ED03079D1CE9042A235738D3DCFEBB1F5A262BC94 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
11:23:05.0564 0x12fc cmdGuard - ok
11:23:05.0619 0x12fc [ F8FECE0F1D44C4A58778083B00EEADAC, 595E961D5D30BE15FA662A41AA995CD7A03D6B79D5A095489FD20B2F4104C4C5 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
11:23:05.0621 0x12fc cmdHlp - ok
11:23:05.0664 0x12fc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:23:05.0668 0x12fc cmdide - ok
11:23:05.0761 0x12fc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
11:23:05.0804 0x12fc CNG - ok
11:23:05.0870 0x12fc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:23:05.0875 0x12fc Compbatt - ok
11:23:05.0936 0x12fc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:23:05.0942 0x12fc CompositeBus - ok
11:23:05.0951 0x12fc COMSysApp - ok
11:23:05.0983 0x12fc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:23:05.0988 0x12fc crcdisk - ok
11:23:06.0047 0x12fc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:23:06.0061 0x12fc CryptSvc - ok
11:23:06.0235 0x12fc [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:23:06.0257 0x12fc cvhsvc - ok
11:23:06.0344 0x12fc [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:23:06.0353 0x12fc dc3d - ok
11:23:06.0409 0x12fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:23:06.0443 0x12fc DcomLaunch - ok
11:23:06.0491 0x12fc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:23:06.0500 0x12fc defragsvc - ok
11:23:06.0563 0x12fc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:23:06.0575 0x12fc DfsC - ok
11:23:06.0640 0x12fc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:23:06.0665 0x12fc Dhcp - ok
11:23:06.0725 0x12fc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:23:06.0731 0x12fc discache - ok
11:23:06.0788 0x12fc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:23:06.0796 0x12fc Disk - ok
11:23:06.0851 0x12fc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:23:06.0866 0x12fc Dnscache - ok
11:23:06.0897 0x12fc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:23:06.0908 0x12fc dot3svc - ok
11:23:06.0981 0x12fc [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:23:06.0994 0x12fc Dot4 - ok
11:23:07.0062 0x12fc [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
11:23:07.0069 0x12fc Dot4Print - ok
11:23:07.0128 0x12fc [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:23:07.0137 0x12fc dot4usb - ok
11:23:07.0188 0x12fc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:23:07.0201 0x12fc DPS - ok
11:23:07.0243 0x12fc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:23:07.0245 0x12fc drmkaud - ok
11:23:07.0380 0x12fc [ 61E894FE1E9CC720C909E6E343351794, 2C8540ED0A2C7028B242289078B4C2D8678D26FB7429AB3B33C136BB47B178C3 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:23:07.0395 0x12fc DsiWMIService - ok
11:23:07.0468 0x12fc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:23:07.0520 0x12fc DXGKrnl - ok
11:23:07.0586 0x12fc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:23:07.0591 0x12fc EapHost - ok
11:23:07.0811 0x12fc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:23:08.0043 0x12fc ebdrv - ok
11:23:08.0136 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
11:23:08.0142 0x12fc EFS - ok
11:23:08.0242 0x12fc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:23:08.0289 0x12fc ehRecvr - ok
11:23:08.0318 0x12fc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:23:08.0322 0x12fc ehSched - ok
11:23:08.0398 0x12fc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:23:08.0448 0x12fc elxstor - ok
11:23:08.0595 0x12fc [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
11:23:08.0616 0x12fc ePowerSvc - ok
11:23:08.0664 0x12fc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:23:08.0668 0x12fc ErrDev - ok
11:23:08.0796 0x12fc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:23:08.0826 0x12fc EventSystem - ok
11:23:08.0869 0x12fc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:23:08.0885 0x12fc exfat - ok
11:23:08.0949 0x12fc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:23:08.0969 0x12fc fastfat - ok
11:23:09.0048 0x12fc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:23:09.0101 0x12fc Fax - ok
11:23:09.0120 0x12fc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:23:09.0123 0x12fc fdc - ok
11:23:09.0157 0x12fc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:23:09.0159 0x12fc fdPHost - ok
11:23:09.0173 0x12fc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:23:09.0179 0x12fc FDResPub - ok
11:23:09.0234 0x12fc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:23:09.0242 0x12fc FileInfo - ok
11:23:09.0265 0x12fc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:23:09.0268 0x12fc Filetrace - ok
11:23:09.0309 0x12fc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:09.0313 0x12fc flpydisk - ok
11:23:09.0389 0x12fc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:23:09.0418 0x12fc FltMgr - ok
11:23:09.0512 0x12fc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
11:23:09.0569 0x12fc FontCache - ok
11:23:09.0668 0x12fc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:23:09.0673 0x12fc FontCache3.0.0.0 - ok
11:23:09.0721 0x12fc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:23:09.0728 0x12fc FsDepends - ok
11:23:09.0805 0x12fc [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:23:09.0815 0x12fc fssfltr - ok
11:23:09.0968 0x12fc [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:23:10.0023 0x12fc fsssvc - ok
11:23:10.0096 0x12fc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:23:10.0101 0x12fc Fs_Rec - ok
11:23:10.0156 0x12fc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:23:10.0179 0x12fc fvevol - ok
11:23:10.0223 0x12fc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:23:10.0228 0x12fc gagp30kx - ok
11:23:10.0243 0x12fc GbpKm - ok
11:23:10.0354 0x12fc [ 00C19D97AB407530BEB8556FA1F6B08A, 4FAA70F19CD812FDA8EC5B31ADEC7505F7EFB714BD12F9D253ECFAA13B545357 ] GbpSv C:\PROGRA~2\GbPlugin\GbpSv.exe
11:23:10.0366 0x12fc GbpSv - ok
11:23:10.0456 0x12fc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:23:10.0509 0x12fc gpsvc - ok
11:23:10.0587 0x12fc [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
11:23:10.0589 0x12fc GREGService - ok
11:23:10.0691 0x12fc [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:23:10.0700 0x12fc gupdate - ok
11:23:10.0746 0x12fc [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:23:10.0753 0x12fc gupdatem - ok
11:23:10.0792 0x12fc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:23:10.0800 0x12fc gusvc - ok
11:23:10.0845 0x12fc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:23:10.0850 0x12fc hcw85cir - ok
11:23:10.0927 0x12fc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:23:10.0964 0x12fc HdAudAddService - ok
11:23:10.0988 0x12fc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:23:10.0997 0x12fc HDAudBus - ok
11:23:11.0031 0x12fc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:23:11.0034 0x12fc HidBatt - ok
11:23:11.0074 0x12fc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:23:11.0080 0x12fc HidBth - ok
11:23:11.0104 0x12fc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:23:11.0109 0x12fc HidIr - ok
11:23:11.0152 0x12fc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
11:23:11.0158 0x12fc hidserv - ok
11:23:11.0200 0x12fc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:23:11.0206 0x12fc HidUsb - ok
11:23:11.0249 0x12fc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:23:11.0259 0x12fc hkmsvc - ok
11:23:11.0316 0x12fc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:23:11.0350 0x12fc HomeGroupListener - ok
11:23:11.0395 0x12fc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:23:11.0415 0x12fc HomeGroupProvider - ok
11:23:11.0552 0x12fc [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:23:11.0591 0x12fc hpqcxs08 - ok
11:23:11.0645 0x12fc [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:23:11.0655 0x12fc hpqddsvc - ok
11:23:11.0712 0x12fc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:23:11.0722 0x12fc HpSAMD - ok
11:23:11.0818 0x12fc [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:23:11.0866 0x12fc HPSLPSVC - ok
11:23:11.0959 0x12fc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:23:11.0986 0x12fc HTTP - ok
11:23:12.0042 0x12fc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:23:12.0046 0x12fc hwpolicy - ok
11:23:12.0115 0x12fc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:23:12.0125 0x12fc i8042prt - ok
11:23:12.0209 0x12fc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:23:12.0252 0x12fc iaStorV - ok
11:23:12.0346 0x12fc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:23:12.0382 0x12fc idsvc - ok
11:23:12.0435 0x12fc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:23:12.0442 0x12fc iirsp - ok
11:23:12.0581 0x12fc [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
11:23:12.0645 0x12fc IKEEXT - ok
11:23:12.0727 0x12fc [ C4E67D3037DC79E39D7136581A947F50, 1A632388942B2E3015C021EAA2470B1B4CB8BDFB16B24D85F66245374FE7A0EF ] inspect C:\Windows\system32\DRIVERS\inspect.sys
11:23:12.0739 0x12fc inspect - ok
11:23:12.0945 0x12fc [ FEADC18677A85A123E95A9B976101120, 3198981BBC0FFDD706F7B14AAAAE076449D74B4EEA308C58CB354E7FFF89FAD7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:23:13.0029 0x12fc IntcAzAudAddService - ok
11:23:13.0072 0x12fc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:23:13.0074 0x12fc intelide - ok
11:23:13.0112 0x12fc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:23:13.0116 0x12fc intelppm - ok
11:23:13.0163 0x12fc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:23:13.0174 0x12fc IPBusEnum - ok
11:23:13.0214 0x12fc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:13.0228 0x12fc IpFilterDriver - ok
11:23:13.0304 0x12fc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:23:13.0334 0x12fc iphlpsvc - ok
11:23:13.0367 0x12fc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:23:13.0374 0x12fc IPMIDRV - ok
11:23:13.0431 0x12fc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:23:13.0444 0x12fc IPNAT - ok
11:23:13.0470 0x12fc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:23:13.0474 0x12fc IRENUM - ok
11:23:13.0525 0x12fc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:23:13.0580 0x12fc isapnp - ok
11:23:13.0636 0x12fc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:23:13.0664 0x12fc iScsiPrt - ok
11:23:13.0798 0x12fc [ C9B4ECC187581E5BF3F76648884B7829, D4DDFDD92FEFDFAF293633C2B3860C37D7DC59965170E55AD181EFAFCFD1DB13 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
11:23:13.0826 0x12fc k57nd60a - ok
11:23:13.0842 0x12fc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:13.0846 0x12fc kbdclass - ok
11:23:13.0898 0x12fc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:13.0904 0x12fc kbdhid - ok
11:23:13.0925 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
11:23:13.0930 0x12fc KeyIso - ok
11:23:14.0010 0x12fc [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:23:14.0019 0x12fc KSecDD - ok
11:23:14.0052 0x12fc [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:23:14.0060 0x12fc KSecPkg - ok
11:23:14.0084 0x12fc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:23:14.0086 0x12fc ksthunk - ok
11:23:14.0141 0x12fc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
11:23:14.0164 0x12fc KtmRm - ok
11:23:14.0254 0x12fc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:23:14.0281 0x12fc LanmanServer - ok
11:23:14.0328 0x12fc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:23:14.0335 0x12fc LanmanWorkstation - ok
11:23:14.0402 0x12fc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:23:14.0410 0x12fc lltdio - ok
11:23:14.0471 0x12fc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:23:14.0503 0x12fc lltdsvc - ok
11:23:14.0517 0x12fc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:23:14.0521 0x12fc lmhosts - ok
11:23:14.0569 0x12fc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:23:14.0580 0x12fc LSI_FC - ok
11:23:14.0609 0x12fc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:23:14.0615 0x12fc LSI_SAS - ok
11:23:14.0642 0x12fc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:23:14.0647 0x12fc LSI_SAS2 - ok
11:23:14.0677 0x12fc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:23:14.0684 0x12fc LSI_SCSI - ok
11:23:14.0718 0x12fc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
11:23:14.0724 0x12fc luafv - ok
11:23:14.0759 0x12fc [ 36EFC8C32829A27BAF0E63BFDBD5EE90, 7B8C211FFDFBD5D2D9680FA4633379185740876919709F8B41515BAD95BD215B ] massfilter C:\Windows\system32\drivers\massfilter.sys
11:23:14.0761 0x12fc massfilter - ok
11:23:14.0825 0x12fc McComponentHostService - ok
11:23:14.0869 0x12fc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:23:14.0879 0x12fc Mcx2Svc - ok
11:23:14.0902 0x12fc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:23:14.0908 0x12fc megasas - ok
11:23:14.0990 0x12fc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:23:15.0012 0x12fc MegaSR - ok
11:23:15.0054 0x12fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
11:23:15.0058 0x12fc MMCSS - ok
11:23:15.0089 0x12fc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
11:23:15.0093 0x12fc Modem - ok
11:23:15.0134 0x12fc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:23:15.0139 0x12fc monitor - ok
11:23:15.0189 0x12fc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:23:15.0195 0x12fc mouclass - ok
11:23:15.0241 0x12fc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:23:15.0246 0x12fc mouhid - ok
11:23:15.0292 0x12fc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:23:15.0302 0x12fc mountmgr - ok
11:23:15.0354 0x12fc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
11:23:15.0371 0x12fc mpio - ok
11:23:15.0424 0x12fc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:23:15.0430 0x12fc mpsdrv - ok
11:23:15.0514 0x12fc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:23:15.0595 0x12fc MpsSvc - ok
11:23:15.0636 0x12fc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:23:15.0642 0x12fc MRxDAV - ok
11:23:15.0738 0x12fc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:15.0761 0x12fc mrxsmb - ok
11:23:15.0832 0x12fc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:15.0856 0x12fc mrxsmb10 - ok
11:23:15.0889 0x12fc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:15.0898 0x12fc mrxsmb20 - ok
11:23:15.0939 0x12fc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
11:23:15.0944 0x12fc msahci - ok
11:23:16.0018 0x12fc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:23:16.0037 0x12fc msdsm - ok
11:23:16.0097 0x12fc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
11:23:16.0111 0x12fc MSDTC - ok
11:23:16.0186 0x12fc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:23:16.0190 0x12fc Msfs - ok
11:23:16.0213 0x12fc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:23:16.0215 0x12fc mshidkmdf - ok
11:23:16.0247 0x12fc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:23:16.0249 0x12fc msisadrv - ok
11:23:16.0301 0x12fc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:23:16.0309 0x12fc MSiSCSI - ok
11:23:16.0320 0x12fc msiserver - ok
11:23:16.0338 0x12fc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:23:16.0343 0x12fc MSKSSRV - ok
11:23:16.0361 0x12fc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:16.0363 0x12fc MSPCLOCK - ok
11:23:16.0367 0x12fc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:23:16.0369 0x12fc MSPQM - ok
11:23:16.0405 0x12fc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:23:16.0417 0x12fc MsRPC - ok
11:23:16.0477 0x12fc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:23:16.0480 0x12fc mssmbios - ok
11:23:16.0503 0x12fc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:23:16.0507 0x12fc MSTEE - ok
11:23:16.0539 0x12fc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:23:16.0541 0x12fc MTConfig - ok
11:23:16.0586 0x12fc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
11:23:16.0590 0x12fc Mup - ok
11:23:16.0642 0x12fc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
11:23:16.0676 0x12fc napagent - ok
11:23:16.0701 0x12fc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:23:16.0711 0x12fc NativeWifiP - ok
11:23:16.0800 0x12fc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
11:23:16.0870 0x12fc NDIS - ok
11:23:16.0897 0x12fc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:23:16.0900 0x12fc NdisCap - ok
11:23:16.0949 0x12fc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:16.0953 0x12fc NdisTapi - ok
11:23:17.0048 0x12fc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:17.0056 0x12fc Ndisuio - ok
11:23:17.0111 0x12fc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:17.0135 0x12fc NdisWan - ok
11:23:17.0199 0x12fc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:23:17.0206 0x12fc NDProxy - ok
11:23:17.0344 0x12fc [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:23:17.0372 0x12fc Nero BackItUp Scheduler 4.0 - ok
11:23:17.0478 0x12fc [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:23:17.0486 0x12fc Net Driver HPZ12 - ok
11:23:17.0542 0x12fc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:23:17.0583 0x12fc NetBIOS - ok
11:23:17.0682 0x12fc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:23:17.0703 0x12fc NetBT - ok
11:23:17.0724 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
11:23:17.0726 0x12fc Netlogon - ok
11:23:17.0780 0x12fc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
11:23:17.0793 0x12fc Netman - ok
11:23:17.0825 0x12fc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
11:23:17.0843 0x12fc netprofm - ok
11:23:17.0874 0x12fc [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:17.0877 0x12fc NetTcpPortSharing - ok
11:23:17.0927 0x12fc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:23:17.0938 0x12fc nfrd960 - ok
11:23:17.0985 0x12fc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:23:18.0010 0x12fc NlaSvc - ok
11:23:18.0052 0x12fc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:23:18.0056 0x12fc Npfs - ok
11:23:18.0093 0x12fc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
11:23:18.0100 0x12fc nsi - ok
11:23:18.0135 0x12fc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:23:18.0136 0x12fc nsiproxy - ok
11:23:18.0275 0x12fc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:23:18.0375 0x12fc Ntfs - ok
11:23:18.0474 0x12fc [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
11:23:18.0491 0x12fc NTI IScheduleSvc - ok
11:23:18.0613 0x12fc [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B

chayes001

2013-11-27, 18:32

Here's the last half:

11:23:18.0618 0x12fc NTIDrvr - ok
11:23:18.0640 0x12fc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
11:23:18.0644 0x12fc Null - ok
11:23:18.0694 0x12fc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:23:18.0710 0x12fc nvraid - ok
11:23:18.0777 0x12fc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:23:18.0793 0x12fc nvstor - ok
11:23:18.0807 0x12fc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:23:18.0814 0x12fc nv_agp - ok
11:23:18.0864 0x12fc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:23:18.0872 0x12fc ohci1394 - ok
11:23:18.0936 0x12fc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:18.0947 0x12fc ose - ok
11:23:19.0197 0x12fc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:23:19.0305 0x12fc osppsvc - ok
11:23:19.0352 0x12fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:23:19.0363 0x12fc p2pimsvc - ok
11:23:19.0400 0x12fc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
11:23:19.0423 0x12fc p2psvc - ok
11:23:19.0462 0x12fc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:23:19.0466 0x12fc Parport - ok
11:23:19.0495 0x12fc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:23:19.0500 0x12fc partmgr - ok
11:23:19.0544 0x12fc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
11:23:19.0561 0x12fc PcaSvc - ok
11:23:19.0648 0x12fc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
11:23:19.0662 0x12fc pci - ok
11:23:19.0698 0x12fc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
11:23:19.0700 0x12fc pciide - ok
11:23:19.0754 0x12fc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:23:19.0771 0x12fc pcmcia - ok
11:23:19.0800 0x12fc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
11:23:19.0804 0x12fc pcw - ok
11:23:19.0848 0x12fc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:23:19.0882 0x12fc PEAUTH - ok
11:23:19.0988 0x12fc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:23:19.0993 0x12fc PerfHost - ok
11:23:20.0105 0x12fc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
11:23:20.0166 0x12fc pla - ok
11:23:20.0232 0x12fc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:23:20.0251 0x12fc PlugPlay - ok
11:23:20.0304 0x12fc [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:23:20.0312 0x12fc Pml Driver HPZ12 - ok
11:23:20.0343 0x12fc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:23:20.0347 0x12fc PNRPAutoReg - ok
11:23:20.0378 0x12fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:23:20.0388 0x12fc PNRPsvc - ok
11:23:20.0428 0x12fc [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:23:20.0432 0x12fc Point64 - ok
11:23:20.0517 0x12fc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:23:20.0562 0x12fc PolicyAgent - ok
11:23:20.0606 0x12fc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
11:23:20.0613 0x12fc Power - ok
11:23:20.0678 0x12fc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:23:20.0691 0x12fc PptpMiniport - ok
11:23:20.0741 0x12fc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:23:20.0749 0x12fc Processor - ok
11:23:20.0811 0x12fc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
11:23:20.0833 0x12fc ProfSvc - ok
11:23:20.0857 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:23:20.0859 0x12fc ProtectedStorage - ok
11:23:20.0912 0x12fc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:23:20.0918 0x12fc Psched - ok
11:23:21.0047 0x12fc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:23:21.0161 0x12fc ql2300 - ok
11:23:21.0191 0x12fc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:23:21.0196 0x12fc ql40xx - ok
11:23:21.0245 0x12fc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
11:23:21.0253 0x12fc QWAVE - ok
11:23:21.0274 0x12fc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:23:21.0278 0x12fc QWAVEdrv - ok
11:23:21.0324 0x12fc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:23:21.0328 0x12fc RasAcd - ok
11:23:21.0403 0x12fc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:23:21.0411 0x12fc RasAgileVpn - ok
11:23:21.0451 0x12fc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
11:23:21.0457 0x12fc RasAuto - ok
11:23:21.0528 0x12fc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:23:21.0584 0x12fc Rasl2tp - ok
11:23:21.0643 0x12fc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
11:23:21.0662 0x12fc RasMan - ok
11:23:21.0691 0x12fc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:23:21.0696 0x12fc RasPppoe - ok
11:23:21.0716 0x12fc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:23:21.0732 0x12fc RasSstp - ok
11:23:21.0820 0x12fc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:23:21.0847 0x12fc rdbss - ok
11:23:21.0873 0x12fc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:23:21.0880 0x12fc rdpbus - ok
11:23:21.0894 0x12fc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:23:21.0896 0x12fc RDPCDD - ok
11:23:21.0919 0x12fc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:23:21.0948 0x12fc RDPENCDD - ok
11:23:21.0983 0x12fc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:23:22.0013 0x12fc RDPREFMP - ok
11:23:22.0115 0x12fc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:23:22.0122 0x12fc RdpVideoMiniport - ok
11:23:22.0160 0x12fc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:23:22.0192 0x12fc RDPWD - ok
11:23:22.0271 0x12fc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:23:22.0300 0x12fc rdyboost - ok
11:23:22.0373 0x12fc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:23:22.0384 0x12fc RemoteAccess - ok
11:23:22.0430 0x12fc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:23:22.0439 0x12fc RemoteRegistry - ok
11:23:22.0462 0x12fc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:23:22.0466 0x12fc RpcEptMapper - ok
11:23:22.0494 0x12fc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
11:23:22.0496 0x12fc RpcLocator - ok
11:23:22.0568 0x12fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
11:23:22.0584 0x12fc RpcSs - ok
11:23:22.0612 0x12fc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:23:22.0630 0x12fc rspndr - ok
11:23:22.0688 0x12fc [ 3CEEE53BBF8BA284FF44585CEC0162FE, 5725A47BE8B7A9116983895FCB82CB2808B7B9C57BC285F3DFD7352E72DBC1FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:23:22.0712 0x12fc RSUSBSTOR - ok
11:23:22.0750 0x12fc [ 4E821C740A675F6D040BE41D59A62B1D, F09A0247DD21580AEE268FB88371D581B6383FC354B5FBBD147E5338BF7681A4 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:23:22.0772 0x12fc RTHDMIAzAudService - ok
11:23:22.0790 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
11:23:22.0792 0x12fc SamSs - ok
11:23:22.0843 0x12fc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:23:22.0890 0x12fc sbp2port - ok
11:23:22.0926 0x12fc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:23:22.0936 0x12fc SCardSvr - ok
11:23:22.0975 0x12fc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:23:22.0978 0x12fc scfilter - ok
11:23:23.0090 0x12fc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
11:23:23.0169 0x12fc Schedule - ok
11:23:23.0213 0x12fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:23:23.0215 0x12fc SCPolicySvc - ok
11:23:23.0272 0x12fc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:23:23.0295 0x12fc SDRSVC - ok
11:23:23.0611 0x12fc [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
11:23:23.0704 0x12fc SDScannerService - ok
11:23:23.0916 0x12fc [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:23:23.0973 0x12fc SDUpdateService - ok
11:23:24.0007 0x12fc [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:23:24.0012 0x12fc SDWSCService - ok
11:23:24.0041 0x12fc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:23:24.0043 0x12fc secdrv - ok
11:23:24.0082 0x12fc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
11:23:24.0084 0x12fc seclogon - ok
11:23:24.0119 0x12fc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
11:23:24.0126 0x12fc SENS - ok
11:23:24.0151 0x12fc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:23:24.0154 0x12fc SensrSvc - ok
11:23:24.0179 0x12fc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:23:24.0204 0x12fc Serenum - ok
11:23:24.0241 0x12fc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:23:24.0268 0x12fc Serial - ok
11:23:24.0310 0x12fc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:23:24.0315 0x12fc sermouse - ok
11:23:24.0377 0x12fc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
11:23:24.0383 0x12fc SessionEnv - ok
11:23:24.0434 0x12fc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:23:24.0438 0x12fc sffdisk - ok
11:23:24.0455 0x12fc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:23:24.0471 0x12fc sffp_mmc - ok
11:23:24.0493 0x12fc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:23:24.0514 0x12fc sffp_sd - ok
11:23:24.0551 0x12fc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:23:24.0581 0x12fc sfloppy - ok
11:23:24.0677 0x12fc [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:23:24.0775 0x12fc Sftfs - ok
11:23:24.0870 0x12fc [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:23:24.0890 0x12fc sftlist - ok
11:23:24.0956 0x12fc [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:23:25.0024 0x12fc Sftplay - ok
11:23:25.0067 0x12fc [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:23:25.0073 0x12fc Sftredir - ok
11:23:25.0092 0x12fc [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:23:25.0104 0x12fc Sftvol - ok
11:23:25.0135 0x12fc [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:23:25.0143 0x12fc sftvsa - ok
11:23:25.0248 0x12fc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:23:25.0278 0x12fc SharedAccess - ok
11:23:25.0352 0x12fc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:23:25.0374 0x12fc ShellHWDetection - ok
11:23:25.0421 0x12fc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:23:25.0427 0x12fc SiSRaid2 - ok
11:23:25.0484 0x12fc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:23:25.0520 0x12fc SiSRaid4 - ok
11:23:25.0585 0x12fc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:23:25.0635 0x12fc Smb - ok
11:23:25.0688 0x12fc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:23:25.0691 0x12fc SNMPTRAP - ok
11:23:25.0705 0x12fc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
11:23:25.0707 0x12fc spldr - ok
11:23:25.0757 0x12fc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
11:23:25.0783 0x12fc Spooler - ok
11:23:25.0996 0x12fc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
11:23:26.0083 0x12fc sppsvc - ok
11:23:26.0183 0x12fc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:23:26.0193 0x12fc sppuinotify - ok
11:23:26.0326 0x12fc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:23:26.0394 0x12fc srv - ok
11:23:26.0476 0x12fc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:23:26.0547 0x12fc srv2 - ok
11:23:26.0579 0x12fc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:23:26.0606 0x12fc srvnet - ok
11:23:26.0678 0x12fc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:23:26.0686 0x12fc SSDPSRV - ok
11:23:26.0707 0x12fc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:23:26.0713 0x12fc SstpSvc - ok
11:23:26.0751 0x12fc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:23:26.0777 0x12fc stexstor - ok
11:23:26.0868 0x12fc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
11:23:26.0899 0x12fc stisvc - ok
11:23:26.0944 0x12fc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
11:23:26.0967 0x12fc swenum - ok
11:23:27.0047 0x12fc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
11:23:27.0091 0x12fc swprv - ok
11:23:27.0211 0x12fc [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:23:27.0289 0x12fc SynTP - ok
11:23:27.0422 0x12fc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
11:23:27.0491 0x12fc SysMain - ok
11:23:27.0535 0x12fc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:23:27.0568 0x12fc TabletInputService - ok
11:23:27.0633 0x12fc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
11:23:27.0656 0x12fc TapiSrv - ok
11:23:27.0693 0x12fc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
11:23:27.0698 0x12fc TBS - ok
11:23:27.0826 0x12fc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:23:27.0905 0x12fc Tcpip - ok
11:23:27.0990 0x12fc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:23:28.0032 0x12fc TCPIP6 - ok
11:23:28.0122 0x12fc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:23:28.0129 0x12fc tcpipreg - ok
11:23:28.0197 0x12fc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:23:28.0241 0x12fc TDPIPE - ok
11:23:28.0288 0x12fc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:23:28.0296 0x12fc TDTCP - ok
11:23:28.0358 0x12fc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:23:28.0384 0x12fc tdx - ok
11:23:28.0432 0x12fc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
11:23:28.0464 0x12fc TermDD - ok
11:23:28.0577 0x12fc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
11:23:28.0617 0x12fc TermService - ok
11:23:28.0649 0x12fc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
11:23:28.0653 0x12fc Themes - ok
11:23:28.0668 0x12fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
11:23:28.0675 0x12fc THREADORDER - ok
11:23:28.0701 0x12fc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
11:23:28.0706 0x12fc TrkWks - ok
11:23:28.0772 0x12fc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:23:28.0785 0x12fc TrustedInstaller - ok
11:23:28.0846 0x12fc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:23:28.0852 0x12fc tssecsrv - ok
11:23:28.0957 0x12fc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:23:28.0984 0x12fc TsUsbFlt - ok
11:23:29.0039 0x12fc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:23:29.0062 0x12fc tunnel - ok
11:23:29.0108 0x12fc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:23:29.0116 0x12fc uagp35 - ok
11:23:29.0164 0x12fc [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
11:23:29.0187 0x12fc UBHelper - ok
11:23:29.0277 0x12fc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:23:29.0315 0x12fc udfs - ok
11:23:29.0362 0x12fc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:23:29.0365 0x12fc UI0Detect - ok
11:23:29.0380 0x12fc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:23:29.0416 0x12fc uliagpkx - ok
11:23:29.0486 0x12fc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
11:23:29.0514 0x12fc umbus - ok
11:23:29.0564 0x12fc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:23:29.0610 0x12fc UmPass - ok
11:23:29.0714 0x12fc [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
11:23:29.0731 0x12fc Updater Service - ok
11:23:29.0801 0x12fc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
11:23:29.0826 0x12fc upnphost - ok
11:23:29.0887 0x12fc [ 5FCC71487888589A9244AF54CFEFAB29, 26ABD7B15B92231CB3090E888B15673964DC50BEDF65583A3FEA74DD315D5088 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
11:23:29.0914 0x12fc usbbus - ok
11:23:30.0002 0x12fc [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:23:30.0036 0x12fc usbccgp - ok
11:23:30.0082 0x12fc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:23:30.0116 0x12fc usbcir - ok
11:23:30.0159 0x12fc [ 3FB6E423F7567C92C32EA786F5FD0C69, E9914DCCC0898497B4300D3D5ED424670551A4C8CB8F4DBF860BB86DBFCEF71A ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
11:23:30.0176 0x12fc UsbDiag - ok
11:23:30.0250 0x12fc [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:23:30.0267 0x12fc usbehci - ok
11:23:30.0333 0x12fc [ 2C780746DC44A28FE67004DC58173F05, 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:23:30.0339 0x12fc usbfilter - ok
11:23:30.0417 0x12fc [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:23:30.0483 0x12fc usbhub - ok
11:23:30.0524 0x12fc [ 78D551F5B93488B4666F5FC8DD4815F3, 04036C917AB2F5ADD556C29BDD767859D48812EAC6081EC6EF510AF2167BE967 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
11:23:30.0545 0x12fc USBModem - ok
11:23:30.0621 0x12fc [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:23:30.0643 0x12fc usbohci - ok
11:23:30.0698 0x12fc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:23:30.0714 0x12fc usbprint - ok
11:23:30.0770 0x12fc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
11:23:30.0787 0x12fc usbscan - ok
11:23:30.0824 0x12fc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:23:30.0861 0x12fc USBSTOR - ok
11:23:30.0901 0x12fc [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:23:30.0927 0x12fc usbuhci - ok
11:23:30.0983 0x12fc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:23:31.0027 0x12fc usbvideo - ok
11:23:31.0088 0x12fc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
11:23:31.0093 0x12fc UxSms - ok
11:23:31.0124 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
11:23:31.0129 0x12fc VaultSvc - ok
11:23:31.0159 0x12fc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:23:31.0186 0x12fc vdrvroot - ok
11:23:31.0269 0x12fc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
11:23:31.0297 0x12fc vds - ok
11:23:31.0333 0x12fc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:23:31.0356 0x12fc vga - ok
11:23:31.0391 0x12fc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:23:31.0407 0x12fc VgaSave - ok
11:23:31.0470 0x12fc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:23:31.0511 0x12fc vhdmp - ok
11:23:31.0580 0x12fc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
11:23:31.0595 0x12fc viaide - ok
11:23:31.0674 0x12fc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:23:31.0703 0x12fc volmgr - ok
11:23:31.0774 0x12fc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:23:31.0836 0x12fc volmgrx - ok
11:23:31.0887 0x12fc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:23:31.0929 0x12fc volsnap - ok
11:23:31.0970 0x12fc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:23:31.0987 0x12fc vsmraid - ok
11:23:32.0110 0x12fc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
11:23:32.0216 0x12fc VSS - ok
11:23:32.0235 0x12fc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:23:32.0254 0x12fc vwifibus - ok
11:23:32.0322 0x12fc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:23:32.0349 0x12fc vwififlt - ok
11:23:32.0392 0x12fc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:23:32.0416 0x12fc vwifimp - ok
11:23:32.0471 0x12fc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
11:23:32.0490 0x12fc W32Time - ok
11:23:32.0535 0x12fc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:23:32.0557 0x12fc WacomPen - ok
11:23:32.0616 0x12fc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:23:32.0627 0x12fc WANARP - ok
11:23:32.0647 0x12fc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:23:32.0652 0x12fc Wanarpv6 - ok
11:23:32.0845 0x12fc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:23:32.0901 0x12fc WatAdminSvc - ok
11:23:32.0994 0x12fc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
11:23:33.0063 0x12fc wbengine - ok
11:23:33.0113 0x12fc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:23:33.0136 0x12fc WbioSrvc - ok
11:23:33.0195 0x12fc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:23:33.0229 0x12fc wcncsvc - ok
11:23:33.0254 0x12fc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:23:33.0259 0x12fc WcsPlugInService - ok
11:23:33.0301 0x12fc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:23:33.0304 0x12fc Wd - ok
11:23:33.0407 0x12fc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:23:33.0510 0x12fc Wdf01000 - ok
11:23:33.0604 0x12fc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:23:33.0615 0x12fc WdiServiceHost - ok
11:23:33.0638 0x12fc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:23:33.0646 0x12fc WdiSystemHost - ok
11:23:33.0691 0x12fc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
11:23:33.0702 0x12fc WebClient - ok
11:23:33.0732 0x12fc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:23:33.0742 0x12fc Wecsvc - ok
11:23:33.0766 0x12fc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:23:33.0772 0x12fc wercplsupport - ok
11:23:33.0794 0x12fc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
11:23:33.0799 0x12fc WerSvc - ok
11:23:33.0830 0x12fc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:23:33.0856 0x12fc WfpLwf - ok
11:23:33.0881 0x12fc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:23:33.0886 0x12fc WIMMount - ok
11:23:33.0927 0x12fc WinDefend - ok
11:23:33.0943 0x12fc WinHttpAutoProxySvc - ok
11:23:34.0056 0x12fc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:23:34.0079 0x12fc Winmgmt - ok
11:23:34.0228 0x12fc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
11:23:34.0312 0x12fc WinRM - ok
11:23:34.0416 0x12fc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:23:34.0420 0x12fc WinUsb - ok
11:23:34.0520 0x12fc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:23:34.0574 0x12fc Wlansvc - ok
11:23:34.0670 0x12fc [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:23:34.0675 0x12fc wlcrasvc - ok
11:23:34.0861 0x12fc [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:23:34.0920 0x12fc wlidsvc - ok
11:23:34.0954 0x12fc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:23:34.0976 0x12fc WmiAcpi - ok
11:23:35.0036 0x12fc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:23:35.0044 0x12fc wmiApSrv - ok
11:23:35.0108 0x12fc WMPNetworkSvc - ok
11:23:35.0147 0x12fc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:23:35.0151 0x12fc WPCSvc - ok
11:23:35.0193 0x12fc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:23:35.0201 0x12fc WPDBusEnum - ok
11:23:35.0253 0x12fc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:23:35.0275 0x12fc ws2ifsl - ok
11:23:35.0314 0x12fc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
11:23:35.0324 0x12fc wscsvc - ok
11:23:35.0350 0x12fc WSearch - ok
11:23:35.0532 0x12fc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
11:23:35.0627 0x12fc wuauserv - ok
11:23:35.0663 0x12fc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:23:35.0668 0x12fc WudfPf - ok
11:23:35.0708 0x12fc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:23:35.0722 0x12fc WUDFRd - ok
11:23:35.0755 0x12fc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:23:35.0760 0x12fc wudfsvc - ok
11:23:35.0805 0x12fc [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:23:35.0824 0x12fc WwanSvc - ok
11:23:35.0890 0x12fc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbgps C:\Windows\system32\DRIVERS\ZTEusbgps.sys
11:23:35.0923 0x12fc ZTEusbgps - ok
11:23:35.0978 0x12fc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
11:23:35.0990 0x12fc ZTEusbmdm6k - ok
11:23:36.0050 0x12fc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
11:23:36.0065 0x12fc ZTEusbnmea - ok
11:23:36.0081 0x12fc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbnmeaext C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
11:23:36.0087 0x12fc ZTEusbnmeaext - ok
11:23:36.0108 0x12fc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
11:23:36.0115 0x12fc ZTEusbser6k - ok
11:23:36.0149 0x12fc ================ Scan global ===============================
11:23:36.0196 0x12fc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:23:36.0274 0x12fc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:23:36.0360 0x12fc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:23:36.0402 0x12fc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:23:36.0488 0x12fc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:23:36.0501 0x12fc [ Global ] - ok
11:23:36.0503 0x12fc ================ Scan MBR ==================================
11:23:36.0522 0x12fc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:23:37.0220 0x12fc \Device\Harddisk0\DR0 - ok
11:23:37.0221 0x12fc ================ Scan VBR ==================================
11:23:37.0227 0x12fc [ 0713B5CC4CACB3E881E4DA0CA9AEF615 ] \Device\Harddisk0\DR0\Partition1
11:23:37.0231 0x12fc \Device\Harddisk0\DR0\Partition1 - ok
11:23:37.0269 0x12fc [ F4833724435FDB6009D91D810E52C575 ] \Device\Harddisk0\DR0\Partition2
11:23:37.0273 0x12fc \Device\Harddisk0\DR0\Partition2 - ok
11:23:37.0275 0x12fc Waiting for KSN requests completion. In queue: 71
11:23:38.0275 0x12fc Waiting for KSN requests completion. In queue: 71
11:23:39.0275 0x12fc Waiting for KSN requests completion. In queue: 71
11:23:40.0275 0x12fc Waiting for KSN requests completion. In queue: 71
11:23:41.0870 0x12fc AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ( 5.12.59641.2599 ), 0x61000 ( enabled : updated )
11:23:41.0874 0x12fc FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ( 5.12.59641.2599 ), 0x61010 ( enabled )
11:23:45.0604 0x12fc ============================================================
11:23:45.0604 0x12fc Scan finished
11:23:45.0604 0x12fc ============================================================
11:23:45.0628 0x135c Detected object count: 0
11:23:45.0629 0x135c Actual detected object count: 0
11:24:20.0032 0x1634 Deinitialize success

ken545

2013-11-27, 19:07

I want to make sure this file is legit and not a virus, you need to download the 64 Bit version of this program

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
csrss.exe

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

chayes001

2013-11-27, 19:26

System look log:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:16 on 27/11/2013 by Dee
Administrator - Elevation successful

========== filefind ==========

Searching for "csrss.exe"
C:\Windows\System32\csrss.exe --a---- 7680 bytes [23:19 13/07/2009] [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe --a---- 7680 bytes [23:19 13/07/2009] [01:39 14/07/2009] 60C2862B4BF0FD9F582EF344C2B1EC72

-= EOF =

ken545

2013-11-27, 19:53

Both those locations for that file are fine, not a virus.

One last program to run, lets see what it finds if anything

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

chayes001

2013-11-27, 20:41

Here's the Combofix log:

ComboFix 13-11-27.01 - Dee 11/27/2013 13:12:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2289 [GMT -6:00]
Running from: c:\users\Dee\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-27 to 2013-11-27 )))))))))))))))))))))))))))))))
.
.
2013-11-27 19:19 . 2013-11-27 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-27 14:44 . 2012-11-07 23:37 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2013-11-26 00:05 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2013-11-26 00:05 . 2013-11-26 01:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-11-14 22:30 . 2013-11-14 22:30 -------- d-----w- c:\program files (x86)\ESET
2013-11-14 14:53 . 2013-11-14 14:54 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-11-14 14:50 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-14 14:50 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-11-14 14:13 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2013-11-14 14:13 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2013-11-14 00:15 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 00:14 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 00:14 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-01 20:53 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-01 20:53 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-01 20:53 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-01 20:53 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-01 20:53 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-01 20:53 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-01 20:53 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 12:59 . 2010-11-18 15:36 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 23:53 . 2012-11-04 04:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 23:53 . 2012-02-25 03:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-17 05:55 . 2013-09-17 05:55 0 ----a-w- c:\windows\SysWow64\sho7C98.tmp
2013-09-08 02:30 . 2013-10-11 01:04 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 01:04 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 01:04 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-03-11 1541472]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Walgreens PictureMover.lnk - c:\program files (x86)\Walgreens PictureMover\Bin\PictureMover.exe -s [2010-5-4 1024056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02029286
*NewlyCreated* - 43225028
*NewlyCreated* - 61910329
*NewlyCreated* - 94145691
*Deregistered* - 02029286
*Deregistered* - 43225028
*Deregistered* - 61910329
*Deregistered* - 94145691
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-28 00:14 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 23:53]
.
2013-11-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-11-26 16:57]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 15:20]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 15:20]
.
2013-11-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-11-26 16:49]
.
2013-11-26 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-11-26 16:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.55.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify- GbPluginBb - c:\program files (x86)\GbPlugin\gbieh.dll
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-27 13:22:56
ComboFix-quarantined-files.txt 2013-11-27 19:22
.
Pre-Run: 427,059,617,792 bytes free
Post-Run: 426,503,151,616 bytes free
.
- - End Of File - - 0F0C71FF636F88DBF63486724F97DAE1
A36C5E4F47E84449FF07ED3517B43A31

chayes001

2013-11-27, 20:45

I was looking through the log and found this:

------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.55.1 192.168.1.1
.

We have no ties to bancobrasil, why would it be listed as a trusted zone?

chayes001

2013-11-27, 20:50

could whoever hacked into her email account have installed something that would allow them to use her computer as remote storage or another illegal purpose?

ken545

2013-11-27, 21:30

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Again, go into Internet Options in the Control Panel and go to Connections > Lan Settings and if those bank entries are there remove them, then uncheck use a proxy server

chayes001

2013-11-27, 21:41

OTL log:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dee\Desktop\cmd.bat deleted successfully.
C:\Users\Dee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Dee
->Temp folder emptied: 151832 bytes
->Temporary Internet Files folder emptied: 96645870 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 87536746 bytes
->Flash cache emptied: 534 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 285256 bytes
%systemroot%\System32 (64bit) .tmp files removed: 363560 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 877349 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11272013_143301

Files\Folders moved on Reboot...
C:\Users\Dee\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\SysWow64\upd82.tmp not found!
File\Folder C:\Windows\SysNative\upd83.tmp not found!
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545

2013-11-27, 22:28

Now that the proxy has been removed, give IE another shot. Where you able to remove those bank entries ?

chayes001

2013-11-27, 23:00

IE still doesn't work. I didn't know about removing those entries but I'll see if I can. What next?

chayes001

2013-11-27, 23:02

I also saw registry entries for "flash broker", isn't that a trojan downloader?

ken545

2013-11-27, 23:12

http://www.spywareremove.com/file/flashutil64119900117activexexe-215491/

chayes001

2013-11-27, 23:21

Should I post any log after running SpyHunter? Is there anything else?

ken545

2013-11-27, 23:25

Did SpyHunter find anything ?

chayes001

2013-11-27, 23:32

It hasn't finished updating yet. Can SpyHunter be used in conjunction with Spybot?

ken545

2013-11-27, 23:47

You can have a couple of Spyware programs like SpyHunter and Spybot, but with Anti Virus software just one is recommended.

Run a scan with SpyHunter and let me know if it finds anything

chayes001

2013-11-28, 00:02

SpyHunter is almost done (85%) and has found 252 threats so far. Should I have SpyHunter delete them or would you want to see a log? None of the threats seem to be high level.

ken545

2013-11-28, 00:56

Lets see the log, I am sure there mostly cookies

chayes001

2013-11-28, 01:03

There doesn't seem to be a log and I can't highlight and copy. Many of them are indeed cookies but there are several Iminent and DefaultTab entries.

ken545

2013-11-28, 01:20

Did it remove all it found. I dont think I would be concerned

chayes001

2013-11-28, 01:39

It finds them but you have to purchase it to clean so they're still on there. Is there anything else that we can do. I realize that it's Thanksgiving eve so why don't you spend time with your family and we can pick this up again Friday. have a Happy Thanksgiving.....

ken545

2013-11-28, 01:54

I really hate programs that scan your system and then they want you to purchase to remove entries, there are better ones like Spybot and Malwarebytes, personally I wouldn't waste my time with SpyHunter

I will be taking off in the am around 10 or so and will be gone most of the day. Happy Thanksgiving to you and your family as well

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

chayes001

2013-11-28, 03:53

Hey Ken, ESET was a bit over half way when I got the "blue screen of death" and but would not come back in normal mode. I've restarted in safe mode to update you so I'm shutting down now and will check tomorrow evening or Friday to see if you're back and have any suggestions. While in safe mode I don't get any of the "Windows has encountered a hard disk problem" error messages. This is starting to make me nuts!!!

ken545

2013-11-28, 12:05

Good Morning and Happy Thanksgiving,

According to the logs you have Internet Explorer 9 installed, why don't use download and install version 10, its compatible with Windows 7 and see if that helps
http://windows.microsoft.com/en-us/internet-explorer/ie-10-worldwide-languages

When you run your computer in safemode, it loads just the basic drivers for windows to run. A driver is a file that runs something , be it your mouse and keyboard for example, your system has a lot of driver files and it looks like the one that is causing problems didn't load so no error message. Sometimes this can be challenging to figure out which one but when the one is found and its updated the error usually goes away. There are other ways around this, like re-installing windows, or doing a system repair that re-installs windows on top of the current version, depending on your manufacturer some have the option to restore your system back to the day you received it. But also all this can be fruitless if the problem your having is hardware related, failing hard drive, bad memory module, something going haywire on the mother board.

I think what you may need to do is post in a windows forum that we work closely with, use your same user name that your using here. Like Safer Networking its free but you will have to register.
http://www.whatthetech.com/

Once you register post in there windows forum, you can link them to this thread so they can see what we have done so far and you can also let them know that I suggested you post here. Start a new thread and explain the problem and let them help you sort it out
http://forums.whatthetech.com/index.php?showforum=119

Good Luck,
Ken :)