W3i.IQ5.fraud and others.

chayes001 · Nov 18, 2013

My wifes laptop has been having trouble lately. She would continually get a popup notification from Win 7 Home Premium that stated that a hard disk error was noticed and that a backup should be performed. I copied her files to my external hard drive then did a scan with Spybot, Spyware Blaster, and Comodo Antivirus. I found W3i.IQ5.fraud. Comodo was supposed to have taken care of it but the disk error message still appeared. I did numerous chkdsk c: /r /x but no bad sectors were found. She cannot access Internet Explorer, the screen just flashes then returns to the desktop. I found a reference to W3i.IQ5.fraud on a Microsoft support site and followed their directions for manual removal. I didn't find any entries in regedit that were listed. I then went to Kaspersky's website and performed an online scan, the following were found:

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Dee\Downloads\ArcadeFrontierGames (1).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Dee\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Dee\Downloads\Firefox_Setup_17.0.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined

That was a few days ago. Tonight her computer rebooted itself and presented the following error messages:
PXE-E61: Media test failure
PXE-M0F: Exiting Broadcom

I tried to repair her operating system by booting from a Win 7 cd. One of the screens showed her hard disk as "Boot :X" instead of "Gateway :C".
I'm able to get into Safe mode and the correct drive designation is listed. Can you assist me in cleaning her system up?

ken545 · Nov 26, 2013

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR

Download DDS from one of the links below to your desktop

Link 1
Link 2

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

Information on A/V control Here

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

chayes001 · Nov 26, 2013

Thanks for help Ken. DDS only generated one report and that is attached as well as "aswMBR". I ran DDS twice but it still ran only one report.

ken545 · Nov 26, 2013

I really need to see the main DDS report, not the attached

Lets try this one instead

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

chayes001 · Nov 26, 2013

Alright Ken, the scan took almost 25 minutes. Here is the first document:

OTL logfile created on: 11/26/2013 1:02:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 62.60% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 399.71 Gb Free Space | 88.30% Space Free | Partition Type: NTFS
Drive E: | 120.73 Mb Total Space | 57.99 Mb Free Space | 48.04% Space Free | Partition Type: FAT

Computer Name: DEE-PC | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\GbPlugin\gbpsv.exe ( )
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Walgreens PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Users\Dee\AppData\Roaming\PictureMover\Bin\Core.dll ()
MOD - C:\Users\Dee\AppData\Roaming\PictureMover\WG-EN-US\Presentation.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GbpSv) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe ( )
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmeaext) -- C:\Windows\SysNative\drivers\ZTEusbnmeaext.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbgps) -- C:\Windows\SysNative\drivers\ZTEusbgps.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (GbpKm) -- C:\Windows\SysWOW64\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1122988514-126629761-105748036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 12:50:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 12:50:31 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Gmail = C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/25 18:27:18 | 000,450,619 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1122988514-126629761-105748036-1001..\Run: [Best Buy pc app] C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-1122988514-126629761-105748036-1001\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.55.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B291C53-C65A-495D-BDD7-DBB57B6C6ACB}: DhcpNameServer = 192.168.55.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f032d5e-86ec-11e0-9bf2-4c0f6e3d6690}\Shell - "" = AutoRun
O33 - MountPoints2\{2f032d5e-86ec-11e0-9bf2-4c0f6e3d6690}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{2f032d66-86ec-11e0-9bf2-4c0f6e3d6690}\Shell - "" = AutoRun
O33 - MountPoints2\{2f032d66-86ec-11e0-9bf2-4c0f6e3d6690}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{a59f437e-8ddb-11e2-81c6-88ae1d605766}\Shell - "" = AutoRun
O33 - MountPoints2\{a59f437e-8ddb-11e2-81c6-88ae1d605766}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 13:00:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2013/11/26 12:28:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dee\Desktop\aswMBR.exe
[2013/11/26 12:28:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dee\Desktop\dds.com
[2013/11/25 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Dee\Documents\ProcAlyzer Dumps
[2013/11/25 18:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/11/25 18:05:11 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/11/25 18:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/11/14 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/11/14 08:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/11/14 08:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/11/14 08:50:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/11/14 08:49:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/11/14 08:49:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/11/14 08:49:41 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/11/14 08:49:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/11/14 08:49:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/11/14 08:49:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/11/14 08:49:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/11/14 08:49:27 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/11/14 08:49:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/11/14 08:49:27 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/11/14 08:49:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/11/14 08:49:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/11/14 08:49:27 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/11/14 08:49:26 | 005,698,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/11/14 08:49:25 | 006,578,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/11/14 08:49:25 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2013/11/14 08:49:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2013/11/14 08:13:15 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2013/11/14 08:13:12 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2013/11/14 07:16:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/14 07:16:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/14 07:16:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/14 07:16:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/14 07:16:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/14 07:16:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/14 07:16:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/14 07:16:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/14 07:16:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/14 07:16:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/14 07:16:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/14 07:16:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/14 07:16:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/14 07:16:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/14 07:16:33 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 18:15:47 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 18:15:24 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 18:15:23 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 18:15:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 18:15:23 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 18:15:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 18:15:09 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 18:15:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 18:15:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 18:15:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 18:15:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 18:14:51 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/01 14:53:09 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/01 14:53:09 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/27 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\{775971D8-287A-4AAE-94DD-DAA3743BA909}
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/26 13:00:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2013/11/26 12:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 12:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 12:40:41 | 000,000,512 | ---- | M] () -- C:\Users\Dee\Desktop\MBR.dat
[2013/11/26 12:35:07 | 000,003,669 | ---- | M] () -- C:\Users\Dee\Desktop\attach.zip
[2013/11/26 12:29:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dee\Desktop\aswMBR.exe
[2013/11/26 12:28:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dee\Desktop\dds.com
[2013/11/26 12:23:28 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 12:23:28 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/26 12:23:28 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/26 12:22:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 12:22:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 12:18:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 12:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 12:16:12 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 18:27:18 | 000,450,619 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/25 18:05:22 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/25 18:05:14 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/14 14:42:32 | 000,000,494 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/14 08:56:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/26 12:40:41 | 000,000,512 | ---- | C] () -- C:\Users\Dee\Desktop\MBR.dat
[2013/11/26 12:35:07 | 000,003,669 | ---- | C] () -- C:\Users\Dee\Desktop\attach.zip
[2013/11/25 18:05:22 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/25 18:05:22 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/25 18:05:14 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/25 18:05:14 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/14 08:56:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/10/31 09:36:17 | 000,000,494 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/19 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Artogon
[2013/11/14 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\DefaultTab
[2010/11/18 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Packard Bell
[2012/09/13 10:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PictureMover
[2011/05/25 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Smith Micro
[2011/12/23 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SNS
[2013/03/13 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SoftGrid Client
[2011/01/02 15:52:07 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\TP
[2011/02/20 12:52:38 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Windows Live Writer
[2013/11/09 07:45:24 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

chayes001 · Nov 26, 2013

Here's the "Extras.txt".

OTL Extras logfile created on: 11/26/2013 1:02:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 62.60% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 399.71 Gb Free Space | 88.30% Space Free | Partition Type: NTFS
Drive E: | 120.73 Mb Total Space | 57.99 Mb Free Space | 48.04% Space Free | Partition Type: FAT

Computer Name: DEE-PC | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1915AE94-735C-42F9-B113-0DAEC9C32946}" = lport=139 | protocol=6 | dir=in | app=system |
"{19F12838-541D-4D07-A539-A48F681ED47D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3317CD7E-22FD-47DD-8A2B-9BF048412CA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{364D6C94-0D00-4C47-AEF6-65E286A1D470}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BB96553-F977-4810-8A6D-0B71EBF8CFFB}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D063A15-19B6-40F2-9025-83CB049AEC3B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E2D3E59-3D02-4F02-AE71-FE0C5BB95306}" = rport=138 | protocol=17 | dir=out | app=system |
"{502DB6A2-C41D-4660-B453-7235700E82E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{505FBF38-4175-429D-9881-9ACF92E1A072}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{54A7FAA1-90CE-476A-BFD2-1E0815899EC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63873E09-A259-460F-AAFB-670CFD25DEE8}" = lport=138 | protocol=17 | dir=in | app=system |
"{70E54765-F7B0-4FDC-9E84-0BB956908516}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70EDA895-67B9-4246-8085-DCA5D928824F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{79F8673D-A0E5-4C74-AB85-D78007032366}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A35C341-91C6-47F7-BD27-0DFF0FF3CCDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D1B7F4-1985-4CF5-83BF-62D5466F0424}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{847CD954-94AC-4948-9B1B-5B8FA850E15D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A79E5B48-484C-49DE-B550-5006961015CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9920069-0943-4EA1-92C0-20D8BF5C7E9C}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB624EF7-8815-42A6-B73C-F67FC22C669B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2389834-1058-44BF-AD0F-3FAA0B87AADD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D37AEB73-CCAA-4B20-A8F4-2890D29571C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E48898E7-5E90-40A0-8162-3E1F5451BE0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EACB6946-216D-4C6A-8D40-B3FD7D8AD792}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECFF830C-236D-40A2-B95B-80C30D6B22A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED552580-767F-44D2-99AA-75B619680C34}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5D64DDD-B015-45B7-9C07-8C6C2E04E3F6}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011DEB73-ED06-4E11-9C0F-EA5C8758ED0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{13505822-DF03-489C-9259-F17B8FF25078}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{1A15818B-A770-4BBC-9F63-DE1010192AF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{28FF3D2F-FF56-43EA-A479-AC38A6485238}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{294C0031-94F7-49B3-93E5-CBE086E02E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{309E20FD-22B9-458C-AD8B-854792378424}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317C8DBB-83AD-4411-97C2-B48D82AFB8EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{32A5EB41-0231-453A-B7BA-204EA7983A8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{338C471F-6941-43DC-9EA8-FBEE75DA2523}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{368631DF-B23A-4973-9CB5-04E8A7C06672}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3B4ED752-D99A-48DE-844C-ECC84C9D1DEA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3B7B5861-8DA3-4BCD-ABF8-14C039F18AAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3E37BF0B-1AB3-4F3F-9B12-EEF87689B311}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44160D17-0AC5-4D5D-AFD4-7271C4CFEF8E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{4D1F3695-4BB0-4C1F-8E4D-64E18750B4C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D54F16A-CF70-4642-BACE-861F92472DE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{557F8CD1-CE0B-4157-9B93-4FE3873A1C2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5E255E86-9CAD-4E9C-8C4C-4CBC730839D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{672F249C-EDE4-4F3C-B068-FB156FD8DA09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D455A91-097D-4C94-8F4A-ED464A772301}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7173EBF9-EE15-4716-92F9-7979E41AB86C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{84D991E1-36C6-43A1-AE66-A83D892FED64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{89E8184C-265C-4B78-A260-97ED6BBCBF9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{9180A193-9C6B-4227-8E1C-1BAAAE7DC320}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{93A3F9DD-A58C-4AB0-8F26-ACFB645D949C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95402F35-54B4-4AD0-AD48-37785B835AA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2D3EF41-F65B-4C49-9405-65EC0A74C366}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{A37804E1-19F3-4BDE-B6BF-3304CE4E5C8F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A40AF240-0682-4551-B4A1-A92969D684C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A909DDDF-7C40-4552-A2A9-4F189B39D721}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AAC9A0D4-CD12-4A04-878C-31E93447D6AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{B1416692-CB28-4C92-9C9E-613BABE0CB7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B2263C56-1B8E-4480-98C9-988D3E91C6F6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B2D6941A-8F16-4E1E-9666-75BAD8C477EC}" = protocol=6 | dir=out | app=system |
"{BB961680-FA61-4041-9323-623C0F08964A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC7CB3FB-7F84-49A8-AFB4-5DFFBF0B17A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{BE26666C-EB35-44BF-BED1-8B894CED4E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF62F8C1-0E0F-406C-9794-1DE35237646B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF66B8C7-C602-4114-B1F7-18091E324315}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C73D3A72-2AE0-42A1-8E16-908980CC1A27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CC7CB653-5977-4AC7-8DA2-A3654E710CC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEBD3848-CA08-45D0-8CA8-C14B86EBA090}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D97EBC2F-EF2E-4BCE-BD26-1D391E47F7D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{E499C927-1E7C-43B5-AA17-D4CDCEC61618}" = protocol=58 | dir=in | app=system |
"{E5B3D519-0E90-47AD-A7D6-060CA0B7F4E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED259565-6BEF-4945-BCAA-8F24786CB374}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EE0B3951-13E8-43EB-9F68-1B3F1364AD10}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F551A8BA-6D86-4007-B657-F01542585F7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FA203E8C-F210-42C7-807B-30746BBEC928}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FE0303B1-9548-4F20-98CD-8F4EE0D4CDF3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{113DE59D-B57A-4075-9D4F-5803DFA69EB7}" = Walgreens PictureMover
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C5BB2C4-54F9-4A17-8845-090C7BEC232C}" = ZTE USB Drivers
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"BFGC" = Big Fish Games: Game Manager
"BFG-Treasure Seekers - The Time Has Come" = Treasure Seekers: The Time Has Come
"ESET Online Scanner" = ESET Online Scanner v3
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SpywareBlaster_is1" = SpywareBlaster 5.0
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1122988514-126629761-105748036-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2013 9:46:59 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 11/14/2013 9:47:09 AM | Computer Name = Dee-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 11/14/2013 9:59:03 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.
%windir%\system32\spp\tokens\ppdlic\networksecurity-ppdlic.xrm-ms

Error - 11/14/2013 9:59:04 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.
%windir%\system32\spp\tokens\ppdlic\networksecurity-ppdlic.xrm-ms

Error - 11/14/2013 10:02:10 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 11/14/2013 10:02:11 AM | Computer Name = Dee-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 11/14/2013 10:04:25 AM | Computer Name = Dee-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 11/14/2013 10:04:55 AM | Computer Name = Dee-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 11/14/2013 10:46:47 AM | Computer Name = Dee-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/14/2013 10:50:15 AM | Computer Name = Dee-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 9/29/2011 4:49:41 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = 3:49:41 PM - Error connecting to the internet. 3:49:41 PM - Unable
to contact server..

Error - 9/29/2011 4:51:13 PM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = 3:50:13 PM - Error connecting to the internet. 3:50:13 PM - Unable
to contact server..

Error - 10/18/2011 9:23:31 AM | Computer Name = Dee-PC | Source = MCUpdate | ID = 0
Description = 8:23:23 AM - Error connecting to the internet. 8:23:23 AM - Unable
to contact server..

[ System Events ]
Error - 11/25/2013 9:14:31 PM | Computer Name = Dee-PC | Source = DCOM | ID = 10005
Description =

Error - 11/25/2013 9:17:42 PM | Computer Name = Dee-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 11/25/2013 9:18:14 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 11/25/2013 9:18:14 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 11/25/2013 9:18:45 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 11/25/2013 9:18:45 PM | Computer Name = Dee-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 11/25/2013 9:24:54 PM | Computer Name = Dee-PC | Source = DCOM | ID = 10010
Description =

Error - 11/26/2013 2:10:17 PM | Computer Name = Dee-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:48:19 PM on ?11/?25/?2013 was unexpected.

Error - 11/26/2013 2:10:27 PM | Computer Name = Dee-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 11/26/2013 2:16:20 PM | Computer Name = Dee-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

< End of report >

ken545 · Nov 26, 2013

Lets run a different program, so far not seeing any malware

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

chayes001 · Nov 26, 2013

I've been MalwareBytes for several years and used it before coming to this forum. Attached is the current scan.

ken545 · Nov 26, 2013

If you can, just copy and paste the logs we ask for in lew of attaching them please

So far no malware

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the

button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on
  
  to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the
  
  icon on your desktop.
Check
Click the

button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push

, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the

button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

chayes001 · Nov 27, 2013

I ran ESET and it found no malware. My wife related that some time back her e-mail account was hacked and messages of a sexual nature was sent to everyone in her contact list including her employer. I'm in safe mode as when I try to start Windows normally I get an error message stating that windows could not configure windows update, reverting changes then restarts and does the same process.

ken545 · Nov 27, 2013

Good Morning,

As far as your wife's email, hope she went ahead and changed her password, make it something strong, at least a mixture of 12 numbers and letters

You may have a problem with how your system is configured to boot up, have you gone into the BIOS and changed any settings ?

This may or may not help

Go to Start> Shut off your Computer> Restart
Or if the computer is off press the power button
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good Configuration
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

chayes001 · Nov 27, 2013

Good morning to you Ken. I followed the process you indicated and it really hasn't seem to make a difference. No changes in BIOS have been made or the addition of any programs. On startup I immediately get the message about a hard disk problem and IE is killed as soon as you attempt to open it.

ken545 · Nov 27, 2013

Let me see this report

Download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

chayes001 · Nov 27, 2013

Here is the text:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: NV53A
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 164):
0x03008000 \SystemRoot\system32\ntoskrnl.exe
0x035ED000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C72000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C7F000 \SystemRoot\system32\PSHED.dll
0x00C93000 \SystemRoot\system32\CLFS.SYS
0x00CF1000 \SystemRoot\system32\CI.dll
0x00EEF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FB1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC1000 \SystemRoot\system32\drivers\pciide.sys
0x00FC8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FD8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF2000 \SystemRoot\system32\drivers\atapi.sys
0x00DB1000 \SystemRoot\system32\drivers\ataport.SYS
0x00DDB000 \SystemRoot\system32\drivers\msahci.sys
0x00DE6000 \SystemRoot\system32\drivers\amdxata.sys
0x0100A000 \SystemRoot\system32\drivers\fltmgr.sys
0x01056000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0106A000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010C8000 \SystemRoot\System32\Drivers\cng.sys
0x013DA000 \SystemRoot\System32\drivers\pcw.sys
0x013EB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01480000 \SystemRoot\system32\drivers\ndis.sys
0x01572000 \SystemRoot\system32\drivers\NETIO.SYS
0x015D2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0113A000 \SystemRoot\system32\drivers\volsnap.sys
0x01449000 \SystemRoot\System32\Drivers\spldr.sys
0x01186000 \SystemRoot\System32\drivers\rdyboost.sys
0x01451000 \SystemRoot\System32\Drivers\mup.sys
0x01463000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x0183C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0186C000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x018AC000 \SystemRoot\System32\DRIVERS\cmderd.sys
0x018B4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018DE000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x01920000 \SystemRoot\System32\Drivers\Null.SYS
0x01929000 \SystemRoot\System32\Drivers\Beep.SYS
0x01930000 \SystemRoot\System32\drivers\vga.sys
0x0193E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01963000 \SystemRoot\System32\drivers\watchdog.sys
0x01973000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0197C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01985000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0198E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01999000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019AA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019CC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x019D9000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x03A6D000 \SystemRoot\system32\drivers\afd.sys
0x03AF6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B80000 \SystemRoot\system32\DRIVERS\inspect.sys
0x03B98000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BA7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BC2000 \SystemRoot\system32\drivers\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x03BD6000 \SystemRoot\System32\drivers\discache.sys
0x01800000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BE5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C93000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03CB9000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03CCE000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048E1000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x03D02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F50000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F96000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04800000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04020000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04244000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04251000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04259000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04261000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0426C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042C2000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x042CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042E0000 \SystemRoot\system32\drivers\i8042prt.sys
0x042FE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0430D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0435C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0435E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0436D000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04376000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0437B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0438B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x043A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043C5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043D1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04851000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04872000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0401B000 \SystemRoot\system32\drivers\swenum.sys
0x0488C000 \SystemRoot\system32\drivers\ks.sys
0x048CF000 \SystemRoot\system32\drivers\umbus.sys
0x03C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04FBA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03C5A000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x0564F000 \SystemRoot\system32\drivers\portcls.sys
0x0568C000 \SystemRoot\system32\drivers\drmk.sys
0x056AE000 \SystemRoot\system32\drivers\ksthunk.sys
0x05843000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05A61000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A7E000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05A95000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05A9E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05AAC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05AC5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05AD3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05AE0000 \SystemRoot\system32\DRIVERS\point64.sys
0x05AF1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05B1F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05B2D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05B39000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05B44000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05B57000 \SystemRoot\System32\drivers\Dxapi.sys
0x05B63000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x05B71000 \SystemRoot\system32\drivers\luafv.sys
0x05B94000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05B9F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x056B4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05BB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05BC7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05BDF000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x05707000 \SystemRoot\system32\drivers\HTTP.sys
0x05800000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0581E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x057D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04FCF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05465000 \SystemRoot\system32\drivers\peauth.sys
0x0550B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05516000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x05400000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x01874000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0544E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0808B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x080F4000 \SystemRoot\System32\DRIVERS\srv.sys
0x0818C000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x77120000 \Windows\System32\ntdll.dll
0x480E0000 \Windows\System32\smss.exe
0xFF440000 \Windows\System32\apisetschema.dll

Processes (total 95):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
444 csrss.exe
508 C:\Windows\System32\wininit.exe
544 csrss.exe
580 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
844 C:\PROGRA~2\GbPlugin\gbpsv.exe
888 C:\Windows\System32\svchost.exe
940 C:\Program Files\COMODO\COMODO Internet Security\upd7C.tmp
108 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\atiesrxx.exe
648 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\atieclxx.exe
1444 C:\Windows\System32\spoolsv.exe
1524 C:\Windows\System32\svchost.exe
1628 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1660 C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
1736 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1760 C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
1784 C:\Windows\System32\svchost.exe
1812 C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
1844 C:\Windows\SysWOW64\svchost.exe
1868 C:\Windows\System32\svchost.exe
1904 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
1944 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\DFDWiz.exe
2096 C:\Windows\System32\dwm.exe
2112 C:\Windows\System32\taskhost.exe
2180 C:\Windows\explorer.exe
2208 C:\Windows\System32\taskeng.exe
2272 C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
2284 C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
2504 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2512 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2520 C:\Windows\PLFSetI.exe
2528 C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
2556 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
2592 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2620 C:\Program Files (x86)\Walgreens PictureMover\Bin\PictureMover.exe
2880 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
2972 C:\Program Files (x86)\Launch Manager\LManager.exe
2988 C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
3016 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3052 C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
1064 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1164 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
1836 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
400 C:\Program Files (x86)\Launch Manager\LMworker.exe
3088 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3112 C:\Windows\System32\svchost.exe
3144 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
3200 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3304 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
3324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3460 WmiPrvSE.exe
3596 C:\Windows\System32\wbem\unsecapp.exe
3688 C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
4056 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
4080 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2568 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2912 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1828 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4400 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
4600 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4652 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
4968 C:\Windows\System32\SearchIndexer.exe
5024 C:\Windows\System32\svchost.exe
2608 C:\Windows\System32\svchost.exe
4820 C:\Program Files\Windows Media Player\wmpnetwk.exe
5068 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1996 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3824 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
424 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4288 C:\Windows\System32\svchost.exe
4428 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
5748 dllhost.exe
5376 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5792 C:\Windows\servicing\TrustedInstaller.exe
3536 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\audiodg.exe
4312 C:\Windows\System32\svchost.exe
6084 C:\Windows\System32\SearchProtocolHost.exe
4904 C:\Windows\System32\SearchFilterHost.exe
5900 C:\Users\Dee\Desktop\MBRCheck.exe
2768 C:\Windows\System32\conhost.exe
4980 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD5000BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

ken545 · Nov 27, 2013

Looking at the report I would like to check for a trojan, run this program, do not cure, I just want to see the report first

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
- As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

chayes001 · Nov 27, 2013

I have a question first before I start the scan. When I open TDSSKiller a pop up says that there is an update available and that it should be downloaded before doing the scan. When I click on "update" I just get a flash of a screen attempting to open but the dies. The update must be attempting to access IE as whatever I have kills IE. Should I continue with the scan without the update or is there a way to get the update through another browser such as Google Chrome? Firefox or IE won't work with whatever this is.

ken545 · Nov 27, 2013

Lets try this first

Go to Start > Control Panel > Internet Options and when it opens go to the Advanced Tab. Then click on RESET INTERNET EXPLORER SETTING > RESET. This will take a few seconds , when it done ok your way out. Then try Opening IE and see if it works. If it does than give TDSSkiller another try, if not let me know and we can try something else

chayes001 · Nov 27, 2013

Sorry Ken, that didn't work. IE flashes and dies.....

ken545 · Nov 27, 2013

OK, open up Firefox and go to Tools > Options > Advanced Tab and down on the bottom click on Make FF my default browser, then close it out and use FF and try TDSSKiller again

chayes001 · Nov 27, 2013

Here's the log, it didn't find anything. The log is too large to submit at one time so I'm going to have to split it.

11:22:10.0837 0x0988 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
11:22:17.0875 0x0988 ============================================================
11:22:17.0875 0x0988 Current date / time: 2013/11/27 11:22:17.0875
11:22:17.0875 0x0988 SystemInfo:
11:22:17.0875 0x0988
11:22:17.0875 0x0988 OS Version: 6.1.7601 ServicePack: 1.0
11:22:17.0875 0x0988 Product type: Workstation
11:22:17.0876 0x0988 ComputerName: DEE-PC
11:22:17.0876 0x0988 UserName: Dee
11:22:17.0876 0x0988 Windows directory: C:\Windows
11:22:17.0876 0x0988 System windows directory: C:\Windows
11:22:17.0876 0x0988 Running under WOW64
11:22:17.0876 0x0988 Processor architecture: Intel x64
11:22:17.0877 0x0988 Number of processors: 2
11:22:17.0877 0x0988 Page size: 0x1000
11:22:17.0877 0x0988 Boot type: Normal boot
11:22:17.0877 0x0988 ============================================================
11:22:21.0129 0x0988 KLMD registered as C:\Windows\system32\drivers\32262919.sys
11:22:21.0855 0x0988 System UUID: {56AC6828-E31B-4E54-3A38-581F213B4ECF}
11:22:23.0835 0x0988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:22:23.0840 0x0988 ============================================================
11:22:23.0840 0x0988 \Device\Harddisk0\DR0:
11:22:23.0840 0x0988 MBR partitions:
11:22:23.0840 0x0988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
11:22:23.0840 0x0988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
11:22:23.0840 0x0988 ============================================================
11:22:23.0875 0x0988 C: <-> \Device\Harddisk0\DR0\Partition2
11:22:23.0875 0x0988 ============================================================
11:22:23.0876 0x0988 Initialize success
11:22:23.0876 0x0988 ============================================================
11:22:53.0921 0x12fc ============================================================
11:22:53.0921 0x12fc Scan started
11:22:53.0921 0x12fc Mode: Manual; TDLFS;
11:22:53.0921 0x12fc ============================================================
11:22:53.0921 0x12fc KSN ping started
11:22:57.0916 0x12fc KSN ping finished: true
11:22:59.0259 0x12fc ================ Scan system memory ========================
11:22:59.0259 0x12fc System memory - ok
11:22:59.0260 0x12fc ================ Scan services =============================
11:22:59.0506 0x12fc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:22:59.0566 0x12fc 1394ohci - ok
11:22:59.0710 0x12fc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:22:59.0745 0x12fc ACPI - ok
11:22:59.0782 0x12fc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:22:59.0784 0x12fc AcpiPmi - ok
11:22:59.0943 0x12fc [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:22:59.0948 0x12fc AdobeARMservice - ok
11:23:00.0115 0x12fc [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:00.0132 0x12fc AdobeFlashPlayerUpdateSvc - ok
11:23:00.0222 0x12fc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:23:00.0275 0x12fc adp94xx - ok
11:23:00.0294 0x12fc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:23:00.0317 0x12fc adpahci - ok
11:23:00.0329 0x12fc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:23:00.0337 0x12fc adpu320 - ok
11:23:00.0384 0x12fc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:23:00.0391 0x12fc AeLookupSvc - ok
11:23:00.0565 0x12fc [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
11:23:00.0615 0x12fc AFD - ok
11:23:00.0645 0x12fc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:23:00.0651 0x12fc agp440 - ok
11:23:00.0688 0x12fc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:23:00.0692 0x12fc ALG - ok
11:23:00.0721 0x12fc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:23:00.0727 0x12fc aliide - ok
11:23:00.0879 0x12fc [ FF6F0F6A2D72065AE4300426FA414693, 124FEB2AFA0050D3418FB1E341FC8A5E8EE8D6EDEFE4A192BE948057CE5EB74E ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
11:23:00.0892 0x12fc Amazon Download Agent - ok
11:23:00.0944 0x12fc [ D865F8ABFF031563E860D16A38BD5A35, 9C1A078B75303B4C6BE4FED54867C75B9BA6537FA7A60A0758B7DE8B1FE3BD83 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:23:00.0950 0x12fc AMD External Events Utility - ok
11:23:00.0971 0x12fc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:23:00.0974 0x12fc amdide - ok
11:23:01.0034 0x12fc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:23:01.0045 0x12fc AmdK8 - ok
11:23:01.0439 0x12fc [ 83418F6EE5A81DDDD8E248FCBFC99AF6, FDDF142CFB12F4644C87CA25096869DBBB7579F7CFBBCFC48A455EC1B75C5A52 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
11:23:01.0699 0x12fc amdkmdag - ok
11:23:01.0868 0x12fc [ 7E58B5E1DEAA70BD46997068DF06B4E3, C81D45CCBAAFBEE87D0148E0678A764C632CAA54A33898A3B7F7CB39896E0E2C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:23:01.0884 0x12fc amdkmdap - ok
11:23:01.0926 0x12fc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:23:01.0930 0x12fc AmdPPM - ok
11:23:01.0979 0x12fc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:23:01.0988 0x12fc amdsata - ok
11:23:02.0059 0x12fc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:23:02.0082 0x12fc amdsbs - ok
11:23:02.0108 0x12fc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:23:02.0111 0x12fc amdxata - ok
11:23:02.0147 0x12fc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
11:23:02.0152 0x12fc AppID - ok
11:23:02.0195 0x12fc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:23:02.0198 0x12fc AppIDSvc - ok
11:23:02.0246 0x12fc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
11:23:02.0250 0x12fc Appinfo - ok
11:23:02.0284 0x12fc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:23:02.0290 0x12fc arc - ok
11:23:02.0306 0x12fc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:23:02.0319 0x12fc arcsas - ok
11:23:02.0386 0x12fc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:02.0392 0x12fc AsyncMac - ok
11:23:02.0438 0x12fc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:23:02.0442 0x12fc atapi - ok
11:23:02.0648 0x12fc [ 70260C7C98CC0101316F5B2650C3BB44, 15F5DBDB1251D3F2EF2A0764BC2829A02448B98A0DF9AF316C8466F83BA9241F ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:23:02.0808 0x12fc athr - ok
11:23:02.0892 0x12fc [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:23:02.0896 0x12fc AtiPcie - ok
11:23:02.0991 0x12fc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:23:03.0044 0x12fc AudioEndpointBuilder - ok
11:23:03.0081 0x12fc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:23:03.0098 0x12fc AudioSrv - ok
11:23:03.0131 0x12fc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:23:03.0135 0x12fc AxInstSV - ok
11:23:03.0220 0x12fc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:23:03.0270 0x12fc b06bdrv - ok
11:23:03.0304 0x12fc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:23:03.0315 0x12fc b57nd60a - ok
11:23:03.0378 0x12fc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:23:03.0386 0x12fc BDESVC - ok
11:23:03.0452 0x12fc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:23:03.0456 0x12fc Beep - ok
11:23:03.0535 0x12fc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:23:03.0564 0x12fc BFE - ok
11:23:03.0682 0x12fc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
11:23:03.0734 0x12fc BITS - ok
11:23:03.0762 0x12fc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:23:03.0765 0x12fc blbdrive - ok
11:23:03.0832 0x12fc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:23:03.0843 0x12fc bowser - ok
11:23:03.0886 0x12fc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:23:03.0890 0x12fc BrFiltLo - ok
11:23:03.0921 0x12fc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:23:03.0925 0x12fc BrFiltUp - ok
11:23:03.0982 0x12fc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:23:03.0992 0x12fc Browser - ok
11:23:04.0023 0x12fc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:23:04.0037 0x12fc Brserid - ok
11:23:04.0061 0x12fc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:23:04.0065 0x12fc BrSerWdm - ok
11:23:04.0074 0x12fc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:23:04.0076 0x12fc BrUsbMdm - ok
11:23:04.0102 0x12fc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:23:04.0104 0x12fc BrUsbSer - ok
11:23:04.0129 0x12fc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:23:04.0133 0x12fc BTHMODEM - ok
11:23:04.0181 0x12fc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:23:04.0189 0x12fc bthserv - ok
11:23:04.0229 0x12fc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:23:04.0235 0x12fc cdfs - ok
11:23:04.0274 0x12fc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:23:04.0283 0x12fc cdrom - ok
11:23:04.0326 0x12fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:23:04.0331 0x12fc CertPropSvc - ok
11:23:04.0372 0x12fc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:23:04.0376 0x12fc circlass - ok
11:23:04.0507 0x12fc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
11:23:04.0530 0x12fc CLFS - ok
11:23:04.0618 0x12fc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:04.0624 0x12fc clr_optimization_v2.0.50727_32 - ok
11:23:04.0695 0x12fc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:23:04.0703 0x12fc clr_optimization_v2.0.50727_64 - ok
11:23:04.0769 0x12fc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:23:04.0779 0x12fc clr_optimization_v4.0.30319_32 - ok
11:23:04.0832 0x12fc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:23:04.0842 0x12fc clr_optimization_v4.0.30319_64 - ok
11:23:04.0889 0x12fc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:23:04.0893 0x12fc CmBatt - ok
11:23:05.0173 0x12fc [ 65FB5097D9EE7E3A99E932CFA0E4B344, 42BFD514204CDFD37BDF388DE0BEB5909F24777807A10C0BB2CEF763B9FEC876 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:23:05.0247 0x12fc cmdAgent - ok
11:23:05.0339 0x12fc [ 2D6DC31AA55BFF702519235DEF0DA68E, 4B92D235528E82411E914556A9B11A1487F015051BE37D6335B2C4D64F383385 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
11:23:05.0343 0x12fc cmderd - ok
11:23:05.0505 0x12fc [ 919ACCC22ABDC1C3CA68326C0E5DEAF9, 25AFA22BD3D5A50C7BE9C05ED03079D1CE9042A235738D3DCFEBB1F5A262BC94 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
11:23:05.0564 0x12fc cmdGuard - ok
11:23:05.0619 0x12fc [ F8FECE0F1D44C4A58778083B00EEADAC, 595E961D5D30BE15FA662A41AA995CD7A03D6B79D5A095489FD20B2F4104C4C5 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
11:23:05.0621 0x12fc cmdHlp - ok
11:23:05.0664 0x12fc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:23:05.0668 0x12fc cmdide - ok
11:23:05.0761 0x12fc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
11:23:05.0804 0x12fc CNG - ok
11:23:05.0870 0x12fc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:23:05.0875 0x12fc Compbatt - ok
11:23:05.0936 0x12fc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:23:05.0942 0x12fc CompositeBus - ok
11:23:05.0951 0x12fc COMSysApp - ok
11:23:05.0983 0x12fc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:23:05.0988 0x12fc crcdisk - ok
11:23:06.0047 0x12fc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:23:06.0061 0x12fc CryptSvc - ok
11:23:06.0235 0x12fc [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:23:06.0257 0x12fc cvhsvc - ok
11:23:06.0344 0x12fc [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:23:06.0353 0x12fc dc3d - ok
11:23:06.0409 0x12fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:23:06.0443 0x12fc DcomLaunch - ok
11:23:06.0491 0x12fc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:23:06.0500 0x12fc defragsvc - ok
11:23:06.0563 0x12fc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:23:06.0575 0x12fc DfsC - ok
11:23:06.0640 0x12fc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:23:06.0665 0x12fc Dhcp - ok
11:23:06.0725 0x12fc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:23:06.0731 0x12fc discache - ok
11:23:06.0788 0x12fc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:23:06.0796 0x12fc Disk - ok
11:23:06.0851 0x12fc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:23:06.0866 0x12fc Dnscache - ok
11:23:06.0897 0x12fc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:23:06.0908 0x12fc dot3svc - ok
11:23:06.0981 0x12fc [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:23:06.0994 0x12fc Dot4 - ok
11:23:07.0062 0x12fc [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
11:23:07.0069 0x12fc Dot4Print - ok
11:23:07.0128 0x12fc [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:23:07.0137 0x12fc dot4usb - ok
11:23:07.0188 0x12fc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:23:07.0201 0x12fc DPS - ok
11:23:07.0243 0x12fc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:23:07.0245 0x12fc drmkaud - ok
11:23:07.0380 0x12fc [ 61E894FE1E9CC720C909E6E343351794, 2C8540ED0A2C7028B242289078B4C2D8678D26FB7429AB3B33C136BB47B178C3 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:23:07.0395 0x12fc DsiWMIService - ok
11:23:07.0468 0x12fc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:23:07.0520 0x12fc DXGKrnl - ok
11:23:07.0586 0x12fc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:23:07.0591 0x12fc EapHost - ok
11:23:07.0811 0x12fc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:23:08.0043 0x12fc ebdrv - ok
11:23:08.0136 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
11:23:08.0142 0x12fc EFS - ok
11:23:08.0242 0x12fc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:23:08.0289 0x12fc ehRecvr - ok
11:23:08.0318 0x12fc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:23:08.0322 0x12fc ehSched - ok
11:23:08.0398 0x12fc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:23:08.0448 0x12fc elxstor - ok
11:23:08.0595 0x12fc [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
11:23:08.0616 0x12fc ePowerSvc - ok
11:23:08.0664 0x12fc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:23:08.0668 0x12fc ErrDev - ok
11:23:08.0796 0x12fc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:23:08.0826 0x12fc EventSystem - ok
11:23:08.0869 0x12fc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:23:08.0885 0x12fc exfat - ok
11:23:08.0949 0x12fc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:23:08.0969 0x12fc fastfat - ok
11:23:09.0048 0x12fc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:23:09.0101 0x12fc Fax - ok
11:23:09.0120 0x12fc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:23:09.0123 0x12fc fdc - ok
11:23:09.0157 0x12fc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:23:09.0159 0x12fc fdPHost - ok
11:23:09.0173 0x12fc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:23:09.0179 0x12fc FDResPub - ok
11:23:09.0234 0x12fc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:23:09.0242 0x12fc FileInfo - ok
11:23:09.0265 0x12fc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:23:09.0268 0x12fc Filetrace - ok
11:23:09.0309 0x12fc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:09.0313 0x12fc flpydisk - ok
11:23:09.0389 0x12fc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:23:09.0418 0x12fc FltMgr - ok
11:23:09.0512 0x12fc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
11:23:09.0569 0x12fc FontCache - ok
11:23:09.0668 0x12fc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:23:09.0673 0x12fc FontCache3.0.0.0 - ok
11:23:09.0721 0x12fc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:23:09.0728 0x12fc FsDepends - ok
11:23:09.0805 0x12fc [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:23:09.0815 0x12fc fssfltr - ok
11:23:09.0968 0x12fc [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:23:10.0023 0x12fc fsssvc - ok
11:23:10.0096 0x12fc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:23:10.0101 0x12fc Fs_Rec - ok
11:23:10.0156 0x12fc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:23:10.0179 0x12fc fvevol - ok
11:23:10.0223 0x12fc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:23:10.0228 0x12fc gagp30kx - ok
11:23:10.0243 0x12fc GbpKm - ok
11:23:10.0354 0x12fc [ 00C19D97AB407530BEB8556FA1F6B08A, 4FAA70F19CD812FDA8EC5B31ADEC7505F7EFB714BD12F9D253ECFAA13B545357 ] GbpSv C:\PROGRA~2\GbPlugin\GbpSv.exe
11:23:10.0366 0x12fc GbpSv - ok
11:23:10.0456 0x12fc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:23:10.0509 0x12fc gpsvc - ok
11:23:10.0587 0x12fc [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
11:23:10.0589 0x12fc GREGService - ok
11:23:10.0691 0x12fc [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:23:10.0700 0x12fc gupdate - ok
11:23:10.0746 0x12fc [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:23:10.0753 0x12fc gupdatem - ok
11:23:10.0792 0x12fc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:23:10.0800 0x12fc gusvc - ok
11:23:10.0845 0x12fc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:23:10.0850 0x12fc hcw85cir - ok
11:23:10.0927 0x12fc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:23:10.0964 0x12fc HdAudAddService - ok
11:23:10.0988 0x12fc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:23:10.0997 0x12fc HDAudBus - ok
11:23:11.0031 0x12fc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:23:11.0034 0x12fc HidBatt - ok
11:23:11.0074 0x12fc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:23:11.0080 0x12fc HidBth - ok
11:23:11.0104 0x12fc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:23:11.0109 0x12fc HidIr - ok
11:23:11.0152 0x12fc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
11:23:11.0158 0x12fc hidserv - ok
11:23:11.0200 0x12fc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:23:11.0206 0x12fc HidUsb - ok
11:23:11.0249 0x12fc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:23:11.0259 0x12fc hkmsvc - ok
11:23:11.0316 0x12fc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:23:11.0350 0x12fc HomeGroupListener - ok
11:23:11.0395 0x12fc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:23:11.0415 0x12fc HomeGroupProvider - ok
11:23:11.0552 0x12fc [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:23:11.0591 0x12fc hpqcxs08 - ok
11:23:11.0645 0x12fc [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:23:11.0655 0x12fc hpqddsvc - ok
11:23:11.0712 0x12fc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:23:11.0722 0x12fc HpSAMD - ok
11:23:11.0818 0x12fc [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:23:11.0866 0x12fc HPSLPSVC - ok
11:23:11.0959 0x12fc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:23:11.0986 0x12fc HTTP - ok
11:23:12.0042 0x12fc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:23:12.0046 0x12fc hwpolicy - ok
11:23:12.0115 0x12fc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:23:12.0125 0x12fc i8042prt - ok
11:23:12.0209 0x12fc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:23:12.0252 0x12fc iaStorV - ok
11:23:12.0346 0x12fc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:23:12.0382 0x12fc idsvc - ok
11:23:12.0435 0x12fc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:23:12.0442 0x12fc iirsp - ok
11:23:12.0581 0x12fc [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
11:23:12.0645 0x12fc IKEEXT - ok
11:23:12.0727 0x12fc [ C4E67D3037DC79E39D7136581A947F50, 1A632388942B2E3015C021EAA2470B1B4CB8BDFB16B24D85F66245374FE7A0EF ] inspect C:\Windows\system32\DRIVERS\inspect.sys
11:23:12.0739 0x12fc inspect - ok
11:23:12.0945 0x12fc [ FEADC18677A85A123E95A9B976101120, 3198981BBC0FFDD706F7B14AAAAE076449D74B4EEA308C58CB354E7FFF89FAD7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:23:13.0029 0x12fc IntcAzAudAddService - ok
11:23:13.0072 0x12fc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:23:13.0074 0x12fc intelide - ok
11:23:13.0112 0x12fc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:23:13.0116 0x12fc intelppm - ok
11:23:13.0163 0x12fc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:23:13.0174 0x12fc IPBusEnum - ok
11:23:13.0214 0x12fc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:13.0228 0x12fc IpFilterDriver - ok
11:23:13.0304 0x12fc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:23:13.0334 0x12fc iphlpsvc - ok
11:23:13.0367 0x12fc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:23:13.0374 0x12fc IPMIDRV - ok
11:23:13.0431 0x12fc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:23:13.0444 0x12fc IPNAT - ok
11:23:13.0470 0x12fc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:23:13.0474 0x12fc IRENUM - ok
11:23:13.0525 0x12fc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:23:13.0580 0x12fc isapnp - ok
11:23:13.0636 0x12fc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:23:13.0664 0x12fc iScsiPrt - ok
11:23:13.0798 0x12fc [ C9B4ECC187581E5BF3F76648884B7829, D4DDFDD92FEFDFAF293633C2B3860C37D7DC59965170E55AD181EFAFCFD1DB13 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
11:23:13.0826 0x12fc k57nd60a - ok
11:23:13.0842 0x12fc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:13.0846 0x12fc kbdclass - ok
11:23:13.0898 0x12fc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:13.0904 0x12fc kbdhid - ok
11:23:13.0925 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
11:23:13.0930 0x12fc KeyIso - ok
11:23:14.0010 0x12fc [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:23:14.0019 0x12fc KSecDD - ok
11:23:14.0052 0x12fc [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:23:14.0060 0x12fc KSecPkg - ok
11:23:14.0084 0x12fc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:23:14.0086 0x12fc ksthunk - ok
11:23:14.0141 0x12fc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
11:23:14.0164 0x12fc KtmRm - ok
11:23:14.0254 0x12fc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:23:14.0281 0x12fc LanmanServer - ok
11:23:14.0328 0x12fc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:23:14.0335 0x12fc LanmanWorkstation - ok
11:23:14.0402 0x12fc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:23:14.0410 0x12fc lltdio - ok
11:23:14.0471 0x12fc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:23:14.0503 0x12fc lltdsvc - ok
11:23:14.0517 0x12fc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:23:14.0521 0x12fc lmhosts - ok
11:23:14.0569 0x12fc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:23:14.0580 0x12fc LSI_FC - ok
11:23:14.0609 0x12fc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:23:14.0615 0x12fc LSI_SAS - ok
11:23:14.0642 0x12fc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:23:14.0647 0x12fc LSI_SAS2 - ok
11:23:14.0677 0x12fc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:23:14.0684 0x12fc LSI_SCSI - ok
11:23:14.0718 0x12fc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
11:23:14.0724 0x12fc luafv - ok
11:23:14.0759 0x12fc [ 36EFC8C32829A27BAF0E63BFDBD5EE90, 7B8C211FFDFBD5D2D9680FA4633379185740876919709F8B41515BAD95BD215B ] massfilter C:\Windows\system32\drivers\massfilter.sys
11:23:14.0761 0x12fc massfilter - ok
11:23:14.0825 0x12fc McComponentHostService - ok
11:23:14.0869 0x12fc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:23:14.0879 0x12fc Mcx2Svc - ok
11:23:14.0902 0x12fc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:23:14.0908 0x12fc megasas - ok
11:23:14.0990 0x12fc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:23:15.0012 0x12fc MegaSR - ok
11:23:15.0054 0x12fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
11:23:15.0058 0x12fc MMCSS - ok
11:23:15.0089 0x12fc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
11:23:15.0093 0x12fc Modem - ok
11:23:15.0134 0x12fc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:23:15.0139 0x12fc monitor - ok
11:23:15.0189 0x12fc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:23:15.0195 0x12fc mouclass - ok
11:23:15.0241 0x12fc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:23:15.0246 0x12fc mouhid - ok
11:23:15.0292 0x12fc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:23:15.0302 0x12fc mountmgr - ok
11:23:15.0354 0x12fc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
11:23:15.0371 0x12fc mpio - ok
11:23:15.0424 0x12fc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:23:15.0430 0x12fc mpsdrv - ok
11:23:15.0514 0x12fc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:23:15.0595 0x12fc MpsSvc - ok
11:23:15.0636 0x12fc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:23:15.0642 0x12fc MRxDAV - ok
11:23:15.0738 0x12fc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:15.0761 0x12fc mrxsmb - ok
11:23:15.0832 0x12fc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:15.0856 0x12fc mrxsmb10 - ok
11:23:15.0889 0x12fc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:15.0898 0x12fc mrxsmb20 - ok
11:23:15.0939 0x12fc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
11:23:15.0944 0x12fc msahci - ok
11:23:16.0018 0x12fc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:23:16.0037 0x12fc msdsm - ok
11:23:16.0097 0x12fc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
11:23:16.0111 0x12fc MSDTC - ok
11:23:16.0186 0x12fc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:23:16.0190 0x12fc Msfs - ok
11:23:16.0213 0x12fc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:23:16.0215 0x12fc mshidkmdf - ok
11:23:16.0247 0x12fc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:23:16.0249 0x12fc msisadrv - ok
11:23:16.0301 0x12fc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:23:16.0309 0x12fc MSiSCSI - ok
11:23:16.0320 0x12fc msiserver - ok
11:23:16.0338 0x12fc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:23:16.0343 0x12fc MSKSSRV - ok
11:23:16.0361 0x12fc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:16.0363 0x12fc MSPCLOCK - ok
11:23:16.0367 0x12fc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:23:16.0369 0x12fc MSPQM - ok
11:23:16.0405 0x12fc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:23:16.0417 0x12fc MsRPC - ok
11:23:16.0477 0x12fc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:23:16.0480 0x12fc mssmbios - ok
11:23:16.0503 0x12fc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:23:16.0507 0x12fc MSTEE - ok
11:23:16.0539 0x12fc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:23:16.0541 0x12fc MTConfig - ok
11:23:16.0586 0x12fc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
11:23:16.0590 0x12fc Mup - ok
11:23:16.0642 0x12fc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
11:23:16.0676 0x12fc napagent - ok
11:23:16.0701 0x12fc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:23:16.0711 0x12fc NativeWifiP - ok
11:23:16.0800 0x12fc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
11:23:16.0870 0x12fc NDIS - ok
11:23:16.0897 0x12fc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:23:16.0900 0x12fc NdisCap - ok
11:23:16.0949 0x12fc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:16.0953 0x12fc NdisTapi - ok
11:23:17.0048 0x12fc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:17.0056 0x12fc Ndisuio - ok
11:23:17.0111 0x12fc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:17.0135 0x12fc NdisWan - ok
11:23:17.0199 0x12fc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:23:17.0206 0x12fc NDProxy - ok
11:23:17.0344 0x12fc [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:23:17.0372 0x12fc Nero BackItUp Scheduler 4.0 - ok
11:23:17.0478 0x12fc [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:23:17.0486 0x12fc Net Driver HPZ12 - ok
11:23:17.0542 0x12fc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:23:17.0583 0x12fc NetBIOS - ok
11:23:17.0682 0x12fc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:23:17.0703 0x12fc NetBT - ok
11:23:17.0724 0x12fc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
11:23:17.0726 0x12fc Netlogon - ok
11:23:17.0780 0x12fc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
11:23:17.0793 0x12fc Netman - ok
11:23:17.0825 0x12fc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
11:23:17.0843 0x12fc netprofm - ok
11:23:17.0874 0x12fc [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:17.0877 0x12fc NetTcpPortSharing - ok
11:23:17.0927 0x12fc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:23:17.0938 0x12fc nfrd960 - ok
11:23:17.0985 0x12fc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:23:18.0010 0x12fc NlaSvc - ok
11:23:18.0052 0x12fc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:23:18.0056 0x12fc Npfs - ok
11:23:18.0093 0x12fc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
11:23:18.0100 0x12fc nsi - ok
11:23:18.0135 0x12fc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:23:18.0136 0x12fc nsiproxy - ok
11:23:18.0275 0x12fc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:23:18.0375 0x12fc Ntfs - ok
11:23:18.0474 0x12fc [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
11:23:18.0491 0x12fc NTI IScheduleSvc - ok
11:23:18.0613 0x12fc [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B

W3i.IQ5.fraud and others.

New member

Emeritus-Security Expert

New member

Attachments

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Attachments

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member