Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to remove Virus:Win64/Alureon.gen!A [Solved]


  • This topic is locked This topic is locked

#1
valley1

valley1

    New Member

  • Member
  • Pip
  • 6 posts
Microsoft Security essentials has been detecting this Trojan for months and asked me to download and try Windows Defender to remove the virus. Only after my son told me the trojan is very high risk did I try to remove it by installing Windows Defender on a USB, but the virus keeps getting detected.

My son tried to use Malwarebytes but it also was unable to remove the trojan. I have run OTL and the log is below. Any help would be greatly appreciated. I use this computer for work and I'm worried that this virus may compromise sensitive files. I'm using a Toshiba Protege Z935 running Windows 7.

OTL logfile created on: 12/28/2013 6:44:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MOTHER NATURE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.32% Memory free
7.79 Gb Paging File | 5.68 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.19 Gb Total Space | 35.39 Gb Free Space | 34.97% Space Free | Partition Type: NTFS

Computer Name: MOTHERNATURE-PC | User Name: MOTHER NATURE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/28 18:43:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MOTHER NATURE\Downloads\OTL.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/08 10:13:59 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/21 17:38:16 | 000,047,392 | ---- | M] (Yontoo LLC) -- C:\Users\MOTHER NATURE\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/05/21 17:38:16 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 20:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 20:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/02/29 16:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 16:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/02/28 19:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 19:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/27 05:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/24 14:47:00 | 000,192,856 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/02/21 14:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/21 14:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/04 15:16:54 | 002,824,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2012/01/26 17:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/11/30 19:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
PRC - [2010/12/25 18:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe
PRC - [2010/10/12 16:09:38 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Reliance 3G\UIExec.exe
PRC - [2010/10/12 16:08:50 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\Reliance 3G\AssistantServices.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/28 18:38:46 | 000,013,600 | ---- | M] () -- C:\Users\MOTHER NATURE\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 21:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/10 02:33:07 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e1d6482355cf83afab1904ee0cd72168\System.Windows.Forms.ni.dll
MOD - [2013/10/10 02:32:36 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aafdc594aaeb62d1ebfbb827aa9f059b\System.Configuration.ni.dll
MOD - [2013/09/13 08:48:22 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f5cff49f1a827754ae2ba6d951b12a07\System.Drawing.ni.dll
MOD - [2013/09/13 08:48:07 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cea6226854fbf75dc05bd2fb98357e81\System.Xml.ni.dll
MOD - [2013/09/13 08:48:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\4802a2f7b7a69969a7cec274030aa373\System.ni.dll
MOD - [2013/09/13 08:47:58 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/21 17:48:15 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 17:48:15 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/02 18:09:05 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/10/05 05:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/04/17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/11/20 22:24:25 | 000,385,024 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/20 22:23:56 | 000,114,688 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010/10/12 16:09:38 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Reliance 3G\UIExec.exe
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/10 14:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012/04/11 19:05:44 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2012/03/29 18:04:58 | 000,586,624 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/03/16 17:54:58 | 000,846,208 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/02/28 21:00:32 | 000,342,464 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/02/03 00:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/12/10 15:36:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/08 10:13:59 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/04/02 13:03:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/02/28 19:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 19:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/24 14:47:00 | 000,192,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/21 14:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 14:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/30 19:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/21 17:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/01 19:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/10/12 16:08:50 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Reliance 3G\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/26 21:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/14 03:34:34 | 011,472,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 05:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 05:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 05:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/22 16:35:00 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/02/22 15:54:08 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/01/30 16:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/01/26 20:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/01/26 20:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/16 19:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 21:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/30 20:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/12 22:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011/05/25 19:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/29 13:47:56 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 12:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/10/29 15:22:20 | 000,198,144 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2010/09/03 17:35:34 | 000,030,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2010/08/31 18:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/08/30 12:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/08/24 22:53:26 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/08/07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/07/27 15:26:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/07/27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/26 13:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/20 12:06:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/10/29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/10/29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/10/29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 13:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 14:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 14:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/12/28 18:38:20 | 000,046,768 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F19DB-1BA8-409D-8769-80EB100585F0}\MpKsl2c36409d.sys -- (MpKsl2c36409d)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.advisorcompass.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...66B685D43F34847
IE - HKCU\..\SearchScopes\{16D934E7-B842-4010-A8BD-89DBC579B9C4}: "URL" = http://www.google.co...1I7TSNO_enIN508
IE - HKCU\..\SearchScopes\{257083C1-44F4-4DE6-BEF9-5312D43C013D}: "URL" = http://www.google.co...1I7TSNO_enIN508
IE - HKCU\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\MOTHER NATURE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\MOTHER NATURE\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\MOTHER NATURE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MOTHER NATURE\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MOTHER NATURE\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2013/12/28 17:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013/03/05 09:31:41 | 000,000,000 | ---D | M]

[2013/05/25 04:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MOTHER NATURE\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\MOTHER NATURE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\MOTHER NATURE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\MOTHER NATURE\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/28 18:38:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DelayTSS] C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Intel AT Service signup] C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Reliance 3G\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\MOTHER NATURE\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SODMTimer] C:\Program Files (x86)\E-Z Data\SODM\SODMTimer.exe (E-Z Data Inc.)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\MOTHER NATURE\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect125.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA556C1-FB76-479D-B151-120242F81A48}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/28 18:41:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/28 18:41:28 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/12/28 17:59:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/12/28 17:59:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/12/28 17:59:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/12/28 17:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/28 17:58:56 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/12/28 14:28:56 | 000,000,000 | ---D | C] -- C:\Users\MOTHER NATURE\AppData\Roaming\Malwarebytes
[2013/12/28 14:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/28 14:28:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/12/28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/27 10:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/27 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/17 07:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/04 10:57:38 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2013/11/29 14:10:39 | 000,000,000 | ---D | C] -- C:\Users\MOTHER NATURE\Desktop\1337 Balls Hills Road_1_pdf - [email protected]_com_files
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\MOTHER NATURE\Desktop\*.tmp files -> C:\Users\MOTHER NATURE\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/28 18:45:25 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/28 18:45:25 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/28 18:45:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1919276584-4093521646-944713144-1000UA.job
[2013/12/28 18:43:45 | 000,779,534 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/28 18:43:45 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/28 18:43:45 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/28 18:38:45 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/28 18:38:45 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/12/28 18:38:43 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/12/28 18:38:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/28 18:38:12 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/28 18:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/28 18:27:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/28 16:45:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1919276584-4093521646-944713144-1000Core.job
[2013/12/28 14:28:49 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/28 12:57:21 | 000,001,034 | ---- | M] () -- C:\Users\MOTHER NATURE\Desktop\magicJack.lnk
[2013/12/27 19:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/12/27 10:28:53 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/12/11 20:34:20 | 000,427,728 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/29 14:10:39 | 000,001,130 | ---- | M] () -- C:\Users\MOTHER NATURE\Desktop\1337 Balls Hills Road_1_pdf - [email protected]_com.htm
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\MOTHER NATURE\Desktop\*.tmp files -> C:\Users\MOTHER NATURE\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/28 17:59:33 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/12/28 17:59:33 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/12/28 17:59:33 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/12/28 17:59:33 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/12/28 17:59:33 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/12/28 14:28:49 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/27 10:26:50 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/29 14:10:38 | 000,001,130 | ---- | C] () -- C:\Users\MOTHER NATURE\Desktop\1337 Balls Hills Road_1_pdf - [email protected]_com.htm
[2013/11/01 07:43:26 | 000,000,096 | ---- | C] () -- C:\Users\MOTHER NATURE\AppData\Roaming\version2.xml
[2013/10/01 10:12:25 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/10/01 10:12:23 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/09/09 10:27:32 | 000,000,036 | ---- | C] () -- C:\Users\MOTHER NATURE\AppData\Local\housecall.guid.cache
[2013/03/28 14:44:04 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/10 03:31:06 | 000,000,171 | ---- | C] () -- C:\windows\Nudi.INI
[2013/02/28 23:41:17 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2012/11/01 19:01:02 | 000,773,750 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/26 21:19:10 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012/03/26 21:19:08 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012/03/26 21:03:46 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/26 19:53:42 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012/02/03 00:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/01 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\Book Place
[2013/10/01 16:25:01 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\ControlCenter4
[2013/09/11 08:53:55 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\E-Z Data
[2013/03/03 01:41:50 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\Epson
[2013/04/19 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\HTC
[2013/04/19 01:50:09 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013/12/28 12:57:24 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\mjusbsp
[2012/11/29 11:59:15 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\PCCUStubInstaller
[2013/06/05 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\PDFlite
[2012/11/11 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\SoftGrid Client
[2012/11/29 10:09:47 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\Toshiba
[2012/11/01 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\TP
[2013/12/27 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\uTorrent
[2012/11/01 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\WinBatch
[2013/11/01 07:43:45 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\WinZip
[2013/12/28 18:38:47 | 000,000,000 | ---D | M] -- C:\Users\MOTHER NATURE\AppData\Roaming\Yontoo

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello valley1, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. This should be the C:\Users\MOTHER NATURE\Downloads folder. Please post the contents of that file.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Extras.txt log
2. The aswMBR log
3.The AdwCleaner[R0].txt log
  • 0

#3
valley1

valley1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL Extras logfile created on: 12/28/2013 6:44:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MOTHER NATURE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.32% Memory free
7.79 Gb Paging File | 5.68 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.19 Gb Total Space | 35.39 Gb Free Space | 34.97% Space Free | Partition Type: NTFS

Computer Name: MOTHERNATURE-PC | User Name: MOTHER NATURE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CFFE0A8F-F1BB-488F-A609-68AC18613BEA}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27456CD1-B66C-4D47-9CD5-B5F535C280F5}" = protocol=6 | dir=in | app=c:\users\mother nature\appdata\roaming\mjusbsp\magicjack.exe |
"{2AD5759D-4CD0-441D-8641-2E2EB3B5E195}" = protocol=6 | dir=in | app=c:\users\mother nature\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{35F3053A-D8DE-4AA8-A4A0-B0AB9A91A5BE}" = protocol=17 | dir=in | app=c:\users\mother nature\appdata\roaming\utorrent\utorrent.exe |
"{40AAF1E0-4F38-48F1-BB3F-D34E6E03A8AB}" = protocol=6 | dir=in | app=c:\users\mother nature\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4871AFB8-E6AF-435D-BE64-6A0BD469363B}" = protocol=6 | dir=in | app=c:\users\mother nature\appdata\roaming\utorrent\utorrent.exe |
"{50A1A2DF-BA9C-4EAA-ADB8-8D389A103E56}" = protocol=17 | dir=in | app=c:\users\mother nature\appdata\roaming\mjusbsp\magicjack.exe |
"{AB7B735F-E0A3-445A-90C6-D5E40BFED79D}" = protocol=17 | dir=in | app=c:\users\mother nature\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F15533F8-0816-48AF-B473-B5AEC4EA55B9}" = protocol=17 | dir=in | app=c:\users\mother nature\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{6E79E0F5-2DF5-4682-A58F-D586ACF8216E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{DFD7D48A-3C09-4FD9-9A36-7E8EBE14DE28}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{48A4E403-03F9-4C55-B3DE-131C43BFA7CF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{CFB9949D-EFE1-4739-BC6C-EA0B7F1C6DD1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}" = HP Officejet Pro 8600 Product Improvement Study
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = SRS Premium Sound Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}" = TOSHIBA eco Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite HL-2280DW
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6D38253B-9EAC-4CFF-B466-42534BFB4A21}" = SmartOffice Download Manager
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Reliance 3G
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}" = Intel® AT Service signup
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E078671F-A754-4D31-BDB8-74E855FB02F2}" = Epson E-Web Print
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobile Partner" = Mobile Partner
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Toshiba Laptop Checkup
"Nudi 4.0" = Nudi 4.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFlite" = PDFlite 0.9.0.0
"VLC media player" = VLC media player 2.1.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2013 12:03:59 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/27/2013 6:49:04 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 11:03:20 AM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 1:56:45 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 2:05:06 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 3:22:32 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 6:21:24 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 6:35:25 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 6:59:33 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/28/2013 7:40:09 PM | Computer Name = MOTHERNATURE-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/28/2013 6:59:02 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 12/28/2013 6:59:02 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/28/2013 6:59:32 PM | Computer Name = MOTHERNATURE-PC | Source = DCOM | ID = 10010
Description =

Error - 12/28/2013 7:00:02 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Application Experience service,
but this action failed with the following error: %%1056

Error - 12/28/2013 7:01:02 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 12/28/2013 7:01:02 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 12/28/2013 7:36:31 PM | Computer Name = MOTHERNATURE-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/28/2013 7:37:31 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/28/2013 7:37:39 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/28/2013 7:38:20 PM | Computer Name = MOTHERNATURE-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
  • 0

#4
valley1

valley1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-29 11:50:57
-----------------------------
11:50:57.864 OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:57.864 Number of processors: 4 586 0x3A09
11:50:57.864 ComputerName: MOTHERNATURE-PC UserName: MOTHER NATURE
11:50:58.519 Initialize success
11:55:47.335 AVAST engine defs: 13122900
11:55:54.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:55:54.605 Disk 0 Vendor: TOSHIBA_ TA4A Size: 122104MB BusType: 3
11:55:54.605 Device \Driver\iaStor -> MajorFunction fffffa8006f125e8
11:55:54.621 Disk 0 MBR read successfully
11:55:54.621 Disk 0 MBR scan
11:55:54.636 Disk 0 Windows VISTA default MBR code
11:55:54.652 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:55:54.714 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 103621 MB offset 3074048
11:55:54.777 Disk 0 Partition 3 00 84 OS/2 hidden C: 4096 MB offset 215289856
11:55:54.792 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 12886 MB offset 223678464
11:55:54.933 Disk 0 scanning C:\windows\system32\drivers
11:56:10.018 Service scanning
11:56:26.554 Service MpKsl69850c83 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F19DB-1BA8-409D-8769-80EB100585F0}\MpKsl69850c83.sys **LOCKED** 32
11:56:46.319 Modules scanning
11:56:46.335 Disk 0 trace - called modules:
11:56:46.350 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006f125e8]<<
11:56:46.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c8e060]
11:56:46.381 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> [0xfffffa8004554e40]
11:56:46.381 5 ACPI.sys[fffff88000fb47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004553050]
11:56:46.397 \Driver\iaStor[0xfffffa8003950890] -> IRP_MJ_CREATE -> 0xfffffa8006f125e8
11:56:46.896 AVAST engine scan C:\windows
11:56:51.545 AVAST engine scan C:\windows\system32
12:01:45.574 AVAST engine scan C:\windows\system32\drivers
12:02:01.362 AVAST engine scan C:\Users\MOTHER NATURE
12:06:33.083 AVAST engine scan C:\ProgramData
12:07:50.007 Scan finished successfully
12:08:55.652 Disk 0 MBR has been saved successfully to "C:\Users\MOTHER NATURE\Desktop\MBR.dat"
12:08:55.667 The log file has been saved successfully to "C:\Users\MOTHER NATURE\Desktop\aswMBR.txt"

# AdwCleaner v3.016 - Report created 29/12/2013 at 12:09:27
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : MOTHER NATURE - MOTHERNATURE-PC
# Running from : C:\Users\MOTHER NATURE\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Yontoo Desktop Updater

***** [ Files / Folders ] *****

File Found : C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Found : C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Found : C:\windows\System32\Tasks\QtraxPlayer
Folder Found C:\Program Files (x86)\mapsgalaxy_39
Folder Found C:\Program Files (x86)\Yontoo
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\MOTHER NATURE\AppData\Local\mapsgalaxy_39
Folder Found C:\Users\MOTHER NATURE\AppData\LocalLow\Delta
Folder Found C:\Users\MOTHER NATURE\AppData\LocalLow\iac
Folder Found C:\Users\MOTHER NATURE\AppData\LocalLow\mapsgalaxy_39
Folder Found C:\Users\MOTHER NATURE\AppData\Roaming\pccustubinstaller
Folder Found C:\Users\MOTHER NATURE\AppData\Roaming\Yontoo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\5c0d88bb438bf17
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\qtrax
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\qtrax
Key Found : HKLM\SOFTWARE\5c0d88bb438bf17
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\MapsGalaxy_39
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364EA597-E728-4CE4-BB4A-ED846EF47970}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]_39.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\MOTHER NATURE\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6730 octets] - [29/12/2013 12:09:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6790 octets] ##########
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Thanks for the logs. I see that you have run CombpFix. Please post that log in your next reply. it can be found at C:\ComboFix.txt

I see software for three printers, HP, Brother and Epson. Question: Do you use still have all three? If not which one do you currently use?

The aswMBR scan shows an unknown acpi.sys file and an extra hidden partition on the hard drive. Let's check that out first.

It would be a good idea to print the instructions or save them to a text file so you will have them before you begin.


You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware, viruses or out of date programs and must be uninstalled.


Step-1.

Malicious program uninstalls and Optional Removals


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Yontoo 2.053
Java™ 6 Update 25
uTorrent


3. Click on each program to highlight it and click Change/Remove.
3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\MOTHER NATURE\AppData\Roaming\uTorrent

2. Close Windows Explorer


Step-2.

Posted Image TDSSKiller

Please read carefully and follow these steps.

Click here to go to the TDSSKiller download page. Click tthe Download Now EXE Version button and save the tdsskiller.exe file to the desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went and answer my question above.
2. The ComboFix.txt log
3. The TDSSKiller log
  • 0

#6
valley1

valley1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, I was able to uninstall all 3 recommended programs and I deleted the folder for utorrent. I currently only use the HP printer. Thanks for your help!

ComboFix 13-12-26.01 - MOTHER NATURE 12/28/2013 18:03:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3990.2192 [GMT -5:00]
Running from: c:\users\MOTHER NATURE\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\9519~1\A535~1\E628~1\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\L\[email protected]
c:\program files (x86)\Google\Desktop\Install\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\9519~1\A535~1\E628~1\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\L\201d3dde
c:\program files (x86)\Google\Desktop\Install\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\9519~1\A535~1\E628~1\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\L\76603ac3
c:\program files (x86)\WinZip Driver Updater
c:\program files (x86)\WinZip Driver Updater\install_left.bmp
c:\program files (x86)\WinZip Driver Updater\isxdl.dll
c:\program files (x86)\WinZip Driver Updater\unins000.dat
c:\program files (x86)\WinZip Driver Updater\unins000.exe
c:\program files (x86)\WinZip Driver Updater\unins000.msg
c:\program files (x86)\WinZip Driver Updater\updater\extract\copying.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\History.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\license.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\readme.txt
c:\users\MOTHER NATURE\AppData\Local\Google\Desktop\Install
c:\users\MOTHER NATURE\AppData\Local\Google\Desktop\Install\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\2E2F~1\28F0~1\E628~1\{6a58c6ae-4a5a-fa66-2d40-2c9b28cbfe45}\@
c:\users\MOTHER NATURE\AppData\Local\Temp\7zS4162\HPSLPSVC64.DLL
c:\users\MOTHER~1\AppData\Local\Temp\7zS4162\HPSLPSVC64.DLL
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-28 )))))))))))))))))))))))))))))))
.
.
2013-12-28 19:28 . 2013-12-28 19:28 -------- d-----w- c:\users\MOTHER NATURE\AppData\Roaming\Malwarebytes
2013-12-28 19:28 . 2013-12-28 19:28 -------- d-----w- c:\programdata\Malwarebytes
2013-12-28 19:28 . 2013-12-28 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-28 19:28 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-28 18:16 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F19DB-1BA8-409D-8769-80EB100585F0}\mpengine.dll
2013-12-27 15:31 . 2013-10-28 04:41 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21DBDFD3-3ED4-4167-AB96-ACB7AEADC418}\gapaengine.dll
2013-12-27 15:31 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-27 15:26 . 2013-12-27 15:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-12-27 15:26 . 2013-12-27 15:26 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-11 13:56 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 13:56 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 13:56 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 13:56 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 13:56 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 13:09 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-04 15:57 . 2013-12-28 21:28 -------- d-----w- c:\windows\Microsoft Antimalware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 20:36 . 2013-05-25 09:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:36 . 2013-05-25 09:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-27 21:24 . 2013-11-27 21:24 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 21:24 . 2013-11-27 21:24 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 21:24 . 2013-11-27 21:24 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 21:24 . 2013-11-27 21:24 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 21:24 . 2013-11-27 21:24 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 21:24 . 2013-11-27 21:24 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 21:24 . 2013-11-27 21:24 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 21:24 . 2013-11-27 21:24 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 21:24 . 2013-11-27 21:24 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 21:24 . 2013-11-27 21:24 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 21:24 . 2013-11-27 21:24 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 21:24 . 2013-11-27 21:24 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 21:24 . 2013-11-27 21:24 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 21:24 . 2013-11-27 21:24 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 21:24 . 2013-11-27 21:24 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 21:24 . 2013-11-27 21:24 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 21:24 . 2013-11-27 21:24 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 21:24 . 2013-11-27 21:24 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 21:24 . 2013-11-27 21:24 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 21:24 . 2013-11-27 21:24 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 21:24 . 2013-11-27 21:24 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 21:24 . 2013-11-27 21:24 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 21:24 . 2013-11-27 21:24 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 21:24 . 2013-11-27 21:24 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 21:24 . 2013-11-27 21:24 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 21:24 . 2013-11-27 21:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 21:24 . 2013-11-27 21:24 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 21:24 . 2013-11-27 21:24 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 21:24 . 2013-11-27 21:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 21:24 . 2013-11-27 21:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 21:24 . 2013-11-27 21:24 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 21:24 . 2013-11-27 21:24 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 21:24 . 2013-11-27 21:24 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 21:24 . 2013-11-27 21:24 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 21:24 . 2013-11-27 21:24 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 21:24 . 2013-11-27 21:24 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 21:24 . 2013-11-27 21:24 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 21:24 . 2013-11-27 21:24 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 21:24 . 2013-11-27 21:24 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 21:24 . 2013-11-27 21:24 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 21:24 . 2013-11-27 21:24 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 21:24 . 2013-11-27 21:24 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 21:24 . 2013-11-27 21:24 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 21:24 . 2013-11-27 21:24 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 21:24 . 2013-11-27 21:24 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 21:24 . 2013-11-27 21:24 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 21:24 . 2013-11-27 21:24 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 21:24 . 2013-11-27 21:24 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 21:24 . 2013-11-27 21:24 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 21:24 . 2013-11-27 21:24 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 21:24 . 2013-11-27 21:24 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 21:24 . 2013-11-27 21:24 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 21:24 . 2013-11-27 21:24 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 21:24 . 2013-11-27 21:24 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 21:24 . 2013-11-27 21:24 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 21:24 . 2013-11-27 21:24 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 21:24 . 2013-11-27 21:24 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 21:24 . 2013-11-27 21:24 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 21:24 . 2013-11-27 21:24 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-19 09:32 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-14 23:00 . 2013-11-27 21:27 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 00:18 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 00:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 00:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 00:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 00:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 00:42 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 00:42 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 00:40 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 00:40 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 00:40 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 00:40 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 00:40 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 00:40 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 00:18 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 00:18 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-08-06 22:26 . 2013-08-06 22:11 4188160 ----a-w- c:\program files (x86)\GUT1AD1.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-05-21 22:40 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\MOTHER NATURE\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Yontoo Desktop"="c:\users\MOTHER NATURE\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-05-21 47392]
"SODMTimer"="c:\program files (x86)\E-Z Data\SODM\SODMTimer.exe" [2011-08-11 30048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-16 382976]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"UIExec"="c:\program files (x86)\Reliance 3G\UIExec.exe" [2010-10-12 139088]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-9-22 16032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-9-22 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 brcgqmlp;brcgqmlp;c:\windows\system32\drivers\brcgqmlp.sys;c:\windows\SYSNATIVE\drivers\brcgqmlp.sys [x]
R1 dlkwxldi;dlkwxldi;c:\windows\system32\drivers\dlkwxldi.sys;c:\windows\SYSNATIVE\drivers\dlkwxldi.sys [x]
R1 dsgrpenk;dsgrpenk;c:\windows\system32\drivers\dsgrpenk.sys;c:\windows\SYSNATIVE\drivers\dsgrpenk.sys [x]
R1 eoirvjfi;eoirvjfi;c:\windows\system32\drivers\eoirvjfi.sys;c:\windows\SYSNATIVE\drivers\eoirvjfi.sys [x]
R1 foswbjcd;foswbjcd;c:\windows\system32\drivers\foswbjcd.sys;c:\windows\SYSNATIVE\drivers\foswbjcd.sys [x]
R1 gkzhyqak;gkzhyqak;c:\windows\system32\drivers\gkzhyqak.sys;c:\windows\SYSNATIVE\drivers\gkzhyqak.sys [x]
R1 gmfntqqp;gmfntqqp;c:\windows\system32\drivers\gmfntqqp.sys;c:\windows\SYSNATIVE\drivers\gmfntqqp.sys [x]
R1 hczvwxss;hczvwxss;c:\windows\system32\drivers\hczvwxss.sys;c:\windows\SYSNATIVE\drivers\hczvwxss.sys [x]
R1 isintdzi;isintdzi;c:\windows\system32\drivers\isintdzi.sys;c:\windows\SYSNATIVE\drivers\isintdzi.sys [x]
R1 kwctcsqw;kwctcsqw;c:\windows\system32\drivers\kwctcsqw.sys;c:\windows\SYSNATIVE\drivers\kwctcsqw.sys [x]
R1 kxbgedzf;kxbgedzf;c:\windows\system32\drivers\kxbgedzf.sys;c:\windows\SYSNATIVE\drivers\kxbgedzf.sys [x]
R1 lglygkaq;lglygkaq;c:\windows\system32\drivers\lglygkaq.sys;c:\windows\SYSNATIVE\drivers\lglygkaq.sys [x]
R1 liaprsbl;liaprsbl;c:\windows\system32\drivers\liaprsbl.sys;c:\windows\SYSNATIVE\drivers\liaprsbl.sys [x]
R1 lmgfbqnu;lmgfbqnu;c:\windows\system32\drivers\lmgfbqnu.sys;c:\windows\SYSNATIVE\drivers\lmgfbqnu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2C36409D
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 23:22 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-27 20:36]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 22:11]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 22:11]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919276584-4093521646-944713144-1000Core.job
- c:\users\MOTHER NATURE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:46]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919276584-4093521646-944713144-1000UA.job
- c:\users\MOTHER NATURE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:46]
.
2013-12-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-12-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.advisorcompass.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{364ea597-e728-4ce4-bb4a-ed846ef47970} - c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,fb,46,ca,75,ff,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files (x86)\Reliance 3G\AssistantServices.exe
c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2013-12-28 18:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-28 23:41
.
Pre-Run: 27,727,736,832 bytes free
Post-Run: 37,890,486,272 bytes free
.
- - End Of File - - C52165CBD3964AB5020BFA9F262137FC

14:28:49.0089 0x08fc TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:28:51.0913 0x08fc ============================================================
14:28:51.0913 0x08fc Current date / time: 2013/12/29 14:28:51.0913
14:28:51.0913 0x08fc SystemInfo:
14:28:51.0913 0x08fc
14:28:51.0913 0x08fc OS Version: 6.1.7601 ServicePack: 1.0
14:28:51.0913 0x08fc Product type: Workstation
14:28:51.0913 0x08fc ComputerName: MOTHERNATURE-PC
14:28:51.0913 0x08fc UserName: MOTHER NATURE
14:28:51.0913 0x08fc Windows directory: C:\windows
14:28:51.0913 0x08fc System windows directory: C:\windows
14:28:51.0913 0x08fc Running under WOW64
14:28:51.0913 0x08fc Processor architecture: Intel x64
14:28:51.0913 0x08fc Number of processors: 4
14:28:51.0913 0x08fc Page size: 0x1000
14:28:51.0913 0x08fc Boot type: Normal boot
14:28:51.0913 0x08fc ============================================================
14:28:52.0131 0x08fc KLMD registered as C:\windows\system32\drivers\38653281.sys
14:28:52.0365 0x08fc System UUID: {6CD95C90-D1FD-D748-FBA8-A5D89BCD2D24}
14:28:53.0441 0x08fc Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:53.0441 0x08fc ============================================================
14:28:53.0441 0x08fc \Device\Harddisk0\DR0:
14:28:53.0441 0x08fc MBR partitions:
14:28:53.0441 0x08fc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xCA62800
14:28:53.0441 0x08fc ============================================================
14:28:53.0441 0x08fc C: <-> \Device\Harddisk0\DR0\Partition1
14:28:53.0441 0x08fc ============================================================
14:28:53.0441 0x08fc Initialize success
14:28:53.0441 0x08fc ============================================================
14:29:05.0875 0x10b8 ============================================================
14:29:05.0875 0x10b8 Scan started
14:29:05.0875 0x10b8 Mode: Manual; SigCheck; TDLFS;
14:29:05.0875 0x10b8 ============================================================
14:29:05.0875 0x10b8 KSN ping started
14:29:19.0618 0x10b8 KSN ping finished: true
14:29:19.0805 0x10b8 ================ Scan system memory ========================
14:29:19.0805 0x10b8 System memory - ok
14:29:19.0805 0x10b8 ================ Scan services =============================
14:29:19.0883 0x10b8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
14:29:20.0008 0x10b8 1394ohci - ok
14:29:20.0039 0x10b8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
14:29:20.0086 0x10b8 ACPI - ok
14:29:20.0102 0x10b8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
14:29:20.0133 0x10b8 AcpiPmi - ok
14:29:20.0149 0x10b8 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:29:20.0180 0x10b8 AdobeARMservice - ok
14:29:20.0227 0x10b8 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:29:20.0258 0x10b8 AdobeFlashPlayerUpdateSvc - ok
14:29:20.0289 0x10b8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
14:29:20.0351 0x10b8 adp94xx - ok
14:29:20.0367 0x10b8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
14:29:20.0414 0x10b8 adpahci - ok
14:29:20.0429 0x10b8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
14:29:20.0461 0x10b8 adpu320 - ok
14:29:20.0476 0x10b8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:29:20.0617 0x10b8 AeLookupSvc - ok
14:29:20.0648 0x10b8 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
14:29:20.0710 0x10b8 AFD - ok
14:29:20.0726 0x10b8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
14:29:20.0757 0x10b8 agp440 - ok
14:29:20.0757 0x10b8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
14:29:20.0804 0x10b8 ALG - ok
14:29:20.0804 0x10b8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
14:29:20.0835 0x10b8 aliide - ok
14:29:20.0835 0x10b8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
14:29:20.0866 0x10b8 amdide - ok
14:29:20.0882 0x10b8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
14:29:20.0913 0x10b8 AmdK8 - ok
14:29:20.0913 0x10b8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
14:29:20.0944 0x10b8 AmdPPM - ok
14:29:20.0960 0x10b8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
14:29:20.0991 0x10b8 amdsata - ok
14:29:21.0022 0x10b8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
14:29:21.0053 0x10b8 amdsbs - ok
14:29:21.0053 0x10b8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
14:29:21.0085 0x10b8 amdxata - ok
14:29:21.0100 0x10b8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
14:29:21.0225 0x10b8 AppID - ok
14:29:21.0225 0x10b8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:29:21.0319 0x10b8 AppIDSvc - ok
14:29:21.0334 0x10b8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
14:29:21.0365 0x10b8 Appinfo - ok
14:29:21.0381 0x10b8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
14:29:21.0397 0x10b8 arc - ok
14:29:21.0412 0x10b8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
14:29:21.0443 0x10b8 arcsas - ok
14:29:21.0475 0x10b8 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:29:21.0506 0x10b8 aspnet_state - ok
14:29:21.0506 0x10b8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:29:21.0599 0x10b8 AsyncMac - ok
14:29:21.0599 0x10b8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
14:29:21.0631 0x10b8 atapi - ok
14:29:21.0677 0x10b8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:29:21.0802 0x10b8 AudioEndpointBuilder - ok
14:29:21.0849 0x10b8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
14:29:21.0974 0x10b8 AudioSrv - ok
14:29:21.0989 0x10b8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
14:29:22.0052 0x10b8 AxInstSV - ok
14:29:22.0083 0x10b8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
14:29:22.0145 0x10b8 b06bdrv - ok
14:29:22.0161 0x10b8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
14:29:22.0208 0x10b8 b57nd60a - ok
14:29:22.0223 0x10b8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
14:29:22.0270 0x10b8 BDESVC - ok
14:29:22.0270 0x10b8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
14:29:22.0348 0x10b8 Beep - ok
14:29:22.0395 0x10b8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
14:29:22.0473 0x10b8 BFE - ok
14:29:22.0535 0x10b8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\system32\qmgr.dll
14:29:22.0676 0x10b8 BITS - ok
14:29:22.0691 0x10b8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:29:22.0723 0x10b8 blbdrive - ok
14:29:22.0723 0x10b8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:29:22.0769 0x10b8 bowser - ok
14:29:22.0769 0x10b8 brcgqmlp - ok
14:29:22.0785 0x10b8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
14:29:22.0816 0x10b8 BrFiltLo - ok
14:29:22.0832 0x10b8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
14:29:22.0863 0x10b8 BrFiltUp - ok
14:29:22.0879 0x10b8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
14:29:22.0957 0x10b8 BridgeMP - ok
14:29:22.0972 0x10b8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
14:29:23.0019 0x10b8 Browser - ok
14:29:23.0035 0x10b8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:29:23.0081 0x10b8 Brserid - ok
14:29:23.0097 0x10b8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:29:23.0128 0x10b8 BrSerWdm - ok
14:29:23.0144 0x10b8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:29:23.0175 0x10b8 BrUsbMdm - ok
14:29:23.0191 0x10b8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:29:23.0206 0x10b8 BrUsbSer - ok
14:29:23.0237 0x10b8 [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:29:23.0269 0x10b8 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:29:26.0155 0x10b8 Detect skipped due to KSN trusted
14:29:26.0155 0x10b8 BrYNSvc - ok
14:29:26.0170 0x10b8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
14:29:26.0217 0x10b8 BTHMODEM - ok
14:29:26.0248 0x10b8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
14:29:26.0311 0x10b8 BTHPORT - ok
14:29:26.0326 0x10b8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
14:29:26.0420 0x10b8 bthserv - ok
14:29:26.0435 0x10b8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
14:29:26.0467 0x10b8 BTHUSB - ok
14:29:26.0467 0x10b8 catchme - ok
14:29:26.0482 0x10b8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:29:26.0576 0x10b8 cdfs - ok
14:29:26.0591 0x10b8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
14:29:26.0623 0x10b8 cdrom - ok
14:29:26.0638 0x10b8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
14:29:26.0732 0x10b8 CertPropSvc - ok
14:29:26.0732 0x10b8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
14:29:26.0779 0x10b8 circlass - ok
14:29:26.0794 0x10b8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
14:29:26.0841 0x10b8 CLFS - ok
14:29:26.0857 0x10b8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:26.0888 0x10b8 clr_optimization_v2.0.50727_32 - ok
14:29:26.0903 0x10b8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:29:26.0919 0x10b8 clr_optimization_v2.0.50727_64 - ok
14:29:26.0950 0x10b8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:26.0981 0x10b8 clr_optimization_v4.0.30319_32 - ok
14:29:26.0997 0x10b8 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:29:27.0028 0x10b8 clr_optimization_v4.0.30319_64 - ok
14:29:27.0028 0x10b8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
14:29:27.0059 0x10b8 CmBatt - ok
14:29:27.0075 0x10b8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
14:29:27.0106 0x10b8 cmdide - ok
14:29:27.0137 0x10b8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
14:29:27.0200 0x10b8 CNG - ok
14:29:27.0215 0x10b8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\drivers\compbatt.sys
14:29:27.0231 0x10b8 Compbatt - ok
14:29:27.0247 0x10b8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
14:29:27.0278 0x10b8 CompositeBus - ok
14:29:27.0293 0x10b8 COMSysApp - ok
14:29:27.0309 0x10b8 [ 702E7510ADD9F64CD5DC3160EF804A97, 86FD47D16F2714B4E5EF4B72A88C208B8724880686A2F0E83D0ACF31DED73CFC ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
14:29:27.0371 0x10b8 cphs - ok
14:29:27.0371 0x10b8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
14:29:27.0403 0x10b8 crcdisk - ok
14:29:27.0418 0x10b8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
14:29:27.0465 0x10b8 CryptSvc - ok
14:29:27.0512 0x10b8 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:29:27.0590 0x10b8 cvhsvc - ok
14:29:27.0652 0x10b8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
14:29:27.0746 0x10b8 DcomLaunch - ok
14:29:27.0777 0x10b8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
14:29:27.0871 0x10b8 defragsvc - ok
14:29:27.0886 0x10b8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:29:27.0964 0x10b8 DfsC - ok
14:29:27.0980 0x10b8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
14:29:28.0027 0x10b8 Dhcp - ok
14:29:28.0042 0x10b8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
14:29:28.0105 0x10b8 discache - ok
14:29:28.0120 0x10b8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
14:29:28.0151 0x10b8 Disk - ok
14:29:28.0151 0x10b8 dlkwxldi - ok
14:29:28.0167 0x10b8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:29:28.0214 0x10b8 Dnscache - ok
14:29:28.0229 0x10b8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
14:29:28.0307 0x10b8 dot3svc - ok
14:29:28.0323 0x10b8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
14:29:28.0401 0x10b8 DPS - ok
14:29:28.0417 0x10b8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:29:28.0432 0x10b8 drmkaud - ok
14:29:28.0448 0x10b8 dsgrpenk - ok
14:29:28.0495 0x10b8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:29:28.0557 0x10b8 DXGKrnl - ok
14:29:28.0588 0x10b8 [ 2E83CF60759CAEA3F0CEB26D58208CAB, 65C2140A2A376F9425D749EC5AE811028453734EAD94590D07EFECF7968150F4 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
14:29:28.0619 0x10b8 e1cexpress - ok
14:29:28.0635 0x10b8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
14:29:28.0713 0x10b8 EapHost - ok
14:29:28.0869 0x10b8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
14:29:29.0087 0x10b8 ebdrv - ok
14:29:29.0103 0x10b8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
14:29:29.0119 0x10b8 EFS - ok
14:29:29.0165 0x10b8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:29:29.0228 0x10b8 ehRecvr - ok
14:29:29.0243 0x10b8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
14:29:29.0275 0x10b8 ehSched - ok
14:29:29.0306 0x10b8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
14:29:29.0353 0x10b8 elxstor - ok
14:29:29.0353 0x10b8 eoirvjfi - ok
14:29:29.0384 0x10b8 [ 1E0764A8A8F39BAAEB271DA597422584, 0FEC21BF69925496E11DCDBB3409F63C0F7970FF2B68391CD6E3EF6F566FD2A3 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
14:29:29.0431 0x10b8 EpsonCustomerParticipation - ok
14:29:29.0446 0x10b8 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\windows\system32\EscSvc64.exe
14:29:29.0477 0x10b8 EpsonScanSvc - ok
14:29:29.0477 0x10b8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
14:29:29.0509 0x10b8 ErrDev - ok
14:29:29.0540 0x10b8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
14:29:29.0633 0x10b8 EventSystem - ok
14:29:29.0633 0x10b8 ewusbmbb - ok
14:29:29.0649 0x10b8 [ D83EB7ADE99D99A4CD6568AC1261D35E, 92F7ACBFE9CD717129176CEDF33FCA738C0FE0AFC5F2C22C894AB605A3F0747C ] ewusbnet C:\windows\system32\DRIVERS\ewusbnet.sys
14:29:29.0696 0x10b8 ewusbnet - ok
14:29:29.0696 0x10b8 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\windows\system32\DRIVERS\ew_hwusbdev.sys
14:29:29.0727 0x10b8 ew_hwusbdev - ok
14:29:29.0743 0x10b8 [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\windows\system32\DRIVERS\ew_usbenumfilter.sys
14:29:29.0774 0x10b8 ew_usbenumfilter - ok
14:29:29.0789 0x10b8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
14:29:29.0867 0x10b8 exfat - ok
14:29:29.0883 0x10b8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
14:29:29.0992 0x10b8 fastfat - ok
14:29:30.0039 0x10b8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
14:29:30.0117 0x10b8 Fax - ok
14:29:30.0117 0x10b8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
14:29:30.0148 0x10b8 fdc - ok
14:29:30.0164 0x10b8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
14:29:30.0242 0x10b8 fdPHost - ok
14:29:30.0257 0x10b8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
14:29:30.0335 0x10b8 FDResPub - ok
14:29:30.0351 0x10b8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:29:30.0382 0x10b8 FileInfo - ok
14:29:30.0382 0x10b8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:29:30.0476 0x10b8 Filetrace - ok
14:29:30.0476 0x10b8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
14:29:30.0507 0x10b8 flpydisk - ok
14:29:30.0523 0x10b8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:29:30.0569 0x10b8 FltMgr - ok
14:29:30.0647 0x10b8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
14:29:30.0757 0x10b8 FontCache - ok
14:29:30.0772 0x10b8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:29:30.0788 0x10b8 FontCache3.0.0.0 - ok
14:29:30.0803 0x10b8 foswbjcd - ok
14:29:30.0819 0x10b8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:29:30.0835 0x10b8 FsDepends - ok
14:29:30.0850 0x10b8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:29:30.0866 0x10b8 Fs_Rec - ok
14:29:30.0897 0x10b8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:29:30.0928 0x10b8 fvevol - ok
14:29:30.0944 0x10b8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
14:29:30.0975 0x10b8 gagp30kx - ok
14:29:30.0975 0x10b8 gkzhyqak - ok
14:29:30.0991 0x10b8 gmfntqqp - ok
14:29:31.0037 0x10b8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
14:29:31.0178 0x10b8 gpsvc - ok
14:29:31.0193 0x10b8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:29:31.0209 0x10b8 gupdate - ok
14:29:31.0225 0x10b8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:29:31.0240 0x10b8 gupdatem - ok
14:29:31.0256 0x10b8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:29:31.0287 0x10b8 hcw85cir - ok
14:29:31.0287 0x10b8 hczvwxss - ok
14:29:31.0318 0x10b8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:29:31.0365 0x10b8 HdAudAddService - ok
14:29:31.0381 0x10b8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
14:29:31.0427 0x10b8 HDAudBus - ok
14:29:31.0427 0x10b8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
14:29:31.0459 0x10b8 HidBatt - ok
14:29:31.0474 0x10b8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
14:29:31.0505 0x10b8 HidBth - ok
14:29:31.0521 0x10b8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
14:29:31.0552 0x10b8 HidIr - ok
14:29:31.0552 0x10b8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\System32\hidserv.dll
14:29:31.0630 0x10b8 hidserv - ok
14:29:31.0646 0x10b8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys
14:29:31.0677 0x10b8 HidUsb - ok
14:29:31.0677 0x10b8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
14:29:31.0755 0x10b8 hkmsvc - ok
14:29:31.0771 0x10b8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:29:31.0817 0x10b8 HomeGroupListener - ok
14:29:31.0833 0x10b8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:29:31.0880 0x10b8 HomeGroupProvider - ok
14:29:31.0880 0x10b8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:29:31.0911 0x10b8 HpSAMD - ok
14:29:31.0911 0x10b8 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
14:29:31.0942 0x10b8 HTCAND64 - ok
14:29:31.0989 0x10b8 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys
14:29:32.0005 0x10b8 htcnprot - ok
14:29:32.0051 0x10b8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:29:32.0176 0x10b8 HTTP - ok
14:29:32.0192 0x10b8 [ 9B45CE94876F03F12720AAC363ACBB8A, 0AADB37CD6D6058B5174757C3D45D1658586A1771C00749DE75B48D525109BD7 ] huawei_cdcacm C:\windows\system32\DRIVERS\ew_jucdcacm.sys
14:29:32.0223 0x10b8 huawei_cdcacm - ok
14:29:32.0223 0x10b8 [ 09AF4D7563EFC283BEDDDAFE60FAF168, C21BE5CB114D9C2BD5D22A19DF6F7AC5D1D7234918BD1D167C5B03C4377C248A ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
14:29:32.0270 0x10b8 huawei_enumerator - ok
14:29:32.0270 0x10b8 [ E51C81A443BF5B4736DE632D54454533, 8D469E45B9D5485243B6F56673E0401DBD381ADFF094C88040892F0F76264110 ] huawei_ext_ctrl C:\windows\system32\DRIVERS\ew_juextctrl.sys
14:29:32.0301 0x10b8 huawei_ext_ctrl - ok
14:29:32.0332 0x10b8 [ A36020F461F4EC0EEB8F5C850C8D0027, 3FC681AE62FD82A1B0263B7F8655D7587DE67D4C0861C0D251E77331A8132A9A ] huawei_wwanecm C:\windows\system32\DRIVERS\ew_juwwanecm.sys
14:29:32.0363 0x10b8 huawei_wwanecm - ok
14:29:32.0379 0x10b8 [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
14:29:32.0426 0x10b8 hwdatacard - ok
14:29:32.0426 0x10b8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:29:32.0457 0x10b8 hwpolicy - ok
14:29:32.0473 0x10b8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
14:29:32.0504 0x10b8 i8042prt - ok
14:29:32.0551 0x10b8 [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
14:29:32.0597 0x10b8 iaStor - ok
14:29:32.0629 0x10b8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:29:32.0675 0x10b8 iaStorV - ok
14:29:32.0738 0x10b8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:29:32.0816 0x10b8 idsvc - ok
14:29:32.0816 0x10b8 IEEtwCollectorService - ok
14:29:33.0658 0x10b8 [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
14:29:34.0781 0x10b8 igfx - ok
14:29:34.0828 0x10b8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
14:29:34.0844 0x10b8 iirsp - ok
14:29:34.0891 0x10b8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
14:29:34.0969 0x10b8 IKEEXT - ok
14:29:34.0984 0x10b8 [ CADDF0927DAC63EDAE48F5C35A61D87D, C46006461311B1563C1D149B9D60B202F30147265B9D93069B084D03A09D2BEC ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
14:29:35.0000 0x10b8 intaud_WaveExtensible - ok
14:29:35.0249 0x10b8 [ 21F54139C93FC595902B58ED947D47D5, B48FA18BD273AAB965C06D9F6F74EC7A8D318411293E06B407A38AC4A31E3F02 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:29:35.0530 0x10b8 IntcAzAudAddService - ok
14:29:35.0561 0x10b8 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
14:29:35.0608 0x10b8 IntcDAud - ok
14:29:35.0639 0x10b8 [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:29:38.0073 0x10b8 Intel® Capability Licensing Service Interface - ok
14:29:38.0089 0x10b8 [ 896AA2F1D79662B17D5DBBE588E24E30, 834257B3C247ECA0130A55FB8E5F906F54B94A124FBB842DB7D679C030BD439B ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
14:29:38.0120 0x10b8 Intel® ME Service - ok
14:29:38.0135 0x10b8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
14:29:38.0151 0x10b8 intelide - ok
14:29:38.0167 0x10b8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:29:38.0198 0x10b8 intelppm - ok
14:29:38.0213 0x10b8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:29:38.0307 0x10b8 IPBusEnum - ok
14:29:38.0307 0x10b8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:29:38.0401 0x10b8 IpFilterDriver - ok
14:29:38.0432 0x10b8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] IpHlpSvc C:\windows\System32\iphlpsvc.dll
14:29:38.0510 0x10b8 IpHlpSvc - ok
14:29:38.0525 0x10b8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
14:29:38.0557 0x10b8 IPMIDRV - ok
14:29:38.0572 0x10b8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:29:38.0650 0x10b8 IPNAT - ok
14:29:38.0666 0x10b8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
14:29:38.0697 0x10b8 IRENUM - ok
14:29:38.0713 0x10b8 [ 6DC22BDAA595BE00F19696E72F2F3312, B46B50395100D3A23663C56CC395A874130B72E314997AAD6C52F0C5C23364C4 ] irstrtdv C:\windows\system32\DRIVERS\irstrtdv.sys
14:29:38.0728 0x10b8 irstrtdv - ok
14:29:38.0744 0x10b8 [ 49869B871F6DB76021D0E9B5DF1CC2CB, 81B6FF4E7A2F984E190458AF0E2308B0227AE9CDD83EB2629BF084B8B1BFB76E ] irstrtsv C:\windows\SysWOW64\irstrtsv.exe
14:29:38.0775 0x10b8 irstrtsv - ok
14:29:38.0791 0x10b8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:29:38.0822 0x10b8 isapnp - ok
14:29:38.0837 0x10b8 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
14:29:38.0869 0x10b8 iScsiPrt - ok
14:29:38.0884 0x10b8 isintdzi - ok
14:29:38.0900 0x10b8 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
14:29:38.0915 0x10b8 iusb3hcs - ok
14:29:38.0947 0x10b8 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
14:29:38.0978 0x10b8 iusb3hub - ok
14:29:39.0040 0x10b8 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
14:29:39.0103 0x10b8 iusb3xhc - ok
14:29:39.0118 0x10b8 [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
14:29:39.0134 0x10b8 iwdbus - ok
14:29:39.0149 0x10b8 [ 3C6630473DD42FFC57D9F5564F533127, 1B2BBB8CF7AD5BF3F99565DA49F51B1E15D4B35698C105C0597DDBEB2DA61A83 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:29:39.0181 0x10b8 jhi_service - ok
14:29:39.0196 0x10b8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
14:29:39.0212 0x10b8 kbdclass - ok
14:29:39.0227 0x10b8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:29:39.0259 0x10b8 kbdhid - ok
14:29:39.0259 0x10b8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
14:29:39.0290 0x10b8 KeyIso - ok
14:29:39.0305 0x10b8 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:29:39.0337 0x10b8 KSecDD - ok
14:29:39.0352 0x10b8 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:29:39.0383 0x10b8 KSecPkg - ok
14:29:39.0383 0x10b8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
14:29:39.0477 0x10b8 ksthunk - ok
14:29:39.0508 0x10b8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
14:29:39.0602 0x10b8 KtmRm - ok
14:29:39.0617 0x10b8 kwctcsqw - ok
14:29:39.0617 0x10b8 kxbgedzf - ok
14:29:39.0649 0x10b8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\System32\srvsvc.dll
14:29:39.0742 0x10b8 LanmanServer - ok
14:29:39.0758 0x10b8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:29:39.0851 0x10b8 LanmanWorkstation - ok
14:29:39.0867 0x10b8 lglygkaq - ok
14:29:39.0867 0x10b8 liaprsbl - ok
14:29:39.0883 0x10b8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:29:39.0976 0x10b8 lltdio - ok
14:29:39.0992 0x10b8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
14:29:40.0101 0x10b8 lltdsvc - ok
14:29:40.0101 0x10b8 lmgfbqnu - ok
14:29:40.0117 0x10b8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
14:29:40.0195 0x10b8 lmhosts - ok
14:29:40.0226 0x10b8 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5, 7CEF2455D21A355542B290F4F18EDBC444F3704A31E569652D96A0A3E6799826 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:29:40.0257 0x10b8 LMS - ok
14:29:40.0273 0x10b8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
14:29:40.0304 0x10b8 LSI_FC - ok
14:29:40.0319 0x10b8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
14:29:40.0351 0x10b8 LSI_SAS - ok
14:29:40.0366 0x10b8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
14:29:40.0397 0x10b8 LSI_SAS2 - ok
14:29:40.0397 0x10b8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
14:29:40.0429 0x10b8 LSI_SCSI - ok
14:29:40.0444 0x10b8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
14:29:40.0538 0x10b8 luafv - ok
14:29:40.0553 0x10b8 [ 23488767CB18FC3FF39E3AF1DB3FB02C, F526B80EDA5309162239741CF1C77957E2F9EDEB223AB3DB6FF0DEA3D473590B ] massfilter C:\windows\system32\drivers\massfilter.sys
14:29:40.0569 0x10b8 massfilter - ok
14:29:40.0585 0x10b8 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\windows\system32\drivers\mbam.sys
14:29:40.0616 0x10b8 MBAMProtector - ok
14:29:40.0647 0x10b8 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:29:40.0694 0x10b8 MBAMScheduler - ok
14:29:40.0725 0x10b8 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:29:40.0787 0x10b8 MBAMService - ok
14:29:40.0803 0x10b8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:29:40.0834 0x10b8 Mcx2Svc - ok
14:29:40.0850 0x10b8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
14:29:40.0881 0x10b8 megasas - ok
14:29:40.0897 0x10b8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
14:29:40.0943 0x10b8 MegaSR - ok
14:29:40.0943 0x10b8 [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
14:29:40.0975 0x10b8 MEIx64 - ok
14:29:40.0990 0x10b8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
14:29:41.0068 0x10b8 MMCSS - ok
14:29:41.0084 0x10b8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
14:29:41.0162 0x10b8 Modem - ok
14:29:41.0177 0x10b8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:29:41.0209 0x10b8 monitor - ok
14:29:41.0224 0x10b8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
14:29:41.0255 0x10b8 mouclass - ok
14:29:41.0255 0x10b8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\drivers\mouhid.sys
14:29:41.0287 0x10b8 mouhid - ok
14:29:41.0302 0x10b8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:29:41.0333 0x10b8 mountmgr - ok
14:29:41.0349 0x10b8 [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
14:29:41.0396 0x10b8 MpFilter - ok
14:29:41.0411 0x10b8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
14:29:41.0443 0x10b8 mpio - ok
14:29:41.0458 0x10b8 [ BC3C790A27FFF88DACC787B860E6741F, AD8A6A44E808EB7E25FA1091313BF3B66A4DEEA03466EF67AF74678F20B4D393 ] MpKslc46ee32a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F19DB-1BA8-409D-8769-80EB100585F0}\MpKslc46ee32a.sys
14:29:41.0489 0x10b8 MpKslc46ee32a - ok
14:29:41.0489 0x10b8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:29:41.0583 0x10b8 mpsdrv - ok
14:29:41.0630 0x10b8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
14:29:41.0770 0x10b8 MpsSvc - ok
14:29:41.0801 0x10b8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:29:41.0833 0x10b8 MRxDAV - ok
14:29:41.0848 0x10b8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:29:41.0879 0x10b8 mrxsmb - ok
14:29:41.0911 0x10b8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:29:41.0957 0x10b8 mrxsmb10 - ok
14:29:41.0973 0x10b8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:29:42.0004 0x10b8 mrxsmb20 - ok
14:29:42.0020 0x10b8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
14:29:42.0035 0x10b8 msahci - ok
14:29:42.0051 0x10b8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:29:42.0082 0x10b8 msdsm - ok
14:29:42.0098 0x10b8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
14:29:42.0145 0x10b8 MSDTC - ok
14:29:42.0160 0x10b8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:29:42.0238 0x10b8 Msfs - ok
14:29:42.0254 0x10b8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:29:42.0332 0x10b8 mshidkmdf - ok
14:29:42.0347 0x10b8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:29:42.0363 0x10b8 msisadrv - ok
14:29:42.0379 0x10b8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:29:42.0472 0x10b8 MSiSCSI - ok
14:29:42.0488 0x10b8 msiserver - ok
14:29:42.0503 0x10b8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:29:42.0581 0x10b8 MSKSSRV - ok
14:29:42.0597 0x10b8 [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:29:42.0613 0x10b8 MsMpSvc - ok
14:29:42.0628 0x10b8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:29:42.0706 0x10b8 MSPCLOCK - ok
14:29:42.0722 0x10b8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:29:42.0800 0x10b8 MSPQM - ok
14:29:42.0831 0x10b8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:29:42.0878 0x10b8 MsRPC - ok
14:29:42.0878 0x10b8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
14:29:42.0909 0x10b8 mssmbios - ok
14:29:42.0909 0x10b8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:29:43.0003 0x10b8 MSTEE - ok
14:29:43.0003 0x10b8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
14:29:43.0034 0x10b8 MTConfig - ok
14:29:43.0049 0x10b8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
14:29:43.0081 0x10b8 Mup - ok
14:29:43.0112 0x10b8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
14:29:43.0221 0x10b8 napagent - ok
14:29:43.0252 0x10b8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:29:43.0315 0x10b8 NativeWifiP - ok
14:29:43.0377 0x10b8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
14:29:43.0455 0x10b8 NDIS - ok
14:29:43.0471 0x10b8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:29:43.0549 0x10b8 NdisCap - ok
14:29:43.0564 0x10b8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:29:43.0642 0x10b8 NdisTapi - ok
14:29:43.0642 0x10b8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:29:43.0720 0x10b8 Ndisuio - ok
14:29:43.0736 0x10b8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:29:43.0814 0x10b8 NdisWan - ok
14:29:43.0829 0x10b8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:29:43.0907 0x10b8 NDProxy - ok
14:29:43.0923 0x10b8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:29:44.0001 0x10b8 NetBIOS - ok
14:29:44.0017 0x10b8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:29:44.0095 0x10b8 NetBT - ok
14:29:44.0110 0x10b8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
14:29:44.0141 0x10b8 Netlogon - ok
14:29:44.0157 0x10b8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
14:29:44.0266 0x10b8 Netman - ok
14:29:44.0282 0x10b8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:29:44.0313 0x10b8 NetMsmqActivator - ok
14:29:44.0329 0x10b8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:29:44.0344 0x10b8 NetPipeActivator - ok
14:29:44.0375 0x10b8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
14:29:44.0500 0x10b8 netprofm - ok
14:29:44.0516 0x10b8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:29:44.0531 0x10b8 NetTcpActivator - ok
14:29:44.0547 0x10b8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:29:44.0578 0x10b8 NetTcpPortSharing - ok
14:29:45.0202 0x10b8 [ 079F133C8BF1CF5DE310DEB467CA6AA6, 3EA1ECC74832F1D91B937EAB8DCC965C43514ACB8F70E694C8F954CA860B8930 ] NETwNs64 C:\windows\system32\DRIVERS\Netwsw00.sys
14:29:45.0951 0x10b8 NETwNs64 - ok
14:29:45.0967 0x10b8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
14:29:45.0998 0x10b8 nfrd960 - ok
14:29:45.0998 0x10b8 ngbhaohm - ok
14:29:46.0013 0x10b8 [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
14:29:46.0045 0x10b8 NisDrv - ok
14:29:46.0060 0x10b8 [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:29:46.0107 0x10b8 NisSrv - ok
14:29:46.0123 0x10b8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
14:29:46.0169 0x10b8 NlaSvc - ok
14:29:46.0169 0x10b8 nllvhafa - ok
14:29:46.0169 0x10b8 Norton PC Checkup Application Launcher - ok
14:29:46.0185 0x10b8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
14:29:46.0247 0x10b8 Npfs - ok
14:29:46.0263 0x10b8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
14:29:46.0325 0x10b8 nsi - ok
14:29:46.0341 0x10b8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:29:46.0403 0x10b8 nsiproxy - ok
14:29:46.0481 0x10b8 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:29:46.0591 0x10b8 Ntfs - ok
14:29:46.0606 0x10b8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
14:29:46.0669 0x10b8 Null - ok
14:29:46.0684 0x10b8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
14:29:46.0700 0x10b8 nvraid - ok
14:29:46.0715 0x10b8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
14:29:46.0747 0x10b8 nvstor - ok
14:29:46.0762 0x10b8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:29:46.0778 0x10b8 nv_agp - ok
14:29:46.0793 0x10b8 odtszexz - ok
14:29:46.0793 0x10b8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:29:46.0825 0x10b8 ohci1394 - ok
14:29:46.0840 0x10b8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:29:46.0856 0x10b8 ose - ok
14:29:47.0090 0x10b8 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:29:47.0433 0x10b8 osppsvc - ok
14:29:47.0464 0x10b8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:29:47.0511 0x10b8 p2pimsvc - ok
14:29:47.0542 0x10b8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
14:29:47.0605 0x10b8 p2psvc - ok
14:29:47.0620 0x10b8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
14:29:47.0651 0x10b8 Parport - ok
14:29:47.0667 0x10b8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
14:29:47.0698 0x10b8 partmgr - ok
14:29:47.0714 0x10b8 [ AFADA8B97BE3C9398DC6C770409C3544, 670451D08AD1534D424D7D6B9BD7D2C71F526313FE2DD34B1F277D7CD403F39B ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
14:29:47.0839 0x10b8 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
14:29:50.0756 0x10b8 Detect skipped due to KSN trusted
14:29:50.0756 0x10b8 PassThru Service - ok
14:29:50.0771 0x10b8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
14:29:50.0834 0x10b8 PcaSvc - ok
14:29:50.0834 0x10b8 [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
14:29:50.0865 0x10b8 PCCUJobMgr - ok
14:29:50.0881 0x10b8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
14:29:50.0927 0x10b8 pci - ok
14:29:50.0927 0x10b8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
14:29:50.0959 0x10b8 pciide - ok
14:29:50.0974 0x10b8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
14:29:51.0021 0x10b8 pcmcia - ok
14:29:51.0021 0x10b8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
14:29:51.0052 0x10b8 pcw - ok
14:29:51.0083 0x10b8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:29:51.0208 0x10b8 PEAUTH - ok
14:29:51.0239 0x10b8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
14:29:51.0255 0x10b8 PerfHost - ok
14:29:51.0286 0x10b8 [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
14:29:51.0302 0x10b8 PGEffect - ok
14:29:51.0395 0x10b8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
14:29:51.0567 0x10b8 pla - ok
14:29:51.0598 0x10b8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:29:51.0661 0x10b8 PlugPlay - ok
14:29:51.0676 0x10b8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:29:51.0707 0x10b8 PNRPAutoReg - ok
14:29:51.0723 0x10b8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:29:51.0785 0x10b8 PNRPsvc - ok
14:29:51.0817 0x10b8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:29:51.0926 0x10b8 PolicyAgent - ok
14:29:51.0941 0x10b8 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\windows\system32\umpo.dll
14:29:51.0988 0x10b8 Power - ok
14:29:52.0004 0x10b8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:29:52.0097 0x10b8 PptpMiniport - ok
14:29:52.0113 0x10b8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
14:29:52.0144 0x10b8 Processor - ok
14:29:52.0160 0x10b8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
14:29:52.0207 0x10b8 ProfSvc - ok
14:29:52.0207 0x10b8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
14:29:52.0238 0x10b8 ProtectedStorage - ok
14:29:52.0253 0x10b8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:29:52.0347 0x10b8 Psched - ok
14:29:52.0425 0x10b8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
14:29:52.0550 0x10b8 ql2300 - ok
14:29:52.0565 0x10b8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
14:29:52.0597 0x10b8 ql40xx - ok
14:29:52.0628 0x10b8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
14:29:52.0675 0x10b8 QWAVE - ok
14:29:52.0690 0x10b8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:29:52.0737 0x10b8 QWAVEdrv - ok
14:29:52.0737 0x10b8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:29:52.0831 0x10b8 RasAcd - ok
14:29:52.0846 0x10b8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:29:52.0924 0x10b8 RasAgileVpn - ok
14:29:52.0940 0x10b8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
14:29:53.0018 0x10b8 RasAuto - ok
14:29:53.0033 0x10b8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:29:53.0127 0x10b8 Rasl2tp - ok
14:29:53.0158 0x10b8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
14:29:53.0267 0x10b8 RasMan - ok
14:29:53.0267 0x10b8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:29:53.0392 0x10b8 RasPppoe - ok
14:29:53.0408 0x10b8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:29:53.0486 0x10b8 RasSstp - ok
14:29:53.0517 0x10b8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:29:53.0626 0x10b8 rdbss - ok
14:29:53.0626 0x10b8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
14:29:53.0673 0x10b8 rdpbus - ok
14:29:53.0673 0x10b8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:29:53.0751 0x10b8 RDPCDD - ok
14:29:53.0767 0x10b8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:29:53.0845 0x10b8 RDPENCDD - ok
14:29:53.0860 0x10b8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:29:53.0938 0x10b8 RDPREFMP - ok
14:29:53.0969 0x10b8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:29:54.0016 0x10b8 RDPWD - ok
14:29:54.0032 0x10b8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:29:54.0063 0x10b8 rdyboost - ok
14:29:54.0079 0x10b8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:29:54.0172 0x10b8 RemoteRegistry - ok
14:29:54.0188 0x10b8 [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc C:\windows\system32\DRIVERS\risdxc64.sys
14:29:54.0219 0x10b8 risdxc - ok
14:29:54.0235 0x10b8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:29:54.0328 0x10b8 RpcEptMapper - ok
14:29:54.0344 0x10b8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
14:29:54.0375 0x10b8 RpcLocator - ok
14:29:54.0406 0x10b8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
14:29:54.0515 0x10b8 RpcSs - ok
14:29:54.0531 0x10b8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:29:54.0625 0x10b8 rspndr - ok
14:29:54.0625 0x10b8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
14:29:54.0656 0x10b8 SamSs - ok
14:29:54.0671 0x10b8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:29:54.0703 0x10b8 sbp2port - ok
14:29:54.0718 0x10b8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
14:29:54.0812 0x10b8 SCardSvr - ok
14:29:54.0827 0x10b8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:29:54.0905 0x10b8 scfilter - ok
14:29:54.0968 0x10b8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
14:29:55.0139 0x10b8 Schedule - ok
14:29:55.0155 0x10b8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
14:29:55.0233 0x10b8 SCPolicySvc - ok
14:29:55.0249 0x10b8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:29:55.0295 0x10b8 SDRSVC - ok
14:29:55.0295 0x10b8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
14:29:55.0389 0x10b8 secdrv - ok
14:29:55.0389 0x10b8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
14:29:55.0483 0x10b8 seclogon - ok
14:29:55.0498 0x10b8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\system32\sens.dll
14:29:55.0576 0x10b8 SENS - ok
14:29:55.0592 0x10b8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
14:29:55.0607 0x10b8 SensrSvc - ok
14:29:55.0623 0x10b8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
14:29:55.0654 0x10b8 Serenum - ok
14:29:55.0670 0x10b8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
14:29:55.0701 0x10b8 Serial - ok
14:29:55.0717 0x10b8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
14:29:55.0732 0x10b8 sermouse - ok
14:29:55.0763 0x10b8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
14:29:55.0857 0x10b8 SessionEnv - ok
14:29:55.0857 0x10b8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:29:55.0904 0x10b8 sffdisk - ok
14:29:55.0904 0x10b8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:29:55.0935 0x10b8 sffp_mmc - ok
14:29:55.0951 0x10b8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:29:55.0982 0x10b8 sffp_sd - ok
14:29:55.0997 0x10b8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
14:29:56.0029 0x10b8 sfloppy - ok
14:29:56.0075 0x10b8 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
14:29:56.0138 0x10b8 Sftfs - ok
14:29:56.0185 0x10b8 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:29:56.0231 0x10b8 sftlist - ok
14:29:56.0263 0x10b8 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
14:29:56.0294 0x10b8 Sftplay - ok
14:29:56.0309 0x10b8 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
14:29:56.0325 0x10b8 Sftredir - ok
14:29:56.0341 0x10b8 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
14:29:56.0356 0x10b8 Sftvol - ok
14:29:56.0387 0x10b8 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:29:56.0419 0x10b8 sftvsa - ok
14:29:56.0450 0x10b8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
14:29:56.0559 0x10b8 SharedAccess - ok
14:29:56.0575 0x10b8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:29:56.0684 0x10b8 ShellHWDetection - ok
14:29:56.0699 0x10b8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
14:29:56.0731 0x10b8 SiSRaid2 - ok
14:29:56.0746 0x10b8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
14:29:56.0762 0x10b8 SiSRaid4 - ok
14:29:56.0777 0x10b8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
14:29:56.0871 0x10b8 Smb - ok
14:29:56.0887 0x10b8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:29:56.0918 0x10b8 SNMPTRAP - ok
14:29:56.0918 0x10b8 spaepyiu - ok
14:29:56.0933 0x10b8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
14:29:56.0949 0x10b8 spldr - ok
14:29:56.0996 0x10b8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
14:29:57.0058 0x10b8 Spooler - ok
14:29:57.0261 0x10b8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
14:29:57.0604 0x10b8 sppsvc - ok
14:29:57.0635 0x10b8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:29:57.0713 0x10b8 sppuinotify - ok
14:29:57.0760 0x10b8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
14:29:57.0823 0x10b8 srv - ok
14:29:57.0838 0x10b8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:29:57.0901 0x10b8 srv2 - ok
14:29:57.0916 0x10b8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:29:57.0963 0x10b8 srvnet - ok
14:29:57.0979 0x10b8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:29:58.0072 0x10b8 SSDPSRV - ok
14:29:58.0088 0x10b8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
14:29:58.0181 0x10b8 SstpSvc - ok
14:29:58.0197 0x10b8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
14:29:58.0213 0x10b8 stexstor - ok
14:29:58.0228 0x10b8 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
14:29:58.0244 0x10b8 StillCam - ok
14:29:58.0291 0x10b8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
14:29:58.0369 0x10b8 stisvc - ok
14:29:58.0384 0x10b8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
14:29:58.0400 0x10b8 swenum - ok
14:29:58.0447 0x10b8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
14:29:58.0571 0x10b8 swprv - ok
14:29:58.0587 0x10b8 [ 772493A8945495F1A287BF6C4CA25B48, D27BF0480ED94B24268714565CA848A099CFCEDE0D344A897DB5D779C3284A33 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
14:29:58.0634 0x10b8 SynTP - ok
14:29:58.0727 0x10b8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
14:29:58.0883 0x10b8 SysMain - ok
14:29:58.0899 0x10b8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
14:29:58.0946 0x10b8 TabletInputService - ok
14:29:58.0961 0x10b8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
14:29:59.0055 0x10b8 TapiSrv - ok
14:29:59.0071 0x10b8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
14:29:59.0149 0x10b8 TBS - ok
14:29:59.0242 0x10b8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:29:59.0383 0x10b8 Tcpip - ok
14:29:59.0507 0x10b8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:29:59.0632 0x10b8 TCPIP6 - ok
14:29:59.0648 0x10b8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:29:59.0679 0x10b8 tcpipreg - ok
14:29:59.0695 0x10b8 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
14:29:59.0726 0x10b8 tdcmdpst - ok
14:29:59.0726 0x10b8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:29:59.0757 0x10b8 TDPIPE - ok
14:29:59.0773 0x10b8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:29:59.0788 0x10b8 TDTCP - ok
14:29:59.0804 0x10b8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:29:59.0897 0x10b8 tdx - ok
14:29:59.0913 0x10b8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
14:29:59.0929 0x10b8 TermDD - ok
14:29:59.0975 0x10b8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
14:30:00.0116 0x10b8 TermService - ok
14:30:00.0131 0x10b8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
14:30:00.0178 0x10b8 Themes - ok
14:30:00.0178 0x10b8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
14:30:00.0272 0x10b8 THREADORDER - ok
14:30:00.0272 0x10b8 [ 521C21E7F6EAB98679F90CA4E135FB95, 16BC5D25955E744AEAADD7338B946ED88870F37841B8C6C24F93EC65BF526DF8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:30:00.0303 0x10b8 TMachInfo - ok
14:30:00.0319 0x10b8 [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\windows\system32\TODDSrv.exe
14:30:00.0350 0x10b8 TODDSrv - ok
14:30:00.0381 0x10b8 [ DDFB839074FA7980726D24495AEB25E3, AB8F0B559157094E4E4907DBF4F4ACD0DBE7C3DB7CF6E5B92B3BD73021CF6F40 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:30:00.0443 0x10b8 TosCoSrv - ok
14:30:00.0459 0x10b8 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46, 3D3F68DC994C99436E31B72AEE15F4F46437AC3F2C2CD1D477C738E16397CB50 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:30:00.0490 0x10b8 TOSHIBA Bluetooth Service - ok
14:30:00.0521 0x10b8 [ 18CC3B3DB8840C6776A69E758A2B8A77, B90A6858ECE8EB9E7AE07B0DF00565315EA1022C47602D083B47940B89D45F3E ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:30:00.0553 0x10b8 TOSHIBA eco Utility Service - ok
14:30:00.0568 0x10b8 [ 7C33EF3DD1A861010AE0E614A06439D1, 72785C545A773D69E22AAE20A08F156FE8435E01086FB621D3DD5B755325AA67 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:30:00.0599 0x10b8 TOSHIBA HDD SSD Alert Service - ok
14:30:00.0615 0x10b8 [ 8021F63311797085949FA387F7C83583, 7781994B9F06784807D32FD5A93C5406A441908870B1328BBDA9D15C5DD98C1B ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
14:30:00.0631 0x10b8 tosporte - ok
14:30:00.0646 0x10b8 [ B9FA0498F6CC596FFA5CF47A04CD1785, E5AF5A1E31416C7917321082A2A34EDA557E6928A74D6B17AB51ED5549A4B6C8 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
14:30:00.0693 0x10b8 tosrfbd - ok
14:30:00.0693 0x10b8 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB, B705B0ADD6965CF63D3FCD039DBC80EEB8B3860608367D248C7350BB16D83337 ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
14:30:00.0724 0x10b8 tosrfbnp - ok
14:30:00.0740 0x10b8 [ 9E4E65EA51E34647340BD6007467AC54, D4FD658250298AE52959009C7DB031A7D82E48088DB5D94E6D3F990058B9D75E ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
14:30:00.0755 0x10b8 Tosrfcom - ok
14:30:00.0771 0x10b8 [ A4DDAD3BF13F370EC392BE243E334EBA, DB4F33DB2B9692AB4087E408AAEC2AB4046278BBD696213089E2D931C04E966B ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
14:30:00.0787 0x10b8 tosrfec - ok
14:30:00.0802 0x10b8 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A, 38D2C64559EF4598025474643EC0D506F0107822AC6205E8C4D26B76EB28177D ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
14:30:00.0818 0x10b8 Tosrfhid - ok
14:30:00.0833 0x10b8 [ B6FDC3C76FFE9C5171EEA9C37EA367C2, 4F8D4E2E37164DB91F396B836BD888CF221010103CF3FBECE00B747155819374 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
14:30:00.0849 0x10b8 tosrfnds - ok
14:30:00.0849 0x10b8 [ 7052B10E54B48AF12BD5606596A8E039, 530862CFF482B279CCF320B6941C7C8BFAA95F04561BE5F0FDB3E0C042FE6BDA ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
14:30:00.0880 0x10b8 TosRfSnd - ok
14:30:00.0896 0x10b8 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2, B215C6357E30A0E669FD0D4B9BB9D84B1D30B2177B6ED626B3C70D96C8FF4497 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
14:30:00.0927 0x10b8 Tosrfusb - ok
14:30:00.0958 0x10b8 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
14:30:01.0005 0x10b8 tos_sps64 - ok
14:30:01.0052 0x10b8 [ ED53F965168AFB40DB9068092349AD64, D31D3E4ED9A5E56A1BCDBFA7CFBC1C9621557C3EA821B84A99039A611C93943E ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:30:01.0130 0x10b8 TPCHSrv - ok
14:30:01.0145 0x10b8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
14:30:01.0239 0x10b8 TrkWks - ok
14:30:01.0255 0x10b8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:30:01.0348 0x10b8 TrustedInstaller - ok
14:30:01.0364 0x10b8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:30:01.0395 0x10b8 tssecsrv - ok
14:30:01.0395 0x10b8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:30:01.0426 0x10b8 TsUsbFlt - ok
14:30:01.0442 0x10b8 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
14:30:01.0473 0x10b8 TsUsbGD - ok
14:30:01.0473 0x10b8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:30:01.0567 0x10b8 tunnel - ok
14:30:01.0582 0x10b8 [ EFFCE6E033EBDD0F3C0F14A413558F65, 576E7C8F1FBE874A0F8F7AA97FC19F472474CFD4A6F663034341E98FF5A28BB5 ] TVALZ C:\windows\system32\DRIVERS\TVALZ.SYS
14:30:01.0598 0x10b8 TVALZ - ok
14:30:01.0613 0x10b8 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
14:30:01.0629 0x10b8 TVALZFL - ok
14:30:01.0645 0x10b8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
14:30:01.0660 0x10b8 uagp35 - ok
14:30:01.0691 0x10b8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:30:01.0801 0x10b8 udfs - ok
14:30:01.0816 0x10b8 [ 86D3050A26166B2986330A74FE59A3A6, D92D4EF4B44CD036F682397F2095CE3014C2B3834DE542B0CDEB391F788338DA ] UI Assistant Service C:\Program Files (x86)\Reliance 3G\AssistantServices.exe
14:30:01.0863 0x10b8 UI Assistant Service - ok
14:30:01.0863 0x10b8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
14:30:01.0910 0x10b8 UI0Detect - ok
14:30:01.0910 0x10b8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:30:01.0941 0x10b8 uliagpkx - ok
14:30:01.0957 0x10b8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
14:30:01.0988 0x10b8 umbus - ok
14:30:01.0988 0x10b8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
14:30:02.0019 0x10b8 UmPass - ok
14:30:02.0050 0x10b8 [ 3C5405EF78576E8E4D791EB18F6856A8, 18FD6A5C0ACD045B324F46C7C596D537D52F43B7F2896F0D54CEBEFF4886CAEC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:30:02.0097 0x10b8 UNS - ok
14:30:02.0128 0x10b8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
14:30:02.0237 0x10b8 upnphost - ok
14:30:02.0253 0x10b8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
14:30:02.0284 0x10b8 usbaudio - ok
14:30:02.0300 0x10b8 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:30:02.0331 0x10b8 usbccgp - ok
14:30:02.0331 0x10b8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
14:30:02.0378 0x10b8 usbcir - ok
14:30:02.0378 0x10b8 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\windows\system32\drivers\usbehci.sys
14:30:02.0409 0x10b8 usbehci - ok
14:30:02.0440 0x10b8 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:30:02.0487 0x10b8 usbhub - ok
14:30:02.0503 0x10b8 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\windows\system32\drivers\usbohci.sys
14:30:02.0518 0x10b8 usbohci - ok
14:30:02.0534 0x10b8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:30:02.0565 0x10b8 usbprint - ok
14:30:02.0581 0x10b8 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
14:30:02.0612 0x10b8 usbscan - ok
14:30:02.0627 0x10b8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
14:30:02.0674 0x10b8 USBSTOR - ok
14:30:02.0690 0x10b8 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:30:02.0721 0x10b8 usbuhci - ok
14:30:02.0737 0x10b8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
14:30:02.0783 0x10b8 usbvideo - ok
14:30:02.0783 0x10b8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
14:30:02.0877 0x10b8 UxSms - ok
14:30:02.0877 0x10b8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
14:30:02.0908 0x10b8 VaultSvc - ok
14:30:02.0924 0x10b8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:30:02.0955 0x10b8 vdrvroot - ok
14:30:02.0986 0x10b8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
14:30:03.0095 0x10b8 vds - ok
14:30:03.0111 0x10b8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:30:03.0142 0x10b8 vga - ok
14:30:03.0158 0x10b8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
14:30:03.0236 0x10b8 VgaSave - ok
14:30:03.0267 0x10b8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
14:30:03.0298 0x10b8 vhdmp - ok
14:30:03.0314 0x10b8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
14:30:03.0329 0x10b8 viaide - ok
14:30:03.0345 0x10b8 vjskyjnu - ok
14:30:03.0345 0x10b8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:30:03.0376 0x10b8 volmgr - ok
14:30:03.0407 0x10b8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:30:03.0454 0x10b8 volmgrx - ok
14:30:03.0470 0x10b8 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
14:30:03.0517 0x10b8 volsnap - ok
14:30:03.0532 0x10b8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
14:30:03.0563 0x10b8 vsmraid - ok
14:30:03.0657 0x10b8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
14:30:03.0860 0x10b8 VSS - ok
14:30:03.0875 0x10b8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:30:03.0907 0x10b8 vwifibus - ok
14:30:03.0922 0x10b8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:30:03.0969 0x10b8 vwififlt - ok
14:30:03.0969 0x10b8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
14:30:04.0016 0x10b8 vwifimp - ok
14:30:04.0016 0x10b8 vwimkwzv - ok
14:30:04.0047 0x10b8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
14:30:04.0156 0x10b8 W32Time - ok
14:30:04.0172 0x10b8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
14:30:04.0203 0x10b8 WacomPen - ok
14:30:04.0219 0x10b8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:30:04.0297 0x10b8 WANARP - ok
14:30:04.0312 0x10b8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:30:04.0390 0x10b8 Wanarpv6 - ok
14:30:04.0468 0x10b8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
14:30:04.0577 0x10b8 WatAdminSvc - ok
14:30:04.0671 0x10b8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
14:30:04.0811 0x10b8 wbengine - ok
14:30:04.0827 0x10b8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:30:04.0889 0x10b8 WbioSrvc - ok
14:30:04.0921 0x10b8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
14:30:04.0983 0x10b8 wcncsvc - ok
14:30:04.0999 0x10b8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:30:05.0030 0x10b8 WcsPlugInService - ok
14:30:05.0030 0x10b8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
14:30:05.0061 0x10b8 Wd - ok
14:30:05.0108 0x10b8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:30:05.0186 0x10b8 Wdf01000 - ok
14:30:05.0201 0x10b8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
14:30:05.0264 0x10b8 WdiServiceHost - ok
14:30:05.0279 0x10b8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
14:30:05.0326 0x10b8 WdiSystemHost - ok
14:30:05.0342 0x10b8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
14:30:05.0389 0x10b8 WebClient - ok
14:30:05.0404 0x10b8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
14:30:05.0513 0x10b8 Wecsvc - ok
14:30:05.0529 0x10b8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
14:30:05.0607 0x10b8 wercplsupport - ok
14:30:05.0638 0x10b8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
14:30:05.0716 0x10b8 WerSvc - ok
14:30:05.0732 0x10b8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:30:05.0810 0x10b8 WfpLwf - ok
14:30:05.0825 0x10b8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:30:05.0841 0x10b8 WIMMount - ok
14:30:05.0857 0x10b8 WinDefend - ok
14:30:05.0872 0x10b8 WinHttpAutoProxySvc - ok
14:30:05.0888 0x10b8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:30:05.0997 0x10b8 Winmgmt - ok
14:30:06.0106 0x10b8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
14:30:06.0340 0x10b8 WinRM - ok
14:30:06.0356 0x10b8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
14:30:06.0403 0x10b8 WinUsb - ok
14:30:06.0449 0x10b8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
14:30:06.0559 0x10b8 Wlansvc - ok
14:30:06.0574 0x10b8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:30:06.0605 0x10b8 wlcrasvc - ok
14:30:06.0730 0x10b8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:30:06.0902 0x10b8 wlidsvc - ok
14:30:06.0902 0x10b8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
14:30:06.0933 0x10b8 WmiAcpi - ok
14:30:06.0949 0x10b8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:30:06.0995 0x10b8 wmiApSrv - ok
14:30:06.0995 0x10b8 WMPNetworkSvc - ok
14:30:07.0011 0x10b8 wnlrwluw - ok
14:30:07.0011 0x10b8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
14:30:07.0042 0x10b8 WPCSvc - ok
14:30:07.0058 0x10b8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:30:07.0089 0x10b8 WPDBusEnum - ok
14:30:07.0105 0x10b8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:30:07.0167 0x10b8 ws2ifsl - ok
14:30:07.0183 0x10b8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\system32\wscsvc.dll
14:30:07.0229 0x10b8 wscsvc - ok
14:30:07.0245 0x10b8 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
14:30:07.0276 0x10b8 WSDPrintDevice - ok
14:30:07.0276 0x10b8 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
14:30:07.0307 0x10b8 WSDScan - ok
14:30:07.0307 0x10b8 WSearch - ok
14:30:07.0448 0x10b8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
14:30:07.0604 0x10b8 wuauserv - ok
14:30:07.0619 0x10b8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:30:07.0651 0x10b8 WudfPf - ok
14:30:07.0666 0x10b8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:30:07.0697 0x10b8 WUDFRd - ok
14:30:07.0713 0x10b8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:30:07.0729 0x10b8 wudfsvc - ok
14:30:07.0744 0x10b8 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\windows\System32\wwansvc.dll
14:30:07.0791 0x10b8 WwanSvc - ok
14:30:07.0791 0x10b8 wzykbxsb - ok
14:30:07.0807 0x10b8 [ FF5A03A65B68DB7E02A12880399D40D4, 9C530A1E7C0B7500C6965896B97CB9BA7BD210165EC0D0B7FE4D1CAEB747BFFF ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:30:07.0838 0x10b8 ZTEusbmdm6k - ok
14:30:07.0853 0x10b8 [ FF5A03A65B68DB7E02A12880399D40D4, 9C530A1E7C0B7500C6965896B97CB9BA7BD210165EC0D0B7FE4D1CAEB747BFFF ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
14:30:07.0869 0x10b8 ZTEusbnmea - ok
14:30:07.0885 0x10b8 [ FF5A03A65B68DB7E02A12880399D40D4, 9C530A1E7C0B7500C6965896B97CB9BA7BD210165EC0D0B7FE4D1CAEB747BFFF ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
14:30:07.0916 0x10b8 ZTEusbser6k - ok
14:30:07.0947 0x10b8 ================ Scan global ===============================
14:30:07.0947 0x10b8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
14:30:07.0963 0x10b8 [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\windows\system32\winsrv.dll
14:30:07.0994 0x10b8 [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\windows\system32\winsrv.dll
14:30:08.0009 0x10b8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
14:30:08.0025 0x10b8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
14:30:08.0041 0x10b8 [ Global ] - ok
14:30:08.0041 0x10b8 ================ Scan MBR ==================================
14:30:08.0056 0x10b8 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
14:30:08.0056 0x10b8 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:30:08.0056 0x10b8 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c ( 0 )
14:30:08.0056 0x10b8 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:30:10.0911 0x10b8 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
14:30:10.0911 0x10b8 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:30:13.0937 0x10b8 ================ Scan VBR ==================================
14:30:13.0937 0x10b8 [ 110DFF7B2898D5B7BC9FEBC1CA1FF162 ] \Device\Harddisk0\DR0\Partition1
14:30:13.0937 0x10b8 \Device\Harddisk0\DR0\Partition1 - ok
14:30:13.0984 0x10b8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
14:30:14.0000 0x10b8 Win FW state via NFP2: enabled
14:30:16.0839 0x10b8 ============================================================
14:30:16.0839 0x10b8 Scan finished
14:30:16.0839 0x10b8 ============================================================
14:30:16.0855 0x0814 Detected object count: 2
14:30:16.0855 0x0814 Actual detected object count: 2
14:30:44.0467 0x0814 \Device\Harddisk0\DR0\# - copied to quarantine
14:30:44.0498 0x0814 \Device\Harddisk0\DR0 - copied to quarantine
14:30:44.0560 0x0814 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:30:44.0607 0x0814 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:30:44.0654 0x0814 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:30:44.0701 0x0814 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:30:44.0732 0x0814 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:30:44.0748 0x0814 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:30:44.0779 0x0814 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:30:45.0200 0x0814 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:30:45.0247 0x0814 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:30:45.0278 0x0814 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:30:45.0294 0x0814 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:30:45.0309 0x0814 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:30:45.0325 0x0814 \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
14:30:45.0372 0x0814 \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
14:30:45.0403 0x0814 \Device\Harddisk0\DR0\TDLFS\x - copied to quarantine
14:30:45.0434 0x0814 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:30:45.0434 0x0814 \Device\Harddisk0\DR0 - ok
14:30:45.0481 0x0814 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:30:45.0481 0x0814 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:30:45.0496 0x0814 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:30:45.0574 0x0814 KLMD registered as C:\windows\system32\drivers\46545763.sys
14:30:48.0960 0x1434 Deinitialize success
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello valley1,

Thanks for the logs. The ComboFix log shows a zeroaccess rootkit infection that ComboFix dealt with.
The TDSSKiller shows a TDL rootkit infection that is still there.
These types of infections dictates that you be given the following warning:

:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.


Step-1.

Delete the TDSS File System

  • Re-run TDSSKiller please with the same settings
  • On the Threats Detected screen, look for the following entry:
    TDSS File System
  • Change the action from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

    Posted Image
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

Step-2.

NOTE: Delete the current ComboFix.exe file.

NEXT:

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-3.

Fabar Recovery Scan

A.
Download the Tool
  • Please click here to go to the Farbar Recovery Scan Tool download page.
  • Click the Download Now(64bit Version) button and save it to your desktop.
B.
Run the Tool
Close all open Windows and browsers
  • Right click the FRST.exe file and click Run as Administrator to run the tool. OK any UAC prompts.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Step-4

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
2. The new ComboFix log
3. The FRST.txt log
4. The Addition.txt log
  • 0

#8
valley1

valley1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have to use this computer for work so I think perhaps reformatting and re-installing the OS might be my best course of action so I can be 100% sure. What steps shoudl I take to reformat? Is it something that can be done with the computer or do I need to purchase Windows 7 again? Thanks.
  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Newer computers have a restore partition on the hard drive. This can be used to return the computer to the state it was in when you got it from the factory or dealer so you shouldn't need the Windows CD. This process will erase all software that didn't come with the computer. It will also erase personal documents, files, videos, photos, etc; so you will need to back those up to removable media like CDs, DVDs or USB drives.
After the restore you will need to reinstall all Windows updates, the antivirus program and any other software you installed after you got it, along with things like Adobe Flashplayer and Java.

Then, as this is a Toshiba laptop, click here to go to the Toshibe web page describing how to restore Windows on the Tobisha computer. You want to use the Recover to out-of-box state
  • 0

#10
valley1

valley1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
When I am transferring some files to USB storage, is there a chance of the virus infecting the usb device and then compromising other computers? Is there any anti-virus program you would recommend over others for my computer? Thanks.
  • 0

#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
As far as antivirus programs...please visit our Free Antivirus and Antispyware Software page. Any of the first three antivirus programs are very good.

If you use a USB drive to back up the files, here is a program that you can install after you have restored Windows. It will scan any USB plugged into the computer.

Mcshield USB Protection

You should always press and hold the Shift key anytime you insert a Flash drive into any computer. That will disable the autorun feature.

Download Mc2Shield USB Protection Software and save it to your desktop.

  • Double click the McShield-Setup.exe file to start the installation and install with Default settings.
  • Right click the McShield-Setup.exe file and click Run as Administrator and OK any UAC prompts to start the installation and install with the Default settings
  • In the control center, select the Scanner tab and check Always unhide items on flash drives

    Posted Image

Anytime you plug in a USB drive, McShield will scan the device.

A log will also be generated that you will find in the path below:
Start > all programs > MCShield > logs > all scans

You can download the program documentation on the same page. Just click the down arrow beside the language of your choice.
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP