Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Serious malware infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Serious malware infection

Unread postby thatguy87871 » March 7th, 2014, 2:39 pm

Hi everyone,
I downloaded a bad program yesterday and i'm pretty sure my computer is infected to the core. Yesterday I had many iexplorer opens but it seems like I was able to fix that, now today I had problems with my core files like lrss, run32 and window explorer seems like he is running many times. etc...Please let me know if the infection is so deep that i neeed to format or what. Thank you (seems also to have internet problems now)

ps. found stuff with ad aware and AVG which are the standard program I use for protection...also just downloaded spybot search and destroy

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:08:11 PM, on 05/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
CHROME: 33.0.1750.146
FIREFOX: 23.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\12345\AppData\Local\VNT\vntldr.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\12345\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSou...ctid=CT2653012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Veoh Web Player - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1573336260-1148118520-3100803624-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1573336260-1148118520-3100803624-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-ir2012 - {79E19CC8-7698-4B41-8474-52FA5B207EBF} - C:\Program Files (x86)\ImpotRapide 2012\ic2012pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: hpqwmiex - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14076 bytes


----------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/12/2010 6:03:53 PM
System Uptime: 05/03/2014 7:14:54 PM (3 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 413.222 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.529 GiB free.
E: is CDROM ()
J: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP246: 26/02/2014 12:35:10 AM - Windows Update
RP247: 04/03/2014 6:30:53 PM - AA11
RP248: 04/03/2014 6:35:44 PM - AA11
RP249: 04/03/2014 7:03:46 PM - Removed Ad-Aware
RP250: 04/03/2014 7:06:14 PM - AA11
RP251: 04/03/2014 7:18:08 PM - AA11
RP252: 04/03/2014 7:19:23 PM - AA11
RP253: 05/03/2014 1:17:07 PM - AA11
RP254: 05/03/2014 1:19:03 PM - AA11
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

For some reason cannot get the ddss.txt file..let me know if u really need it..


------

GMER log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-06 14:31:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000051 Hitachi_ rev.JP3O 698.64GB
Running: wvwdov6j.exe; Driver: C:\Users\12345\AppData\Local\Temp\agtiqpob.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2152] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2152] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3816] entry point in ".rdata" section 000000006e7371e6
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Users\12345\AppData\Local\VNT\vntldr.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Users\12345\AppData\Local\VNT\vntldr.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75]
.text ... * 2
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetCursorPos 00000000774aca44 5 bytes {CALL 0xffffffffffff35be}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!PeekMessageA 00000000774b3a18 5 bytes {CALL 0xfffffffffffec5ea}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetMessageA 00000000774b6110 5 bytes {CALL 0xfffffffffffe9ef2}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!PeekMessageW 00000000774b8fd0 5 bytes {CALL 0xfffffffffffe7032}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetMessageW 00000000774b9e74 5 bytes {CALL 0xfffffffffffe618e}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetMessagePos 00000000774c84e0 5 bytes {CALL 0xfffffffffffd7b22}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!GetCursorInfo 00000000774caef0 5 bytes {CALL 0xfffffffffffd5112}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!SetCursorPos 00000000774e1f58 5 bytes {CALL 0xfffffffffffbe0aa}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxA 00000000775112b8 5 bytes {CALL 0xfffffffffff8ed4a}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxW 0000000077511314 2 bytes [E8, E9]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxW + 3 0000000077511317 2 bytes [F8, FF]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExA 0000000077511370 2 bytes [E8, 8D]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExA + 3 0000000077511373 2 bytes [F8, FF]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExW 0000000077511394 2 bytes [E8, 69]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 0000000077511397 2 bytes [F8, FF]
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxIndirectA 0000000077511668 5 bytes {CALL 0xfffffffffff8e99a}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\USER32.dll!MessageBoxIndirectW 0000000077511874 5 bytes {CALL 0xfffffffffff8e78e}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa332144 5 bytes {CALL 0xffffffffffffdebe}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\winmm.dll!waveOutWrite 000007fefa333d40 5 bytes {CALL 0xffffffffffffc2c2}
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\winmm.dll!PlaySound 000007fefa352f10 5 bytes {CALL 0xfffffffffffdd0f2}

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\spoolsv.exe [1632:2948] 0000000051073290
Thread C:\Windows\System32\spoolsv.exe [1632:3084] 000007fef7bd10c8
Thread C:\Windows\System32\spoolsv.exe [1632:3092] 000007fef7ba6144
Thread C:\Windows\System32\spoolsv.exe [1632:3096] 000007fef7995fd0
Thread C:\Windows\System32\spoolsv.exe [1632:3100] 000007fef7983438
Thread C:\Windows\System32\spoolsv.exe [1632:3104] 000007fef79963ec
Thread C:\Windows\System32\spoolsv.exe [1632:3112] 000007fef8e35e5c
Thread C:\Windows\System32\spoolsv.exe [1632:3116] 000007fef83e5074
Thread C:\Windows\Explorer.EXE [3064:6088] 00000000058ddd54
Thread C:\Windows\System32\WUDFHost.exe [5152:5236] 000007feede624a0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6128:2364] 000007fefae02a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6128:2064] 000007fee8c74830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6128:6276] 000007fef8f35124
Thread C:\Windows\Explorer.EXE [2208:7508] 0000000000071434
Thread C:\Windows\Explorer.EXE [2208:1108] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:3432] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7616] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8176] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:5640] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:220] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:200] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7084] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6928] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:4888] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:3824] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8156] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7492] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:3836] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:3844] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7712] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7176] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:6384] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7256] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7540] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:7968] 000000000007b098
Thread C:\Windows\Explorer.EXE [2208:8900] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:9128] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6772] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:4460] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7700] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8860] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:1924] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8592] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8856] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6496] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7832] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8880] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8972] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8756] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8748] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:9196] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:8624] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:5036] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7692] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:9024] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7796] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:7512] 0000000000078ea4
Thread C:\Windows\Explorer.EXE [2208:6376] 0000000000078ea4
---- Processes - GMER 2.1 ----

Library C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3064] (Online files icon's overlay/Microsoft) 000007fef70d0000
Library C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3064](2014-03-04 22:33:02) 000007feea250000
Library C:\Users\12345\AppData\Local\VNT\vntsrv.dll (*** suspicious ***) @ C:\Users\12345\AppData\Local\VNT\vntldr.exe [4364] (Virtual New Tab Server/APN LLC.)(2013-11-08 03:08:14) 000000006f850000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Files - GMER 2.1 ----

File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\ttjHLO4K6ZN.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\a_usersync[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\beacon7M7TCN5V.htm 126 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\5ZHXQE4T.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\AdDisplayTrackerServlet[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GOE69A7\dsy[1].gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\0uk50050fdd3df25[1].js 1158 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\ttjA0L5G6Y5.js 786 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\ttjWCAZ19TJ.js 713 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\main-stylesheet[1].css 72680 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\impr[2] 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\style[6].css 5072 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\json[8].json 306 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\get-user-id[4].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\get-user-id[5].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48T2DJA4\hovercard[1].css 8290 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BA3UBKG\ttjWBTAQDQ9.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BA3UBKG\ttjWOK9575L.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttjPEWF455S.js 830 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttjQWNFAQX6.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttjRR7O4KQ3.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj2P9GMP38.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj5IX1B2NG.js 888 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj62CICW3Y.js 953 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj7BQY115Y.js 791 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\ttj7FJVGLK2.js 4013 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\containertag[1].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8J492IWQ\st8HQ0KIBJ 5082 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\0uk50050fdd3df25[2].js 1824 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\tt0LJ1PPSN.htm 1193 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\ttCDK5Q9LL.htm 1094 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\serv[1].htm 828 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\ifRTF99UI0.htm 259 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\html[1].htm 26 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\ifDPT6WXTL.htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\beaconF9RLY2OG.htm 126 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZS48KMI\beaconPACLT5DC.htm 126 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\3ddc43c1898350b38629c63bce560fb4[1].swf 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\ajs[4].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\ajs[5].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\ajs[6].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\511c146ae4b0c704f12cfd75_v2[1].swf 9527 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\511c1ecee4b0c704f12cfd7a_v5[1].swf 4557 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSL2R9\51c425f4e4b09e0c5742bc3e_v36[1].swf 5939 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\Pug[1].htm 1 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\vj[1].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\usermatchLGJP3AMA.htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\ajs[5].js 2631 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\default_199549-4[1].js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSK8M55U\ttj9IZ4XNOG.js 893 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ifKKAEL3U3.htm 699 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\serv[1].htm 828 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ifV4OZL42N.htm 603 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ttjJUFD5YVQ.js 652 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ifUH13K7AJ.htm 259 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ttjVGV0YMST.js 791 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\ttjADHSLZ5G.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\if7LDQWOZG.htm 622 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\match[8].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\7573458b7bc7b9486b0e2002837dac88[1].gif 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\2dc5e8ef96d0fec009aa4b58ecdaa449[1].swf 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJ0JEZQD\FI9EW7MM.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjDT8A45U8.js 791 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjOIGW1CZC.js 830 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjQJ6CTC9F.js 746 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttj5U7P6M4R.js 952 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttjYYCGPIGZ.js 588 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLKS7G52\ttj[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRVVA2RT\bd393d69cc689211bc0b8f42504f46fd[1].json 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRVVA2RT\bd393d69cc689211bc0b8f42504f46fd[2].json 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRVVA2RT\ttj4ANU3QPP.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ifZY8E50ML.htm 741 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ttj9A9IF21Y.js 6462 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\if9NS3OL0B.htm 741 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ttj0U9YBV1X.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\food[1].htm 4565 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\NQ61QDQ6.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\RPSDG4UN.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\r2[1].htm 449 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\ttjV6JVDYQY.js 704 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRZGG30I\AdServerServlet[1].json 603 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKIK6UAI\ttjULCPQST9.js 301 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKIK6UAI\ttjSCIUCOXV.js 305 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\serv[1].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\0uk50050fdd3df25[1].js 1106 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\iphone-trade-in-program-from-apple[1].htm 23773 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\97FF2FHJ.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\ts[1].gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\ttj34Z9O6DT.js 941 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WS8YP9I3\ttjR75D4MT1.js 593 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttj1J09L9JA.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ifY7IZ6UAB.htm 876 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttjQNBM63ID.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ifS33CDQME.htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\html[7].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttjB19Y4USV.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttjCYXPJMYU.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\ttj51N2VTO5.js 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\JS[9].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\st[6] 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\a_usersync[3].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\json[3].json 306 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU5MB6SX\51BDQMDB.gif 43 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\if9M22B37S.htm 748 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttjGYF7IW7J.js 902 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttjXYR8U072.js 8548 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttj9POFODQI.js 727 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\ttjJL9UKW4Y.js 838 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\html[3].htm 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\fm[4].js 1165 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\fp[3].js 19239 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCHY7QKW\5176c647e4b09e5e67af5b27_si[1].js 1942 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\WebCache\V0100318.log 524288 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\WebCache\V0100319.log 0 bytes
File C:\Users\12345\AppData\Local\Microsoft\Windows\WebCache\V010031A.log 524288 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\0LXF2PQC.txt 755 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\TK3VQ47H.txt 6356 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\43IZSQ76.txt 0 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\YSXJ8FA3.txt 401 bytes
File C:\Users\12345\AppData\Roaming\Microsoft\Windows\Cookies\KA00B1ID.txt 0 bytes

---- EOF - GMER 2.1 ----

I downloaded Malwarebyte and Adwcleaner but the infection persist, I really need your help now.
THank you!!
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm
Advertisement
Register to Remove

Re: Serious malware infection

Unread postby Dakeyras » March 10th, 2014, 11:50 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your Desktop.

  • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Scan with TDSSKiller:

Please download TDSSKiller to the desktop.

Alternate download is here.

  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.
  • TDSSKiller Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Serious malware infection

Unread postby thatguy87871 » March 10th, 2014, 1:09 pm

Hi, Thank you for your reply.
My computer still has many explorer.exe opening using a lot of RAM.

Here are my logs

---
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02
Ran by 12345 (administrator) on 12345-HP on 10-03-2014 12:51:40
Running from C:\Users\12345\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft Limited ) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdxcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(APN LLC.) C:\Users\12345\AppData\Local\VNT\vntldr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [lxdxmon.exe] - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Run: [Google Update] - C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-30] (Google Inc.)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-08] (Electronic Arts)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: {b752db8a-ce11-11e1-af1d-d48564b676e3} - K:\setup.exe -a
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: {d1594ab4-1b48-11e0-8df3-d48564b676e3} - J:\FileTransfer.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1003\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1518136 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1573336260-1148118520-3100803624-1003\...\RunOnce: [spchecker] - "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {55C17075-8253-4BBA-A07E-DCF48893112E} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {5D6AE2F1-AFE9-4585-A47B-527225501C48} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM - {EBEA1F1D-811E-4631-9189-BCF8E86AF82A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {55C17075-8253-4BBA-A07E-DCF48893112E} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {5D6AE2F1-AFE9-4585-A47B-527225501C48} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - {EBEA1F1D-811E-4631-9189-BCF8E86AF82A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {55C17075-8253-4BBA-A07E-DCF48893112E} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {5D6AE2F1-AFE9-4585-A47B-527225501C48} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - {EBEA1F1D-811E-4631-9189-BCF8E86AF82A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: intu-ir2012 - {79E19CC8-7698-4b41-8474-52FA5B207EBF} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: intu-ir2012 - {79E19CC8-7698-4b41-8474-52FA5B207EBF} - C:\Program Files (x86)\ImpotRapide 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 24.201.245.77 24.200.0.1

FireFox:
========
FF ProfilePath: C:\Users\12345\AppData\Roaming\Mozilla\Firefox\Profiles\geucpsqw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\12345\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\12345\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\12345\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\12345\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\12345\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\12345\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\12345\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\12345\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Google Update) - C:\Users\12345\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Recherche Google) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (DivX HiQ) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-02-06]
CHR Extension: (AdBlock) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-08]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-11-17]
CHR Extension: (Skype Click to Call) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-08-18]
CHR Extension: (Google Wallet) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (<video> HTML5 DivX Plus Web Player) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-06]
CHR Extension: (AT_DJTiesto) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip [2010-12-31]
CHR Extension: (Gmail) - C:\Users\12345\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaajfdmjahpbdoeompbfmghniokhfji] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMG-V7\CRX\ToolbarCR.crx [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]
CHR StartMenuInternet: Google Chrome - C:\Users\12345\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-11-06] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-21] (Lavasoft Limited )
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2010-02-04] ( )
R2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2010-02-04] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2009-12-10] (PostgreSQL Global Development Group)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-11-06] ()
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-04] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-17] (DT Soft Ltd)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-02-04] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-12-03] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys A3C0A15B39F979E8F3EABA901D72ECD7
C:\Windows\System32\DRIVERS\atikmpag.sys 20F3CD38B107C1BD747C0EA37D450165
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys F747497A0EE5498F79B207F215B3D2D8
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 2946D695E158615BAAA16248E63C7ADB
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5A528A540B1AEE8B1C77ED65094E8CDF
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5A528A540B1AEE8B1C77ED65094E8CDF
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys B0790FF0E25B7A2674296052F2162C1A
C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34
C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944
C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2
C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE
C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF
C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A
C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29
C:\Windows\system32\drivers\avgtpx64.sys D23F69FA8C0C94C4FE57B57D50F6DB66
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 76E02DB615A03801D698199A2BC4A06A
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 2B888BBDF6962E608A5E1A1D7A626ADF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 9A7FA6371F68335FD3C3D6488BC5A9F8
C:\Windows\System32\DRIVERS\Lbd.sys 3C46290F7A5D45BA6EF32C248E22AA69
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PFC027.SYS 3A6DCEB1848470320E4A3C12D7A35B1C
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 0E3DCF76F11DC431B088A2DFD7265CDA
C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 12:51 - 2014-03-10 12:54 - 00040508 _____ () C:\Users\12345\Desktop\FRST.txt
2014-03-10 12:51 - 2014-03-10 12:51 - 00000000 ____D () C:\FRST
2014-03-10 12:49 - 2014-03-10 12:49 - 02157056 _____ (Farbar) C:\Users\12345\Downloads\FRST64.exe
2014-03-10 12:49 - 2014-03-10 12:49 - 02157056 _____ (Farbar) C:\Users\12345\Desktop\FRST64.exe
2014-03-08 17:12 - 2014-03-10 12:45 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-03-06 18:04 - 2014-03-06 18:04 - 00011533 _____ () C:\Users\12345\Desktop\AdwCleaner[S0].txt
2014-03-06 18:00 - 2014-03-08 14:12 - 00000000 ____D () C:\AdwCleaner
2014-03-06 17:59 - 2014-03-06 18:00 - 01244192 _____ () C:\Users\12345\Downloads\AdwCleaner (1).exe
2014-03-06 17:57 - 2014-03-06 17:57 - 01244192 _____ () C:\Users\12345\Downloads\AdwCleaner.exe
2014-03-06 17:57 - 2014-03-06 17:57 - 01244192 _____ () C:\Users\12345\Desktop\AdwCleaner.exe
2014-03-06 15:38 - 2014-03-06 15:38 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-06 15:38 - 2014-03-06 15:38 - 00000000 ____D () C:\Users\12345\AppData\Roaming\Malwarebytes
2014-03-06 15:38 - 2014-03-06 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 15:38 - 2014-03-06 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 15:38 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-06 15:37 - 2014-03-06 15:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\12345\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-06 15:31 - 2014-03-06 15:31 - 00047808 _____ () C:\Users\12345\Desktop\ark1.log
2014-03-06 01:11 - 2014-03-06 01:11 - 00019308 _____ () C:\Users\12345\Desktop\ark.log
2014-03-05 23:08 - 2014-03-06 12:16 - 00000870 _____ () C:\Users\12345\Desktop\attach.txt
2014-03-05 22:38 - 2014-03-05 22:38 - 00380416 _____ () C:\Users\12345\Downloads\wvwdov6j.exe
2014-03-05 22:38 - 2014-03-05 22:38 - 00380416 _____ () C:\Users\12345\Desktop\wvwdov6j.exe
2014-03-05 22:35 - 2014-03-05 22:35 - 00688992 ____R (Swearware) C:\Users\12345\Desktop\dds (1).scr
2014-03-05 22:35 - 2014-03-05 22:35 - 00688992 _____ (Swearware) C:\Users\12345\Downloads\dds.scr
2014-03-05 22:35 - 2014-03-05 22:35 - 00380416 _____ () C:\Users\12345\Downloads\j7mwq50z.exe
2014-03-05 22:29 - 2014-03-05 22:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-05 22:28 - 2014-03-05 22:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-05 22:28 - 2014-03-05 22:28 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-05 22:28 - 2014-03-05 22:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-05 22:28 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-05 22:24 - 2014-03-05 22:26 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\12345\Downloads\spybot-2.2.exe
2014-03-05 14:18 - 2014-03-05 14:18 - 00003154 _____ () C:\Windows\System32\Tasks\{163CA9DA-CF09-423C-899D-1C398EFF75CC}
2014-03-05 14:16 - 2014-03-05 14:16 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer (3).exe
2014-03-05 00:55 - 2014-03-05 00:55 - 00000000 ____D () C:\Users\12345\Desktop\Raider
2014-03-05 00:52 - 2014-03-05 00:52 - 00014706 _____ () C:\Users\12345\Downloads\1324CAEBD368EAB159A5FC6A73045BBE979B430C.torrent
2014-03-04 20:19 - 2014-03-04 20:19 - 00003154 _____ () C:\Windows\System32\Tasks\{3D9A749D-A6D7-4AB8-B113-713146C56EF2}
2014-03-04 20:17 - 2014-03-04 20:17 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer (2).exe
2014-03-04 20:09 - 2014-03-06 18:11 - 00000000 ____D () C:\Users\12345\Desktop\backups
2014-03-04 20:07 - 2014-03-05 23:08 - 00014078 _____ () C:\Users\12345\Desktop\hijackthis.log
2014-03-04 19:33 - 2014-03-04 19:33 - 00003154 _____ () C:\Windows\System32\Tasks\{50371885-A7CC-4240-8052-3127E808D09D}
2014-03-04 19:31 - 2014-03-04 19:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\12345\Desktop\HijackThis.exe
2014-03-04 19:30 - 2014-03-04 19:30 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer (1).exe
2014-03-04 19:19 - 2014-03-04 19:19 - 02406064 _____ (Trend Micro Inc.) C:\Users\12345\Downloads\HousecallLauncher64.exe
2014-03-04 18:39 - 2014-03-04 18:39 - 00000000 ____D () C:\Windows\Sun
2014-03-04 18:37 - 2014-03-04 18:37 - 00033082 _____ () C:\Users\12345\Downloads\Nymphomaniac Volume 1 2013 (1).torrent
2014-03-04 18:33 - 2014-03-05 14:14 - 00000000 ____D () C:\Users\12345\AppData\Local\Ikdhsoft
2014-03-04 17:39 - 2014-03-04 17:39 - 00033082 _____ () C:\Users\12345\Downloads\Nymphomaniac Volume 1 2013.torrent
2014-02-20 15:00 - 2014-02-20 15:00 - 00000222 _____ () C:\Users\12345\Desktop\The Walking Dead Season Two.url
2014-02-20 00:48 - 2014-02-20 00:48 - 00003142 _____ () C:\Windows\System32\Tasks\{C29A3D8E-4293-4ACD-ADDE-C3DD1B49ACE3}
2014-02-20 00:48 - 2014-02-20 00:48 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-20 00:47 - 2014-02-20 00:47 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer.exe
2014-02-13 18:25 - 2014-02-06 08:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 18:25 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 18:25 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 18:25 - 2014-02-06 07:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 18:25 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 18:25 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 18:25 - 2014-02-06 06:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 18:25 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 18:25 - 2014-02-06 06:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 18:25 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 18:25 - 2014-02-06 06:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 18:25 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 18:25 - 2014-02-06 06:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 18:25 - 2014-02-06 06:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 18:25 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 18:25 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 18:25 - 2014-02-06 06:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 18:25 - 2014-02-06 06:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 18:25 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 18:25 - 2014-02-06 05:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 18:25 - 2014-02-06 05:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 18:25 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 18:25 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 18:25 - 2014-02-06 05:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 18:25 - 2014-02-06 05:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 18:25 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 18:25 - 2014-02-06 05:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 18:25 - 2014-02-06 05:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 18:25 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 18:25 - 2014-02-06 05:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 18:25 - 2014-02-06 05:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 18:25 - 2014-02-06 05:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 18:25 - 2014-02-06 05:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 18:25 - 2014-02-06 05:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 18:25 - 2014-02-06 04:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 18:25 - 2014-02-06 04:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 18:25 - 2014-02-06 04:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 18:25 - 2014-02-06 04:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 18:25 - 2014-02-06 04:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 18:25 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 18:25 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 12:47 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 12:47 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 12:46 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 12:46 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 12:46 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 12:46 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 12:46 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 12:46 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 12:46 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 12:46 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 12:45 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 12:45 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 12:45 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 12:45 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 12:45 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 12:45 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 12:45 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 12:45 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 12:45 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 12:45 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 12:45 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 12:45 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 12:45 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 12:45 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 12:45 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 12:45 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 12:45 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 12:45 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 12:31 - 2014-02-13 12:31 - 00000000 ____D () C:\Users\12345\Desktop\s
2014-02-12 00:50 - 2014-02-12 00:50 - 00016265 _____ () C:\Users\12345\Downloads\Dates AMP phases 3et4 2014-2015_version 6 février 2014.xlsx

==================== One Month Modified Files and Folders =======

2014-03-10 12:54 - 2014-03-10 12:51 - 00040508 _____ () C:\Users\12345\Desktop\FRST.txt
2014-03-10 12:54 - 2009-07-14 01:13 - 00797760 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 12:53 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 12:53 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 12:51 - 2014-03-10 12:51 - 00000000 ____D () C:\FRST
2014-03-10 12:51 - 2011-03-09 14:37 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-10 12:49 - 2014-03-10 12:49 - 02157056 _____ (Farbar) C:\Users\12345\Downloads\FRST64.exe
2014-03-10 12:49 - 2014-03-10 12:49 - 02157056 _____ (Farbar) C:\Users\12345\Desktop\FRST64.exe
2014-03-10 12:49 - 2010-09-14 13:40 - 01496942 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 12:48 - 2012-06-28 13:14 - 00000000 ____D () C:\ProgramData\Origin
2014-03-10 12:46 - 2013-06-03 17:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-10 12:46 - 2012-06-28 13:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-10 12:45 - 2014-03-08 17:12 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-03-10 12:44 - 2011-01-05 03:05 - 00337971 _____ () C:\aaw7boot.log
2014-03-10 12:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 12:44 - 2009-07-14 00:51 - 00182154 _____ () C:\Windows\setupact.log
2014-03-09 00:26 - 2010-12-30 19:15 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA.job
2014-03-09 00:19 - 2013-11-30 17:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 23:33 - 2011-03-29 16:35 - 00000000 ____D () C:\Users\12345\AppData\Roaming\Mozilla
2014-03-08 17:13 - 2010-12-31 01:02 - 00000000 ____D () C:\Users\12345\AppData\Local\CrashDumps
2014-03-08 14:12 - 2014-03-06 18:00 - 00000000 ____D () C:\AdwCleaner
2014-03-08 13:40 - 2011-05-07 23:28 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-03-08 13:40 - 2011-05-07 23:28 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-03-06 18:11 - 2014-03-04 20:09 - 00000000 ____D () C:\Users\12345\Desktop\backups
2014-03-06 18:04 - 2014-03-06 18:04 - 00011533 _____ () C:\Users\12345\Desktop\AdwCleaner[S0].txt
2014-03-06 18:00 - 2014-03-06 17:59 - 01244192 _____ () C:\Users\12345\Downloads\AdwCleaner (1).exe
2014-03-06 17:57 - 2014-03-06 17:57 - 01244192 _____ () C:\Users\12345\Downloads\AdwCleaner.exe
2014-03-06 17:57 - 2014-03-06 17:57 - 01244192 _____ () C:\Users\12345\Desktop\AdwCleaner.exe
2014-03-06 17:53 - 2013-03-13 22:17 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 17:53 - 2010-09-14 16:04 - 00474572 _____ () C:\Windows\PFRO.log
2014-03-06 17:53 - 2010-09-14 16:04 - 00285448 ____N () C:\Windows\Minidump\030614-39421-01.dmp
2014-03-06 15:38 - 2014-03-06 15:38 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-06 15:38 - 2014-03-06 15:38 - 00000000 ____D () C:\Users\12345\AppData\Roaming\Malwarebytes
2014-03-06 15:38 - 2014-03-06 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 15:38 - 2014-03-06 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 15:37 - 2014-03-06 15:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\12345\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-06 15:31 - 2014-03-06 15:31 - 00047808 _____ () C:\Users\12345\Desktop\ark1.log
2014-03-06 12:16 - 2014-03-05 23:08 - 00000870 _____ () C:\Users\12345\Desktop\attach.txt
2014-03-06 01:11 - 2014-03-06 01:11 - 00019308 _____ () C:\Users\12345\Desktop\ark.log
2014-03-05 23:08 - 2014-03-04 20:07 - 00014078 _____ () C:\Users\12345\Desktop\hijackthis.log
2014-03-05 22:38 - 2014-03-05 22:38 - 00380416 _____ () C:\Users\12345\Downloads\wvwdov6j.exe
2014-03-05 22:38 - 2014-03-05 22:38 - 00380416 _____ () C:\Users\12345\Desktop\wvwdov6j.exe
2014-03-05 22:35 - 2014-03-05 22:35 - 00688992 ____R (Swearware) C:\Users\12345\Desktop\dds (1).scr
2014-03-05 22:35 - 2014-03-05 22:35 - 00688992 _____ (Swearware) C:\Users\12345\Downloads\dds.scr
2014-03-05 22:35 - 2014-03-05 22:35 - 00380416 _____ () C:\Users\12345\Downloads\j7mwq50z.exe
2014-03-05 22:34 - 2014-03-05 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-05 22:29 - 2014-03-05 22:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-05 22:28 - 2014-03-05 22:28 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-05 22:28 - 2014-03-05 22:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-05 22:26 - 2014-03-05 22:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\12345\Downloads\spybot-2.2.exe
2014-03-05 22:26 - 2010-12-30 19:15 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core.job
2014-03-05 20:36 - 2010-12-30 19:14 - 00000000 ____D () C:\Users\12345\AppData\Roaming\Adobe
2014-03-05 14:18 - 2014-03-05 14:18 - 00003154 _____ () C:\Windows\System32\Tasks\{163CA9DA-CF09-423C-899D-1C398EFF75CC}
2014-03-05 14:16 - 2014-03-05 14:16 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer (3).exe
2014-03-05 14:14 - 2014-03-04 18:33 - 00000000 ____D () C:\Users\12345\AppData\Local\Ikdhsoft
2014-03-05 01:19 - 2010-12-31 00:53 - 00000000 ____D () C:\Users\12345\AppData\Roaming\uTorrent
2014-03-05 00:55 - 2014-03-05 00:55 - 00000000 ____D () C:\Users\12345\Desktop\Raider
2014-03-05 00:52 - 2014-03-05 00:52 - 00014706 _____ () C:\Users\12345\Downloads\1324CAEBD368EAB159A5FC6A73045BBE979B430C.torrent
2014-03-04 20:19 - 2014-03-04 20:19 - 00003154 _____ () C:\Windows\System32\Tasks\{3D9A749D-A6D7-4AB8-B113-713146C56EF2}
2014-03-04 20:17 - 2014-03-04 20:17 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer (2).exe
2014-03-04 20:07 - 2010-12-30 19:09 - 00000000 ____D () C:\Users\12345\AppData\Local\VirtualStore
2014-03-04 20:01 - 2013-11-06 20:22 - 01021488 _____ () C:\Users\12345\AppData\Local\census.cache
2014-03-04 20:01 - 2013-11-06 20:21 - 00139734 _____ () C:\Users\12345\AppData\Local\ars.cache
2014-03-04 19:33 - 2014-03-04 19:33 - 00003154 _____ () C:\Windows\System32\Tasks\{50371885-A7CC-4240-8052-3127E808D09D}
2014-03-04 19:31 - 2014-03-04 19:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\12345\Desktop\HijackThis.exe
2014-03-04 19:30 - 2014-03-04 19:30 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer (1).exe
2014-03-04 19:19 - 2014-03-04 19:19 - 02406064 _____ (Trend Micro Inc.) C:\Users\12345\Downloads\HousecallLauncher64.exe
2014-03-04 19:04 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-04 18:39 - 2014-03-04 18:39 - 00000000 ____D () C:\Windows\Sun
2014-03-04 18:37 - 2014-03-04 18:37 - 00033082 _____ () C:\Users\12345\Downloads\Nymphomaniac Volume 1 2013 (1).torrent
2014-03-04 17:39 - 2014-03-04 17:39 - 00033082 _____ () C:\Users\12345\Downloads\Nymphomaniac Volume 1 2013.torrent
2014-03-04 17:31 - 2010-12-30 19:16 - 00002372 _____ () C:\Users\12345\Desktop\Google Chrome.lnk
2014-03-04 17:14 - 2013-06-26 19:14 - 00003731 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-04 17:10 - 2012-09-03 16:33 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-04 17:10 - 2010-09-14 13:41 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-01 02:40 - 2010-12-31 15:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-26 01:36 - 2011-01-18 14:23 - 00781626 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 14:48 - 2013-11-07 23:08 - 00000000 ____D () C:\Users\12345\AppData\Local\VNT
2014-02-24 14:47 - 2013-11-07 23:08 - 00000000 ____D () C:\Program Files (x86)\VNT
2014-02-21 01:21 - 2012-10-27 15:52 - 00000000 ____D () C:\Users\12345\Documents\Telltale Games
2014-02-21 01:20 - 2011-01-25 00:17 - 00236811 _____ () C:\Windows\DirectX.log
2014-02-21 00:19 - 2013-11-30 17:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 00:19 - 2013-11-30 17:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 00:19 - 2011-12-05 00:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 16:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-02-20 15:00 - 2014-02-20 15:00 - 00000222 _____ () C:\Users\12345\Desktop\The Walking Dead Season Two.url
2014-02-20 00:48 - 2014-02-20 00:48 - 00003142 _____ () C:\Windows\System32\Tasks\{C29A3D8E-4293-4ACD-ADDE-C3DD1B49ACE3}
2014-02-20 00:48 - 2014-02-20 00:48 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-20 00:47 - 2014-02-20 00:47 - 01727624 _____ () C:\Users\12345\Downloads\Adaware_Installer.exe
2014-02-20 00:47 - 2011-01-04 07:42 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-19 22:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 00:43 - 2013-07-16 19:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 00:41 - 2011-01-04 07:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 18:39 - 2012-06-17 14:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 18:26 - 2009-07-13 22:34 - 00000521 _____ () C:\Windows\win.ini
2014-02-13 17:58 - 2011-03-11 16:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFor12345
2014-02-13 17:58 - 2011-03-11 16:26 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFor12345.job
2014-02-13 12:31 - 2014-02-13 12:31 - 00000000 ____D () C:\Users\12345\Desktop\s
2014-02-12 00:50 - 2014-02-12 00:50 - 00016265 _____ () C:\Users\12345\Downloads\Dates AMP phases 3et4 2014-2015_version 6 février 2014.xlsx
2014-02-10 22:21 - 2010-12-30 19:15 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA
2014-02-10 22:21 - 2010-12-30 19:15 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core

Some content of TEMP:
====================
C:\Users\12345\AppData\Local\Temp\Medal of Honor_uninst.exe
C:\Users\12345\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 15:35

==================== End Of Log ============================
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm

Re: Serious malware infection

Unread postby thatguy87871 » March 10th, 2014, 1:10 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2014 02
Ran by 12345 at 2014-03-10 12:55:53
Running from C:\Users\12345\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}

==================== Installed Programs ======================


888poker (HKLM-x32\...\888poker) (Version: - )
Ad-Aware (HKLM-x32\...\Ad-Aware) (Version: - Lavasoft)
Ad-Aware (x32 Version: 9.0.0 - Lavasoft) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3 64-bit (HKLM\...\{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}) (Version: 3.0.2 - Adobe)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70928.1539 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{434D472D-5637-006A-76A7-A758B70C0A03}) (Version: 12.10.3.4611 - APN, LLC) <==== ATTENTION
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3462 - AVG Technologies)
AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Camfrog Video Chat 6.5 (HKLM-x32\...\Camfrog 6.5) (Version: 6.5.300 - Camshare, Inc.)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Disciples III: Renaissance (HKLM-x32\...\Steam App 33670) (Version: - Akella)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.36.0.WIN.FullTilt.COM - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F8B67DF7-B543-3DE0-BCEF-F844F891FD48}) (Version: 5.1.7.17873 - Google)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
ICM Trainer Light (HKLM-x32\...\{2F8BE683-EF69-4D18-9974-DB0C1832A516}) (Version: 1.1 - PokerStrategy)
ImpôtRapide 2012 (HKLM-x32\...\{79F370C8-08A0-4B7E-A147-859088771D11}) (Version: 1.00.0000 - Intuit Canada)
iTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 2.6.30 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.6.30 - ManyCam LLC)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker - Espacejeux (HKLM-x32\...\Poker - Espacejeux ) (Version: - Boss Media AB)
Poker - Espacejeux (HKLM-x32\...\Poker - Espacejeux) (Version: - )
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr)
PokerStrategy.com Equilab (HKLM-x32\...\{954B2E44-36E3-473E-8DD0-E6937044843D}) (Version: 1.1.0.195 - PokerStrategy.com)
PokerStrategy.com Equilator (HKLM-x32\...\InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}) (Version: 1.8.1.0 - PokerStrategy.com)
PokerStrategy.com Equilator (x32 Version: 1.8.1.0 - PokerStrategy.com) Hidden
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version: - )
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
Quake Live Mozilla Plugin (HKLM-x32\...\{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}) (Version: 1.0.401 - id Software)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6132 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SitNGo Wizard (HKLM-x32\...\SitNGoWizard) (Version: - In The Money LLC)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.8.25604 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
The First Templar 1.00 (HKCU\...\The First Templar) (Version: 1.00 - Kalypso Media)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version: - )
The Lord of the Rings Online™ v03.07.01.8015 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.07.01.8015 - Turbine, Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
Titan Poker (HKCU\...\Titan Poker) (Version: - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Veoh Web Player (HKLM-x32\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points =========================

26-02-2014 05:35:10 Windows Update
04-03-2014 23:30:53 AA11
04-03-2014 23:35:44 AA11
05-03-2014 00:03:46 Removed Ad-Aware
05-03-2014 00:06:14 AA11
05-03-2014 00:18:08 AA11
05-03-2014 00:19:23 AA11
05-03-2014 18:17:07 AA11
05-03-2014 18:19:03 AA11

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05BE3496-78E3-4E06-8749-937F9D95BA42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {08B3F139-A48E-4CC1-8A72-74BFE0486D37} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3A89C57C-076D-40BB-A4E4-6C5989FFBD1C}.exe
Task: {169F1D5F-9A90-4690-85D1-58952F52F1B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {28413828-07D9-48C2-895F-F7DC83605D3F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1573336260-1148118520-3100803624-1000
Task: {4637E18E-4EBB-4F1E-923E-5D38C932050B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {56A74FFE-C3A9-4F88-B391-85EB301B28F8} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2010-07-06] (Veoh Networks) <==== ATTENTION
Task: {647B1BD5-C6D1-411D-B475-6BF532279899} - System32\Tasks\HPCeeScheduleFor12345 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {6C69A129-1718-41FC-9F96-7F4B564F2D15} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA => C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30] (Google Inc.)
Task: {6E1EAAB0-77E9-4BEC-9FAC-16703F6C5931} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {7EF78166-D160-4618-A2FB-F17D14B1EEAC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8042D35F-DD6E-4B27-BED0-5E9D400000E6} - System32\Tasks\{585E853A-4636-4199-B765-4296D106B656} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8D7DFEA0-9F5C-4910-A7A5-2622473F7836} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {8EB8F67F-BDA3-4010-BCCE-4C78425B5358} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-09-01] (Lavasoft Limited )
Task: {AC81E45C-1BD1-40B1-9870-32B3B53DC214} - System32\Tasks\{102170C0-5D07-4D09-9339-0B1FA350CCE2} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/en/a ... age=tsMain
Task: {B93293D3-6EE1-47E7-A324-005467A7212F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core => C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30] (Google Inc.)
Task: {F897A1B8-044D-4E08-B405-EF6492E8107C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3A89C57C-076D-40BB-A4E4-6C5989FFBD1C}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core.job => C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA.job => C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor12345.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-07-20 13:39 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-06-14 04:02 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-07-20 13:50 - 2010-02-04 01:27 - 00672424 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-12-03 05:05 - 2011-06-28 07:19 - 00589184 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2010-12-03 05:05 - 2011-06-28 07:19 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2010-12-03 05:05 - 2011-06-16 11:32 - 00308560 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
2012-07-19 08:48 - 2014-02-07 11:24 - 00190752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2012-07-19 08:48 - 2014-02-07 11:24 - 00178464 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2011-01-04 07:46 - 2011-06-07 05:44 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2009-12-10 04:39 - 2009-12-10 04:39 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2014-03-05 22:28 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-05 22:28 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-05 22:28 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-05 22:28 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-05 22:28 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-02-12 20:01 - 2009-02-12 20:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2011-07-20 13:50 - 2010-02-04 01:04 - 00380928 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
2011-07-20 13:50 - 2010-02-04 00:52 - 00589824 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
2011-07-20 13:50 - 2010-02-04 00:52 - 00073728 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
2011-07-20 13:50 - 2010-02-04 01:04 - 00782336 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxDRS.dll
2011-07-20 13:50 - 2010-02-04 01:05 - 00081920 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
2011-07-20 13:50 - 2010-02-04 00:52 - 00069632 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
2011-07-20 13:50 - 2010-02-04 01:02 - 00364544 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\iptk.dll
2011-07-20 13:50 - 2007-09-06 05:11 - 00151552 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxptp.dll
2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-03-04 17:31 - 2014-03-01 22:35 - 00051016 _____ () C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-04 17:31 - 2014-03-01 22:35 - 00716616 _____ () C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 17:31 - 2014-03-01 22:35 - 00100168 _____ () C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 17:31 - 2014-03-01 22:35 - 04061000 _____ () C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 17:31 - 2014-03-01 22:35 - 00394568 _____ () C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 17:31 - 2014-03-01 22:35 - 01647432 _____ () C:\Users\12345\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\12345\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Monitor => C:\Windows\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VeohPlugin => "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2014 05:13:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.18150, time stamp: 0x518c6df8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1724
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3

Error: (03/06/2014 02:11:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Flash64_12_0_0_70.ocx, version: 12.0.0.70, time stamp: 0x53015f1f
Exception code: 0xc0000005
Fault offset: 0x000000000024352d
Faulting process id: 0x1e8c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/06/2014 00:27:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: mshtml.dll, version: 11.0.9600.16518, time stamp: 0x52f37bcb
Exception code: 0xc00000fd
Fault offset: 0x0000000000065a93
Faulting process id: 0x1958
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/06/2014 01:27:43 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/06/2014 00:54:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: SDTray.exe, version: 2.1.21.129, time stamp: 0x51f0ed9e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1dac
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (03/05/2014 11:07:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x2660
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (03/05/2014 10:13:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000041d
Fault offset: 0x00000000000cd7e8
Faulting process id: 0xec8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/05/2014 10:12:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7e8
Faulting process id: 0xec8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/05/2014 02:19:47 PM) (Source: MsiInstaller) (User: 12345-HP)
Description: Product: Ad-Aware -- Error 1706. An installation package for the product Ad-Aware cannot be found. Try the installation again using a valid copy of the installation package 'Ad-Aware90Install.msi'.

Error: (03/05/2014 02:18:50 PM) (Source: MsiInstaller) (User: 12345-HP)
Description: Product: Ad-Aware -- Error 1706. An installation package for the product Ad-Aware cannot be found. Try the installation again using a valid copy of the installation package 'Ad-Aware90Install.msi'.


System errors:
=============
Error: (03/10/2014 00:45:03 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2

Error: (03/10/2014 00:44:37 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (03/09/2014 10:03:27 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/09/2014 10:02:56 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/09/2014 09:30:24 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2

Error: (03/09/2014 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2

Error: (03/09/2014 00:47:27 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/09/2014 00:47:18 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/08/2014 10:46:08 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2

Error: (03/08/2014 10:45:39 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/08/2014 05:13:16 PM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.18150518c6df8unknown0.0.0.000000000c000000500000000172401cf3b133431f783C:\Program Files (x86)\Windows Media Player\wmplayer.exeunknown7703528a-a706-11e3-84f8-d48564b676e3

Error: (03/06/2014 02:11:14 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4Flash64_12_0_0_70.ocx12.0.0.7053015f1fc0000005000000000024352d1e8c01cf39675d1d99aeC:\Windows\Explorer.EXEC:\Windows\system32\Macromed\Flash\Flash64_12_0_0_70.ocxb3eda286-a55a-11e3-9d81-d48564b676e3

Error: (03/06/2014 00:27:08 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4mshtml.dll11.0.9600.1651852f37bcbc00000fd0000000000065a93195801cf395897edbac4C:\Windows\Explorer.EXEC:\Windows\System32\mshtml.dll28fb23bf-a54c-11e3-9d81-d48564b676e3

Error: (03/06/2014 01:27:43 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/06/2014 00:54:53 AM) (Source: Application Error)(User: )
Description: SDTray.exe2.1.21.12951f0ed9eunknown0.0.0.000000000c0000005000000001dac01cf38e3ce888396C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeunknown741b30d1-a4eb-11e3-b2e2-d48564b676e3

Error: (03/05/2014 11:07:04 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000800000000000cd7e8266001cf38e1c1f120c0C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll64422ca9-a4dc-11e3-b2e2-d48564b676e3

Error: (03/05/2014 10:13:29 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000041d00000000000cd7e8ec801cf38d1d23e8095C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlle83bfcc9-a4d4-11e3-b2e2-d48564b676e3

Error: (03/05/2014 10:12:47 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000002400000000000cd7e8ec801cf38d1d23e8095C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllcee43561-a4d4-11e3-b2e2-d48564b676e3

Error: (03/05/2014 02:19:47 PM) (Source: MsiInstaller)(User: 12345-HP)
Description: Product: Ad-Aware -- Error 1706. An installation package for the product Ad-Aware cannot be found. Try the installation again using a valid copy of the installation package 'Ad-Aware90Install.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/05/2014 02:18:50 PM) (Source: MsiInstaller)(User: 12345-HP)
Description: Product: Ad-Aware -- Error 1706. An installation package for the product Ad-Aware cannot be found. Try the installation again using a valid copy of the installation package 'Ad-Aware90Install.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 6143.29 MB
Available physical RAM: 2039.79 MB
Total Pagefile: 12286.57 MB
Available Pagefile: 7558.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:685.81 GB) (Free:418.16 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.73 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (New) (CDROM) (Total:0.73 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 12852ABA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm

Re: Serious malware infection

Unread postby thatguy87871 » March 10th, 2014, 1:15 pm

13:03:07.0293 0x12e8 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
13:03:13.0449 0x12e8 ============================================================
13:03:13.0449 0x12e8 Current date / time: 2014/03/10 13:03:13.0449
13:03:13.0449 0x12e8 SystemInfo:
13:03:13.0449 0x12e8
13:03:13.0449 0x12e8 OS Version: 6.1.7601 ServicePack: 1.0
13:03:13.0449 0x12e8 Product type: Workstation
13:03:13.0450 0x12e8 ComputerName: 12345-HP
13:03:13.0450 0x12e8 UserName: 12345
13:03:13.0450 0x12e8 Windows directory: C:\Windows
13:03:13.0450 0x12e8 System windows directory: C:\Windows
13:03:13.0450 0x12e8 Running under WOW64
13:03:13.0450 0x12e8 Processor architecture: Intel x64
13:03:13.0450 0x12e8 Number of processors: 2
13:03:13.0450 0x12e8 Page size: 0x1000
13:03:13.0450 0x12e8 Boot type: Normal boot
13:03:13.0450 0x12e8 ============================================================
13:03:15.0473 0x12e8 KLMD registered as C:\Windows\system32\drivers\73390607.sys
13:03:15.0648 0x12e8 System UUID: {B410F804-406F-A384-1D43-24FF9DE8B52F}
13:03:16.0199 0x12e8 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:03:16.0221 0x12e8 ============================================================
13:03:16.0221 0x12e8 \Device\Harddisk0\DR0:
13:03:16.0221 0x12e8 MBR partitions:
13:03:16.0221 0x12e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:03:16.0221 0x12e8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55B9F800
13:03:16.0221 0x12e8 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55BD2000, BlocksNum 0x1973800
13:03:16.0221 0x12e8 ============================================================
13:03:16.0247 0x12e8 C: <-> \Device\Harddisk0\DR0\Partition2
13:03:16.0298 0x12e8 D: <-> \Device\Harddisk0\DR0\Partition3
13:03:16.0299 0x12e8 ============================================================
13:03:16.0299 0x12e8 Initialize success
13:03:16.0299 0x12e8 ============================================================
13:04:04.0350 0x08d4 ============================================================
13:04:04.0350 0x08d4 Scan started
13:04:04.0350 0x08d4 Mode: Manual; SigCheck; TDLFS;
13:04:04.0350 0x08d4 ============================================================
13:04:04.0350 0x08d4 KSN ping started
13:04:08.0202 0x08d4 KSN ping finished: true
13:04:13.0727 0x08d4 ================ Scan system memory ========================
13:04:13.0727 0x08d4 System memory - ok
13:04:13.0728 0x08d4 ================ Scan services =============================
13:04:14.0238 0x08d4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:04:15.0560 0x08d4 1394ohci - ok
13:04:15.0596 0x08d4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:04:15.0708 0x08d4 ACPI - ok
13:04:15.0781 0x08d4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:04:16.0686 0x08d4 AcpiPmi - ok
13:04:16.0837 0x08d4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:04:16.0876 0x08d4 AdobeARMservice - ok
13:04:17.0050 0x08d4 [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:04:17.0079 0x08d4 AdobeFlashPlayerUpdateSvc - ok
13:04:17.0137 0x08d4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:04:17.0382 0x08d4 adp94xx - ok
13:04:17.0421 0x08d4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:04:17.0462 0x08d4 adpahci - ok
13:04:17.0476 0x08d4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:04:17.0492 0x08d4 adpu320 - ok
13:04:17.0512 0x08d4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:04:17.0727 0x08d4 AeLookupSvc - ok
13:04:17.0796 0x08d4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
13:04:17.0965 0x08d4 AFD - ok
13:04:18.0022 0x08d4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
13:04:18.0034 0x08d4 agp440 - ok
13:04:18.0054 0x08d4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
13:04:18.0318 0x08d4 ALG - ok
13:04:18.0388 0x08d4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
13:04:18.0399 0x08d4 aliide - ok
13:04:18.0457 0x08d4 [ 4C1E3649C89C7D542CD18ECC5210099D, 0D6CDA3E8E66DEFAA638A59B674D290035C3189C81C4C1EE4A359EC7918FA19A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:04:18.0586 0x08d4 AMD External Events Utility - ok
13:04:18.0699 0x08d4 AMD FUEL Service - ok
13:04:18.0749 0x08d4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
13:04:18.0799 0x08d4 amdide - ok
13:04:18.0847 0x08d4 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
13:04:18.0902 0x08d4 amdiox64 - ok
13:04:19.0016 0x08d4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:04:19.0614 0x08d4 AmdK8 - ok
13:04:20.0013 0x08d4 [ A3C0A15B39F979E8F3EABA901D72ECD7, D8D5C89FC85498D37EB33C75AC22F3B1FCFDB564BB11DEE63460023BA860ACF6 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:04:20.0979 0x08d4 amdkmdag - ok
13:04:21.0110 0x08d4 [ 20F3CD38B107C1BD747C0EA37D450165, 7C166B084A5AF45926DED78A5E3DC378ED3F744D46DE154A0FD83B000D3F60C3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:04:21.0370 0x08d4 amdkmdap - ok
13:04:21.0393 0x08d4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:04:21.0739 0x08d4 AmdPPM - ok
13:04:21.0768 0x08d4 [ F747497A0EE5498F79B207F215B3D2D8, 9052AD0746CF9DC9DC811C49B639CFD4C96A3A0CDB02125E45148301D4DEEEA3 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
13:04:21.0806 0x08d4 amdsata - ok
13:04:21.0870 0x08d4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:04:21.0887 0x08d4 amdsbs - ok
13:04:21.0899 0x08d4 [ 2946D695E158615BAAA16248E63C7ADB, 059B261BF275CC8EE67453C80B1CDFBE17B383BC7DA22BD66F2CCD4D444D24C7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
13:04:21.0964 0x08d4 amdxata - ok
13:04:21.0987 0x08d4 [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:04:22.0044 0x08d4 AODDriver4.01 - ok
13:04:22.0058 0x08d4 [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:04:22.0097 0x08d4 AODDriver4.2 - ok
13:04:22.0187 0x08d4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
13:04:22.0326 0x08d4 AppID - ok
13:04:22.0375 0x08d4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:04:22.0597 0x08d4 AppIDSvc - ok
13:04:22.0648 0x08d4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
13:04:22.0849 0x08d4 Appinfo - ok
13:04:22.0954 0x08d4 [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:04:22.0963 0x08d4 Apple Mobile Device - ok
13:04:23.0028 0x08d4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:04:23.0046 0x08d4 arc - ok
13:04:23.0053 0x08d4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:04:23.0067 0x08d4 arcsas - ok
13:04:23.0249 0x08d4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:04:23.0336 0x08d4 aspnet_state - ok
13:04:23.0395 0x08d4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:04:23.0581 0x08d4 AsyncMac - ok
13:04:23.0665 0x08d4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
13:04:23.0687 0x08d4 atapi - ok
13:04:23.0732 0x08d4 [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:04:23.0750 0x08d4 AtiHDAudioService - ok
13:04:23.0780 0x08d4 [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
13:04:23.0835 0x08d4 AtiPcie - ok
13:04:23.0905 0x08d4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:04:24.0080 0x08d4 AudioEndpointBuilder - ok
13:04:24.0105 0x08d4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:04:24.0189 0x08d4 AudioSrv - ok
13:04:24.0698 0x08d4 [ 4DB93F4DB7077801D2D82013506AC1D0, 3D71655D1557021D5D828E37EAFDBA35C631061E48D64B9D376746F8FCC760B3 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
13:04:24.0989 0x08d4 AVGIDSAgent - ok
13:04:25.0082 0x08d4 [ 92B7689FBC131E143421A19C18320E34, D3A323015790355070A380731CA56547F518F8AF800BC71670481A646C8FEEB3 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:04:25.0124 0x08d4 AVGIDSDriver - ok
13:04:25.0187 0x08d4 [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
13:04:25.0265 0x08d4 AVGIDSHA - ok
13:04:25.0318 0x08d4 [ FACD18A89FDEBC35C85CAF762B294BE2, FD6EBE87ACA6CC017AB7ED886B2BC13CA05BDA38E4B7E8A63F33EF7E5C755BB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
13:04:25.0422 0x08d4 Avgldx64 - ok
13:04:25.0587 0x08d4 [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
13:04:25.0727 0x08d4 Avgloga - ok
13:04:25.0772 0x08d4 [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
13:04:25.0941 0x08d4 Avgmfx64 - ok
13:04:26.0002 0x08d4 [ E191E443B0F7B05E784279A1C29B9D2A, 24B2B048C2CE5520A6B0E6702F55B5B65411E3E3D0857301E430EF2F9D7ECAFE ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
13:04:26.0014 0x08d4 Avgrkx64 - ok
13:04:26.0061 0x08d4 [ 69BD90E337625F96C718CACE7A9C9E29, 586948D6715ACB845D58BB5A73B8E5DA96A5415BC67D0508054F03D9A5C21768 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
13:04:26.0099 0x08d4 Avgtdia - ok
13:04:26.0162 0x08d4 [ D23F69FA8C0C94C4FE57B57D50F6DB66, 36C4D2DCD5ADBA59411755DCB1DB3AE52F55C46EEE8C96DD0D0765AB61A4DCE1 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
13:04:26.0236 0x08d4 avgtp - ok
13:04:26.0286 0x08d4 [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
13:04:26.0325 0x08d4 avgwd - ok
13:04:26.0377 0x08d4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:04:26.0482 0x08d4 AxInstSV - ok
13:04:26.0527 0x08d4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:04:26.0676 0x08d4 b06bdrv - ok
13:04:26.0745 0x08d4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:04:27.0032 0x08d4 b57nd60a - ok
13:04:27.0063 0x08d4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
13:04:27.0143 0x08d4 BDESVC - ok
13:04:27.0165 0x08d4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
13:04:27.0266 0x08d4 Beep - ok
13:04:27.0339 0x08d4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
13:04:27.0599 0x08d4 BFE - ok
13:04:27.0664 0x08d4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
13:04:27.0860 0x08d4 BITS - ok
13:04:27.0888 0x08d4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:04:27.0980 0x08d4 blbdrive - ok
13:04:28.0054 0x08d4 [ F2060A34C8A75BC24A9222EB4F8C07BD, 14EE16BF7E55716C1ADC3F133582A03339844088CF01E929B5A8FB8FA515F714 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:04:28.0070 0x08d4 Bonjour Service - ok
13:04:28.0119 0x08d4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:04:28.0338 0x08d4 bowser - ok
13:04:28.0370 0x08d4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:04:28.0466 0x08d4 BrFiltLo - ok
13:04:28.0471 0x08d4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:04:28.0537 0x08d4 BrFiltUp - ok
13:04:28.0597 0x08d4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
13:04:28.0660 0x08d4 Browser - ok
13:04:28.0683 0x08d4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:04:28.0786 0x08d4 Brserid - ok
13:04:28.0793 0x08d4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:04:28.0861 0x08d4 BrSerWdm - ok
13:04:28.0878 0x08d4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:04:28.0914 0x08d4 BrUsbMdm - ok
13:04:28.0935 0x08d4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:04:29.0094 0x08d4 BrUsbSer - ok
13:04:29.0103 0x08d4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:04:29.0137 0x08d4 BTHMODEM - ok
13:04:29.0174 0x08d4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
13:04:29.0428 0x08d4 bthserv - ok
13:04:29.0495 0x08d4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:04:29.0658 0x08d4 cdfs - ok
13:04:29.0746 0x08d4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:04:30.0071 0x08d4 cdrom - ok
13:04:30.0147 0x08d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
13:04:30.0588 0x08d4 CertPropSvc - ok
13:04:30.0623 0x08d4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:04:30.0687 0x08d4 circlass - ok
13:04:30.0734 0x08d4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
13:04:30.0754 0x08d4 CLFS - ok
13:04:30.0805 0x08d4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:30.0817 0x08d4 clr_optimization_v2.0.50727_32 - ok
13:04:30.0912 0x08d4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:04:30.0923 0x08d4 clr_optimization_v2.0.50727_64 - ok
13:04:31.0002 0x08d4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:04:31.0028 0x08d4 clr_optimization_v4.0.30319_32 - ok
13:04:31.0037 0x08d4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:04:31.0052 0x08d4 clr_optimization_v4.0.30319_64 - ok
13:04:31.0062 0x08d4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:04:31.0184 0x08d4 CmBatt - ok
13:04:31.0229 0x08d4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:04:31.0242 0x08d4 cmdide - ok
13:04:31.0296 0x08d4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
13:04:31.0323 0x08d4 CNG - ok
13:04:31.0347 0x08d4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:04:31.0360 0x08d4 Compbatt - ok
13:04:31.0417 0x08d4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:04:31.0577 0x08d4 CompositeBus - ok
13:04:31.0591 0x08d4 COMSysApp - ok
13:04:31.0598 0x08d4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:04:31.0609 0x08d4 crcdisk - ok
13:04:31.0656 0x08d4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:04:31.0904 0x08d4 CryptSvc - ok
13:04:32.0027 0x08d4 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:04:32.0062 0x08d4 cvhsvc - ok
13:04:32.0092 0x08d4 [ 76E02DB615A03801D698199A2BC4A06A, 402A8DE76D2181E2E5E10116284EDB2B5793BE33A417261F4B56B2851F34FA15 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:04:32.0102 0x08d4 dc3d - ok
13:04:32.0168 0x08d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:04:32.0318 0x08d4 DcomLaunch - ok
13:04:32.0359 0x08d4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
13:04:32.0603 0x08d4 defragsvc - ok
13:04:32.0684 0x08d4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:04:32.0830 0x08d4 DfsC - ok
13:04:32.0875 0x08d4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:04:32.0972 0x08d4 Dhcp - ok
13:04:33.0021 0x08d4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
13:04:33.0096 0x08d4 discache - ok
13:04:33.0143 0x08d4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:04:33.0156 0x08d4 Disk - ok
13:04:33.0197 0x08d4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:04:33.0297 0x08d4 Dnscache - ok
13:04:33.0345 0x08d4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
13:04:33.0447 0x08d4 dot3svc - ok
13:04:33.0506 0x08d4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
13:04:33.0755 0x08d4 DPS - ok
13:04:33.0890 0x08d4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:04:34.0145 0x08d4 drmkaud - ok
13:04:34.0463 0x08d4 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:04:34.0484 0x08d4 dtsoftbus01 - ok
13:04:34.0811 0x08d4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:04:34.0868 0x08d4 DXGKrnl - ok
13:04:35.0044 0x08d4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
13:04:35.0228 0x08d4 EapHost - ok
13:04:35.0515 0x08d4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:04:35.0954 0x08d4 ebdrv - ok
13:04:36.0006 0x08d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
13:04:36.0059 0x08d4 EFS - ok
13:04:36.0130 0x08d4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:04:36.0212 0x08d4 ehRecvr - ok
13:04:36.0238 0x08d4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
13:04:36.0282 0x08d4 ehSched - ok
13:04:36.0321 0x08d4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:04:36.0390 0x08d4 elxstor - ok
13:04:36.0445 0x08d4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:04:36.0593 0x08d4 ErrDev - ok
13:04:36.0710 0x08d4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
13:04:36.0786 0x08d4 EventSystem - ok
13:04:36.0803 0x08d4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
13:04:36.0906 0x08d4 exfat - ok
13:04:36.0923 0x08d4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:04:37.0010 0x08d4 fastfat - ok
13:04:37.0095 0x08d4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
13:04:37.0295 0x08d4 Fax - ok
13:04:37.0327 0x08d4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:04:37.0404 0x08d4 fdc - ok
13:04:37.0437 0x08d4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
13:04:37.0497 0x08d4 fdPHost - ok
13:04:37.0515 0x08d4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
13:04:37.0818 0x08d4 FDResPub - ok
13:04:37.0836 0x08d4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:04:37.0848 0x08d4 FileInfo - ok
13:04:37.0868 0x08d4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:04:37.0983 0x08d4 Filetrace - ok
13:04:38.0005 0x08d4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:04:38.0109 0x08d4 flpydisk - ok
13:04:38.0158 0x08d4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:04:38.0176 0x08d4 FltMgr - ok
13:04:38.0318 0x08d4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
13:04:38.0488 0x08d4 FontCache - ok
13:04:38.0540 0x08d4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:04:38.0556 0x08d4 FontCache3.0.0.0 - ok
13:04:38.0591 0x08d4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:04:38.0605 0x08d4 FsDepends - ok
13:04:38.0654 0x08d4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:04:38.0666 0x08d4 Fs_Rec - ok
13:04:38.0735 0x08d4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:04:38.0825 0x08d4 fvevol - ok
13:04:38.0858 0x08d4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:04:38.0872 0x08d4 gagp30kx - ok
13:04:38.0941 0x08d4 [ CE16683CFD11FE70BDE435DDA5EA1FCA, 43D850361F2B5C9389F7FABC3C62BD1517349C03834F436579DD01CFD09919F4 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:04:38.0957 0x08d4 GameConsoleService - ok
13:04:39.0029 0x08d4 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:04:39.0044 0x08d4 GEARAspiWDM - ok
13:04:39.0127 0x08d4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
13:04:39.0397 0x08d4 gpsvc - ok
13:04:39.0422 0x08d4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:04:39.0498 0x08d4 hcw85cir - ok
13:04:39.0558 0x08d4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:04:39.0661 0x08d4 HdAudAddService - ok
13:04:39.0684 0x08d4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:04:39.0729 0x08d4 HDAudBus - ok
13:04:39.0737 0x08d4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:04:39.0850 0x08d4 HidBatt - ok
13:04:39.0873 0x08d4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:04:39.0927 0x08d4 HidBth - ok
13:04:39.0940 0x08d4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:04:40.0006 0x08d4 HidIr - ok
13:04:40.0038 0x08d4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
13:04:40.0119 0x08d4 hidserv - ok
13:04:40.0190 0x08d4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:04:40.0257 0x08d4 HidUsb - ok
13:04:40.0308 0x08d4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:04:40.0407 0x08d4 hkmsvc - ok
13:04:40.0525 0x08d4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:04:40.0803 0x08d4 HomeGroupListener - ok
13:04:40.0869 0x08d4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:04:40.0910 0x08d4 HomeGroupProvider - ok
13:04:40.0992 0x08d4 hpqwmiex - ok
13:04:41.0050 0x08d4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:04:41.0073 0x08d4 HpSAMD - ok
13:04:41.0152 0x08d4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:04:41.0322 0x08d4 HTTP - ok
13:04:41.0364 0x08d4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:04:41.0375 0x08d4 hwpolicy - ok
13:04:41.0435 0x08d4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:04:41.0460 0x08d4 i8042prt - ok
13:04:41.0489 0x08d4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:04:41.0526 0x08d4 iaStorV - ok
13:04:41.0577 0x08d4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:04:41.0611 0x08d4 idsvc - ok
13:04:41.0663 0x08d4 IEEtwCollectorService - ok
13:04:41.0679 0x08d4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:04:41.0691 0x08d4 iirsp - ok
13:04:41.0755 0x08d4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
13:04:41.0878 0x08d4 IKEEXT - ok
13:04:41.0974 0x08d4 [ 2B888BBDF6962E608A5E1A1D7A626ADF, FF747B0D37FCE8CE8ED76532658AB325734D8F475A322884DB25729C4F8E2B50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:04:42.0153 0x08d4 IntcAzAudAddService - ok
13:04:42.0207 0x08d4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
13:04:42.0218 0x08d4 intelide - ok
13:04:42.0281 0x08d4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:04:42.0361 0x08d4 intelppm - ok
13:04:42.0392 0x08d4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:04:42.0602 0x08d4 IPBusEnum - ok
13:04:42.0651 0x08d4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:04:42.0764 0x08d4 IpFilterDriver - ok
13:04:42.0827 0x08d4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:04:42.0964 0x08d4 iphlpsvc - ok
13:04:43.0018 0x08d4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:04:43.0106 0x08d4 IPMIDRV - ok
13:04:43.0150 0x08d4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:04:43.0364 0x08d4 IPNAT - ok
13:04:43.0470 0x08d4 [ A9E53E1A9C4274EEBC00D36AE5ED40DE, 49123A8C6975CD291D4952ACC8B5835538549545C8BCEF7923D4FB54D697446D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:04:43.0500 0x08d4 iPod Service - ok
13:04:43.0525 0x08d4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:04:43.0625 0x08d4 IRENUM - ok
13:04:43.0633 0x08d4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:04:43.0645 0x08d4 isapnp - ok
13:04:43.0726 0x08d4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:04:43.0746 0x08d4 iScsiPrt - ok
13:04:43.0801 0x08d4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:04:43.0813 0x08d4 kbdclass - ok
13:04:43.0865 0x08d4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:04:44.0175 0x08d4 kbdhid - ok
13:04:44.0205 0x08d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
13:04:44.0343 0x08d4 KeyIso - ok
13:04:44.0386 0x08d4 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:04:44.0398 0x08d4 KSecDD - ok
13:04:44.0414 0x08d4 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:04:44.0455 0x08d4 KSecPkg - ok
13:04:44.0481 0x08d4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:04:44.0579 0x08d4 ksthunk - ok
13:04:44.0616 0x08d4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
13:04:44.0781 0x08d4 KtmRm - ok
13:04:44.0865 0x08d4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:04:45.0077 0x08d4 LanmanServer - ok
13:04:45.0118 0x08d4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:04:45.0357 0x08d4 LanmanWorkstation - ok
13:04:45.0478 0x08d4 [ 61323B88EFE90F6B144A3611B3ED1D7D, B43F18321C95328C7A4E011505E01F4545CA197669E7D1FC5108605B220E6BC1 ] Lavasoft Ad-Aware Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
13:04:45.0683 0x08d4 Lavasoft Ad-Aware Service - detected UnsignedFile.Multi.Generic ( 1 )
13:04:48.0898 0x08d4 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - warning
13:04:48.0898 0x08d4 Force sending object to P2P due to detect: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
13:04:57.0430 0x08d4 Object send P2P result: true
13:05:00.0566 0x08d4 [ 9A7FA6371F68335FD3C3D6488BC5A9F8, 1D5007B70A7DB3D8B09C187857614CC2A67ED5577440929EEC5A6E56C2CE19C6 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
13:05:00.0668 0x08d4 Lavasoft Kernexplorer - ok
13:05:00.0727 0x08d4 [ 3C46290F7A5D45BA6EF32C248E22AA69, E2EAC359B38AE1A36DACDFE6E3923C1D70D6F5B9E5E411279B074802CB019760 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
13:05:00.0759 0x08d4 Lbd - ok
13:05:00.0804 0x08d4 [ 7550D101BF49FDB1F92666A233EE36C4, 281EE6C9AAE0A3FDA8D0FE7CD6BA55C481B8719799A526601FEA0542345CAF18 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:05:00.0863 0x08d4 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
13:05:04.0751 0x08d4 Detect skipped due to KSN trusted
13:05:04.0751 0x08d4 LightScribeService - ok
13:05:04.0799 0x08d4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:05:05.0109 0x08d4 lltdio - ok
13:05:05.0141 0x08d4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:05:05.0400 0x08d4 lltdsvc - ok
13:05:05.0411 0x08d4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:05:05.0528 0x08d4 lmhosts - ok
13:05:05.0563 0x08d4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:05:05.0578 0x08d4 LSI_FC - ok
13:05:05.0587 0x08d4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:05:05.0601 0x08d4 LSI_SAS - ok
13:05:05.0620 0x08d4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:05:05.0633 0x08d4 LSI_SAS2 - ok
13:05:05.0651 0x08d4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:05:05.0678 0x08d4 LSI_SCSI - ok
13:05:05.0692 0x08d4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
13:05:05.0841 0x08d4 luafv - ok
13:05:05.0861 0x08d4 lxdx_device - ok
13:05:05.0912 0x08d4 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:05:05.0954 0x08d4 MBAMProtector - ok
13:05:06.0038 0x08d4 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:05:06.0099 0x08d4 MBAMScheduler - ok
13:05:06.0183 0x08d4 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:05:06.0208 0x08d4 MBAMService - ok
13:05:06.0249 0x08d4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:05:06.0384 0x08d4 Mcx2Svc - ok
13:05:06.0419 0x08d4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:05:06.0431 0x08d4 megasas - ok
13:05:06.0450 0x08d4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:05:06.0531 0x08d4 MegaSR - ok
13:05:06.0665 0x08d4 Microsoft SharePoint Workspace Audit Service - ok
13:05:06.0771 0x08d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
13:05:06.0941 0x08d4 MMCSS - ok
13:05:06.0990 0x08d4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
13:05:07.0109 0x08d4 Modem - ok
13:05:07.0162 0x08d4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:05:07.0506 0x08d4 monitor - ok
13:05:07.0556 0x08d4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:05:07.0572 0x08d4 mouclass - ok
13:05:07.0653 0x08d4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:05:07.0900 0x08d4 mouhid - ok
13:05:07.0931 0x08d4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:05:07.0943 0x08d4 mountmgr - ok
13:05:08.0031 0x08d4 [ A35576A433F4AEB0D48976A004657CB6, F820A759119785C3FB10B0EDCF8EF9985886A9B0767ABD45B2ACAC03498B321E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:05:08.0046 0x08d4 MozillaMaintenance - ok
13:05:08.0065 0x08d4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:05:08.0080 0x08d4 mpio - ok
13:05:08.0111 0x08d4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:05:08.0169 0x08d4 mpsdrv - ok
13:05:08.0251 0x08d4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:05:08.0568 0x08d4 MpsSvc - ok
13:05:08.0698 0x08d4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:05:08.0731 0x08d4 MRxDAV - ok
13:05:08.0784 0x08d4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:05:08.0896 0x08d4 mrxsmb - ok
13:05:08.0947 0x08d4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:05:09.0197 0x08d4 mrxsmb10 - ok
13:05:09.0215 0x08d4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:05:09.0288 0x08d4 mrxsmb20 - ok
13:05:09.0326 0x08d4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
13:05:09.0338 0x08d4 msahci - ok
13:05:09.0386 0x08d4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:05:09.0401 0x08d4 msdsm - ok
13:05:09.0428 0x08d4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
13:05:09.0527 0x08d4 MSDTC - ok
13:05:09.0563 0x08d4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:05:09.0706 0x08d4 Msfs - ok
13:05:09.0785 0x08d4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:05:09.0904 0x08d4 mshidkmdf - ok
13:05:09.0940 0x08d4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:05:09.0951 0x08d4 msisadrv - ok
13:05:10.0038 0x08d4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:05:10.0115 0x08d4 MSiSCSI - ok
13:05:10.0122 0x08d4 msiserver - ok
13:05:10.0238 0x08d4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:05:10.0653 0x08d4 MSKSSRV - ok
13:05:10.0778 0x08d4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:05:10.0897 0x08d4 MSPCLOCK - ok
13:05:10.0909 0x08d4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:05:11.0234 0x08d4 MSPQM - ok
13:05:11.0282 0x08d4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:05:11.0301 0x08d4 MsRPC - ok
13:05:11.0352 0x08d4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:05:11.0363 0x08d4 mssmbios - ok
13:05:11.0372 0x08d4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:05:11.0498 0x08d4 MSTEE - ok
13:05:11.0513 0x08d4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:05:11.0692 0x08d4 MTConfig - ok
13:05:11.0733 0x08d4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
13:05:11.0745 0x08d4 Mup - ok
13:05:11.0799 0x08d4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
13:05:12.0043 0x08d4 napagent - ok
13:05:12.0072 0x08d4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:05:12.0141 0x08d4 NativeWifiP - ok
13:05:12.0209 0x08d4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
13:05:12.0242 0x08d4 NDIS - ok
13:05:12.0265 0x08d4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:05:12.0365 0x08d4 NdisCap - ok
13:05:12.0383 0x08d4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:05:12.0504 0x08d4 NdisTapi - ok
13:05:12.0537 0x08d4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:05:12.0655 0x08d4 Ndisuio - ok
13:05:12.0710 0x08d4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:05:12.0814 0x08d4 NdisWan - ok
13:05:12.0858 0x08d4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:05:13.0065 0x08d4 NDProxy - ok
13:05:13.0096 0x08d4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:05:13.0240 0x08d4 NetBIOS - ok
13:05:13.0286 0x08d4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:05:13.0370 0x08d4 NetBT - ok
13:05:13.0388 0x08d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
13:05:13.0431 0x08d4 Netlogon - ok
13:05:13.0461 0x08d4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
13:05:13.0567 0x08d4 Netman - ok
13:05:13.0613 0x08d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:13.0631 0x08d4 NetMsmqActivator - ok
13:05:13.0637 0x08d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:13.0655 0x08d4 NetPipeActivator - ok
13:05:13.0700 0x08d4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
13:05:13.0756 0x08d4 netprofm - ok
13:05:13.0764 0x08d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:13.0781 0x08d4 NetTcpActivator - ok
13:05:13.0787 0x08d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:13.0804 0x08d4 NetTcpPortSharing - ok
13:05:13.0825 0x08d4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:05:13.0838 0x08d4 nfrd960 - ok
13:05:13.0884 0x08d4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:05:14.0004 0x08d4 NlaSvc - ok
13:05:14.0022 0x08d4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:05:14.0094 0x08d4 Npfs - ok
13:05:14.0109 0x08d4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
13:05:14.0232 0x08d4 nsi - ok
13:05:14.0253 0x08d4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:05:14.0429 0x08d4 nsiproxy - ok
13:05:14.0519 0x08d4 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:05:14.0573 0x08d4 Ntfs - ok
13:05:14.0608 0x08d4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
13:05:14.0728 0x08d4 Null - ok
13:05:14.0936 0x08d4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:05:14.0960 0x08d4 nvraid - ok
13:05:15.0066 0x08d4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:05:15.0082 0x08d4 nvstor - ok
13:05:15.0102 0x08d4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:05:15.0116 0x08d4 nv_agp - ok
13:05:15.0138 0x08d4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:05:15.0194 0x08d4 ohci1394 - ok
13:05:15.0266 0x08d4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:15.0280 0x08d4 ose - ok
13:05:15.0530 0x08d4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:05:15.0688 0x08d4 osppsvc - ok
13:05:15.0739 0x08d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:05:15.0836 0x08d4 p2pimsvc - ok
13:05:15.0873 0x08d4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
13:05:16.0013 0x08d4 p2psvc - ok
13:05:16.0051 0x08d4 [ 3A6DCEB1848470320E4A3C12D7A35B1C, B1BF8305CEC4F5AC250B8EC8C36B93F90E6DDD267AFAAF654A0D6AD555A7FA92 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
13:05:16.0136 0x08d4 PAC207 - ok
13:05:16.0157 0x08d4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parp
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm

Re: Serious malware infection

Unread postby thatguy87871 » March 10th, 2014, 1:15 pm

C:\Windows\system32\DRIVERS\parport.sys
13:05:16.0209 0x08d4 Parport - ok
13:05:16.0269 0x08d4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:05:16.0281 0x08d4 partmgr - ok
13:05:16.0376 0x08d4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
13:05:16.0436 0x08d4 PcaSvc - ok
13:05:16.0483 0x08d4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
13:05:16.0508 0x08d4 pci - ok
13:05:16.0579 0x08d4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
13:05:16.0590 0x08d4 pciide - ok
13:05:16.0628 0x08d4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:05:16.0658 0x08d4 pcmcia - ok
13:05:16.0746 0x08d4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
13:05:16.0765 0x08d4 pcw - ok
13:05:16.0872 0x08d4 pdfcDispatcher - ok
13:05:17.0025 0x08d4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:05:17.0186 0x08d4 PEAUTH - ok
13:05:17.0305 0x08d4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:05:17.0364 0x08d4 PerfHost - ok
13:05:17.0459 0x08d4 [ ACC93675D78D1C07DAD09D7837F2397A, C3CDF92105D496275AF03AD8BC1216739007DE900D1DFC4E8843E7D26FB06FE2 ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
13:05:17.0534 0x08d4 pgsql-8.3 - detected UnsignedFile.Multi.Generic ( 1 )
13:05:20.0614 0x08d4 Detect skipped due to KSN trusted
13:05:20.0614 0x08d4 pgsql-8.3 - ok
13:05:20.0691 0x08d4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
13:05:20.0859 0x08d4 pla - ok
13:05:20.0913 0x08d4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:05:20.0990 0x08d4 PlugPlay - ok
13:05:21.0006 0x08d4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:05:21.0040 0x08d4 PNRPAutoReg - ok
13:05:21.0056 0x08d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:05:21.0119 0x08d4 PNRPsvc - ok
13:05:21.0184 0x08d4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:05:21.0335 0x08d4 PolicyAgent - ok
13:05:21.0368 0x08d4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
13:05:21.0654 0x08d4 Power - ok
13:05:21.0704 0x08d4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:05:21.0875 0x08d4 PptpMiniport - ok
13:05:21.0899 0x08d4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:05:21.0932 0x08d4 Processor - ok
13:05:21.0986 0x08d4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
13:05:22.0059 0x08d4 ProfSvc - ok
13:05:22.0071 0x08d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:05:22.0103 0x08d4 ProtectedStorage - ok
13:05:22.0156 0x08d4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:05:22.0270 0x08d4 Psched - ok
13:05:22.0352 0x08d4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:05:22.0412 0x08d4 ql2300 - ok
13:05:22.0440 0x08d4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:05:22.0461 0x08d4 ql40xx - ok
13:05:22.0487 0x08d4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
13:05:22.0725 0x08d4 QWAVE - ok
13:05:22.0754 0x08d4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:05:22.0836 0x08d4 QWAVEdrv - ok
13:05:22.0852 0x08d4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:05:23.0085 0x08d4 RasAcd - ok
13:05:23.0122 0x08d4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:05:23.0193 0x08d4 RasAgileVpn - ok
13:05:23.0224 0x08d4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
13:05:23.0420 0x08d4 RasAuto - ok
13:05:23.0456 0x08d4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:05:23.0647 0x08d4 Rasl2tp - ok
13:05:23.0692 0x08d4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
13:05:23.0790 0x08d4 RasMan - ok
13:05:23.0816 0x08d4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:05:23.0946 0x08d4 RasPppoe - ok
13:05:23.0980 0x08d4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:05:24.0091 0x08d4 RasSstp - ok
13:05:24.0142 0x08d4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:05:24.0233 0x08d4 rdbss - ok
13:05:24.0252 0x08d4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:05:24.0287 0x08d4 rdpbus - ok
13:05:24.0305 0x08d4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:05:24.0367 0x08d4 RDPCDD - ok
13:05:24.0382 0x08d4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:05:24.0518 0x08d4 RDPENCDD - ok
13:05:24.0525 0x08d4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:05:24.0622 0x08d4 RDPREFMP - ok
13:05:24.0680 0x08d4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:05:24.0819 0x08d4 RDPWD - ok
13:05:24.0870 0x08d4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:05:24.0885 0x08d4 rdyboost - ok
13:05:24.0953 0x08d4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:05:25.0062 0x08d4 RemoteAccess - ok
13:05:25.0093 0x08d4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:05:25.0214 0x08d4 RemoteRegistry - ok
13:05:25.0265 0x08d4 [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:05:25.0319 0x08d4 RimUsb - ok
13:05:25.0337 0x08d4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:05:25.0413 0x08d4 RpcEptMapper - ok
13:05:25.0422 0x08d4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
13:05:25.0575 0x08d4 RpcLocator - ok
13:05:25.0625 0x08d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
13:05:25.0715 0x08d4 RpcSs - ok
13:05:25.0745 0x08d4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:05:25.0810 0x08d4 rspndr - ok
13:05:25.0841 0x08d4 [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:05:25.0943 0x08d4 RSUSBSTOR - ok
13:05:25.0970 0x08d4 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:05:26.0031 0x08d4 RTL8167 - ok
13:05:26.0047 0x08d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
13:05:26.0115 0x08d4 SamSs - ok
13:05:26.0160 0x08d4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:05:26.0173 0x08d4 sbp2port - ok
13:05:26.0199 0x08d4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:05:26.0452 0x08d4 SCardSvr - ok
13:05:26.0491 0x08d4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:05:26.0602 0x08d4 scfilter - ok
13:05:26.0752 0x08d4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
13:05:27.0079 0x08d4 Schedule - ok
13:05:27.0121 0x08d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:05:27.0194 0x08d4 SCPolicySvc - ok
13:05:27.0241 0x08d4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:05:27.0325 0x08d4 SDRSVC - ok
13:05:27.0615 0x08d4 [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:05:27.0845 0x08d4 SDScannerService - ok
13:05:27.0923 0x08d4 [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:05:28.0042 0x08d4 SDUpdateService - ok
13:05:28.0133 0x08d4 [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:05:28.0203 0x08d4 SDWSCService - ok
13:05:28.0265 0x08d4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:05:28.0343 0x08d4 secdrv - ok
13:05:28.0386 0x08d4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
13:05:28.0465 0x08d4 seclogon - ok
13:05:28.0498 0x08d4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
13:05:28.0565 0x08d4 SENS - ok
13:05:28.0593 0x08d4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:05:28.0665 0x08d4 SensrSvc - ok
13:05:28.0759 0x08d4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:05:28.0884 0x08d4 Serenum - ok
13:05:28.0895 0x08d4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:05:29.0088 0x08d4 Serial - ok
13:05:29.0131 0x08d4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:05:29.0254 0x08d4 sermouse - ok
13:05:29.0300 0x08d4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
13:05:29.0545 0x08d4 SessionEnv - ok
13:05:29.0557 0x08d4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:05:29.0678 0x08d4 sffdisk - ok
13:05:29.0692 0x08d4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:05:29.0797 0x08d4 sffp_mmc - ok
13:05:29.0805 0x08d4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:05:29.0866 0x08d4 sffp_sd - ok
13:05:29.0890 0x08d4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:05:30.0039 0x08d4 sfloppy - ok
13:05:30.0121 0x08d4 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
13:05:30.0252 0x08d4 Sftfs - ok
13:05:30.0329 0x08d4 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:05:30.0352 0x08d4 sftlist - ok
13:05:30.0369 0x08d4 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:05:30.0385 0x08d4 Sftplay - ok
13:05:30.0393 0x08d4 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:05:30.0405 0x08d4 Sftredir - ok
13:05:30.0417 0x08d4 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
13:05:30.0429 0x08d4 Sftvol - ok
13:05:30.0444 0x08d4 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:05:30.0460 0x08d4 sftvsa - ok
13:05:30.0508 0x08d4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:05:30.0779 0x08d4 SharedAccess - ok
13:05:30.0833 0x08d4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:05:30.0962 0x08d4 ShellHWDetection - ok
13:05:30.0991 0x08d4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:05:31.0005 0x08d4 SiSRaid2 - ok
13:05:31.0033 0x08d4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:05:31.0046 0x08d4 SiSRaid4 - ok
13:05:31.0161 0x08d4 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:05:31.0178 0x08d4 SkypeUpdate - ok
13:05:31.0246 0x08d4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:05:31.0360 0x08d4 Smb - ok
13:05:31.0404 0x08d4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:05:31.0458 0x08d4 SNMPTRAP - ok
13:05:31.0474 0x08d4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
13:05:31.0485 0x08d4 spldr - ok
13:05:31.0534 0x08d4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
13:05:31.0675 0x08d4 Spooler - ok
13:05:31.0860 0x08d4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
13:05:32.0073 0x08d4 sppsvc - ok
13:05:32.0106 0x08d4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:05:32.0236 0x08d4 sppuinotify - ok
13:05:32.0297 0x08d4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:05:32.0337 0x08d4 srv - ok
13:05:32.0386 0x08d4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:05:32.0514 0x08d4 srv2 - ok
13:05:32.0545 0x08d4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:05:32.0668 0x08d4 srvnet - ok
13:05:32.0707 0x08d4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:05:32.0909 0x08d4 SSDPSRV - ok
13:05:32.0932 0x08d4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:05:33.0034 0x08d4 SstpSvc - ok
13:05:33.0152 0x08d4 [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:05:33.0179 0x08d4 Steam Client Service - ok
13:05:33.0198 0x08d4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:05:33.0217 0x08d4 stexstor - ok
13:05:33.0287 0x08d4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
13:05:33.0384 0x08d4 stisvc - ok
13:05:33.0420 0x08d4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
13:05:33.0430 0x08d4 swenum - ok
13:05:33.0465 0x08d4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
13:05:33.0670 0x08d4 swprv - ok
13:05:33.0759 0x08d4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
13:05:33.0886 0x08d4 SysMain - ok
13:05:33.0941 0x08d4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:05:34.0047 0x08d4 TabletInputService - ok
13:05:34.0073 0x08d4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
13:05:34.0394 0x08d4 TapiSrv - ok
13:05:34.0441 0x08d4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
13:05:34.0521 0x08d4 TBS - ok
13:05:34.0706 0x08d4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:05:34.0941 0x08d4 Tcpip - ok
13:05:35.0017 0x08d4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:05:35.0075 0x08d4 TCPIP6 - ok
13:05:35.0119 0x08d4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:05:35.0355 0x08d4 tcpipreg - ok
13:05:35.0430 0x08d4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:05:35.0541 0x08d4 TDPIPE - ok
13:05:35.0600 0x08d4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:05:35.0878 0x08d4 TDTCP - ok
13:05:35.0991 0x08d4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:05:36.0329 0x08d4 tdx - ok
13:05:36.0368 0x08d4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
13:05:36.0380 0x08d4 TermDD - ok
13:05:36.0413 0x08d4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
13:05:36.0690 0x08d4 TermService - ok
13:05:36.0731 0x08d4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
13:05:36.0774 0x08d4 Themes - ok
13:05:36.0795 0x08d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
13:05:36.0858 0x08d4 THREADORDER - ok
13:05:36.0882 0x08d4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
13:05:37.0022 0x08d4 TrkWks - ok
13:05:37.0085 0x08d4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:05:37.0245 0x08d4 TrustedInstaller - ok
13:05:37.0287 0x08d4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:05:37.0403 0x08d4 tssecsrv - ok
13:05:37.0513 0x08d4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:05:37.0565 0x08d4 TsUsbFlt - ok
13:05:37.0623 0x08d4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:05:37.0877 0x08d4 tunnel - ok
13:05:37.0908 0x08d4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:05:37.0920 0x08d4 uagp35 - ok
13:05:37.0945 0x08d4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:05:38.0051 0x08d4 udfs - ok
13:05:38.0078 0x08d4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:05:38.0117 0x08d4 UI0Detect - ok
13:05:38.0134 0x08d4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:05:38.0147 0x08d4 uliagpkx - ok
13:05:38.0192 0x08d4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
13:05:38.0436 0x08d4 umbus - ok
13:05:38.0530 0x08d4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:05:38.0876 0x08d4 UmPass - ok
13:05:38.0900 0x08d4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
13:05:39.0237 0x08d4 upnphost - ok
13:05:39.0282 0x08d4 [ 54D4B48D443E7228BF64CF7CDC3118AC, 4C953166EAECFD217218E386B411A4BDDA86AE65DCF352D271DF8E3D7DECC85F ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:05:39.0413 0x08d4 USBAAPL64 - ok
13:05:39.0485 0x08d4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:05:39.0721 0x08d4 usbaudio - ok
13:05:39.0764 0x08d4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:05:40.0043 0x08d4 usbccgp - ok
13:05:40.0064 0x08d4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:05:40.0178 0x08d4 usbcir - ok
13:05:40.0190 0x08d4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:05:40.0400 0x08d4 usbehci - ok
13:05:40.0423 0x08d4 [ 2C780746DC44A28FE67004DC58173F05, 9E0596CE35C7430A31A7E77B4D12A1F521B9ED8EB0614E6FB38403AC614C3EE3 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
13:05:40.0501 0x08d4 usbfilter - ok
13:05:40.0541 0x08d4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:05:40.0850 0x08d4 usbhub - ok
13:05:40.0915 0x08d4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:05:41.0315 0x08d4 usbohci - ok
13:05:41.0362 0x08d4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:05:41.0887 0x08d4 usbprint - ok
13:05:41.0904 0x08d4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
13:05:42.0368 0x08d4 usbscan - ok
13:05:42.0411 0x08d4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:05:42.0516 0x08d4 USBSTOR - ok
13:05:42.0534 0x08d4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:05:42.0624 0x08d4 usbuhci - ok
13:05:42.0679 0x08d4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:05:42.0853 0x08d4 usbvideo - ok
13:05:42.0912 0x08d4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
13:05:43.0553 0x08d4 UxSms - ok
13:05:43.0572 0x08d4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
13:05:44.0185 0x08d4 VaultSvc - ok
13:05:44.0203 0x08d4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:05:44.0661 0x08d4 vdrvroot - ok
13:05:44.0754 0x08d4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
13:05:45.0153 0x08d4 vds - ok
13:05:45.0189 0x08d4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:05:45.0496 0x08d4 vga - ok
13:05:45.0531 0x08d4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:05:46.0081 0x08d4 VgaSave - ok
13:05:46.0133 0x08d4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:05:46.0309 0x08d4 vhdmp - ok
13:05:46.0347 0x08d4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
13:05:46.0379 0x08d4 viaide - ok
13:05:46.0394 0x08d4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:05:46.0406 0x08d4 volmgr - ok
13:05:46.0447 0x08d4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:05:46.0561 0x08d4 volmgrx - ok
13:05:46.0606 0x08d4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:05:46.0639 0x08d4 volsnap - ok
13:05:46.0676 0x08d4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:05:46.0691 0x08d4 vsmraid - ok
13:05:46.0822 0x08d4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
13:05:47.0198 0x08d4 VSS - ok
13:05:47.0220 0x08d4 vToolbarUpdater18.0.0 - ok
13:05:47.0237 0x08d4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:05:47.0419 0x08d4 vwifibus - ok
13:05:47.0449 0x08d4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
13:05:48.0073 0x08d4 W32Time - ok
13:05:48.0085 0x08d4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:05:48.0423 0x08d4 WacomPen - ok
13:05:48.0453 0x08d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:05:48.0532 0x08d4 WANARP - ok
13:05:48.0538 0x08d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:05:49.0009 0x08d4 Wanarpv6 - ok
13:05:49.0109 0x08d4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:05:49.0161 0x08d4 WatAdminSvc - ok
13:05:49.0287 0x08d4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
13:05:49.0599 0x08d4 wbengine - ok
13:05:49.0639 0x08d4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:05:49.0732 0x08d4 WbioSrvc - ok
13:05:49.0778 0x08d4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:05:49.0861 0x08d4 wcncsvc - ok
13:05:49.0879 0x08d4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:05:49.0924 0x08d4 WcsPlugInService - ok
13:05:49.0951 0x08d4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:05:49.0962 0x08d4 Wd - ok
13:05:50.0016 0x08d4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:05:50.0092 0x08d4 Wdf01000 - ok
13:05:50.0120 0x08d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:05:50.0339 0x08d4 WdiServiceHost - ok
13:05:50.0345 0x08d4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:05:50.0556 0x08d4 WdiSystemHost - ok
13:05:50.0612 0x08d4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
13:05:50.0796 0x08d4 WebClient - ok
13:05:50.0830 0x08d4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:05:50.0941 0x08d4 Wecsvc - ok
13:05:50.0955 0x08d4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:05:51.0082 0x08d4 wercplsupport - ok
13:05:51.0165 0x08d4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
13:05:51.0516 0x08d4 WerSvc - ok
13:05:51.0546 0x08d4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:05:51.0634 0x08d4 WfpLwf - ok
13:05:51.0654 0x08d4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:05:51.0665 0x08d4 WIMMount - ok
13:05:51.0678 0x08d4 WinDefend - ok
13:05:51.0686 0x08d4 WinHttpAutoProxySvc - ok
13:05:51.0741 0x08d4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:05:51.0931 0x08d4 Winmgmt - ok
13:05:52.0020 0x08d4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
13:05:52.0356 0x08d4 WinRM - ok
13:05:52.0426 0x08d4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:05:52.0585 0x08d4 WinUsb - ok
13:05:52.0626 0x08d4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:05:52.0775 0x08d4 Wlansvc - ok
13:05:52.0827 0x08d4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:05:53.0334 0x08d4 WmiAcpi - ok
13:05:53.0599 0x08d4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:05:53.0935 0x08d4 wmiApSrv - ok
13:05:53.0963 0x08d4 WMPNetworkSvc - ok
13:05:54.0151 0x08d4 [ 83B6CA03C846FCD47F9883D77D1EB27B, 1616DBBC95085B6618B7F884383507E2A54D561A41288E79FA6DC99218C02802 ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
13:05:54.0226 0x08d4 WMZuneComm - ok
13:05:54.0250 0x08d4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:05:54.0334 0x08d4 WPCSvc - ok
13:05:54.0395 0x08d4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:05:54.0516 0x08d4 WPDBusEnum - ok
13:05:54.0537 0x08d4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:05:54.0893 0x08d4 ws2ifsl - ok
13:05:54.0918 0x08d4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
13:05:55.0109 0x08d4 wscsvc - ok
13:05:55.0279 0x08d4 WSearch - ok
13:05:55.0403 0x08d4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
13:05:55.0499 0x08d4 wuauserv - ok
13:05:55.0575 0x08d4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:05:55.0957 0x08d4 WudfPf - ok
13:05:56.0015 0x08d4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:05:56.0258 0x08d4 WUDFRd - ok
13:05:56.0350 0x08d4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:05:56.0538 0x08d4 wudfsvc - ok
13:05:56.0581 0x08d4 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:05:56.0694 0x08d4 WwanSvc - ok
13:05:57.0317 0x08d4 [ 67B787C34FB2888D01B130AE007042D8, E44878E53F265C89F271B08B81C129105E42D1C78C14467B2D96E28A9A428B1A ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
13:05:57.0920 0x08d4 ZuneNetworkSvc - ok
13:05:58.0085 0x08d4 [ 4D89FC1C20CF655739EFAC5DA81A67BC, 788D0A5B9972ED6D80242C0C5E80AB0FAB44A708B896D5F724AC1559A291C8DD ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:05:58.0112 0x08d4 ZuneWlanCfgSvc - ok
13:05:58.0134 0x08d4 ================ Scan global ===============================
13:05:58.0154 0x08d4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:05:58.0194 0x08d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:05:58.0208 0x08d4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:05:58.0231 0x08d4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:05:58.0249 0x08d4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:05:58.0257 0x08d4 [ Global ] - ok
13:05:58.0258 0x08d4 ================ Scan MBR ==================================
13:05:58.0263 0x08d4 [ 0BFB7F13B52FD5B509D2F3B0E8B0A728 ] \Device\Harddisk0\DR0
13:05:59.0361 0x08d4 \Device\Harddisk0\DR0 - ok
13:05:59.0361 0x08d4 ================ Scan VBR ==================================
13:05:59.0386 0x08d4 [ 0879E7D03D08530072FD16D234D73FAA ] \Device\Harddisk0\DR0\Partition1
13:05:59.0409 0x08d4 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
13:05:59.0410 0x08d4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
13:06:02.0523 0x08d4 [ 7A45638C1A007C74253626CAF15F6AD2 ] \Device\Harddisk0\DR0\Partition2
13:06:02.0524 0x08d4 \Device\Harddisk0\DR0\Partition2 - ok
13:06:02.0560 0x08d4 [ FAED515FD860638364B6955179BB2541 ] \Device\Harddisk0\DR0\Partition3
13:06:02.0561 0x08d4 \Device\Harddisk0\DR0\Partition3 - ok
13:06:02.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:03.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:04.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:05.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:06.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:07.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:08.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:09.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:10.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:11.0562 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:12.0564 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:13.0564 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:14.0564 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:15.0566 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:16.0566 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:17.0566 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:18.0566 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:19.0566 0x08d4 Waiting for KSN requests completion. In queue: 170
13:06:21.0042 0x08d4 AV detected via SS2: Lavasoft Ad-Watch Live! Anti-Virus, C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ( ), 0x71000 ( enabled : updated )
13:06:21.0101 0x08d4 AV detected via SS2: AVG AntiVirus Free Edition 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x41000 ( enabled : updated )
13:06:21.0496 0x08d4 Win FW state via NFP2: enabled
13:06:37.0573 0x08d4 ============================================================
13:06:37.0573 0x08d4 Scan finished
13:06:37.0573 0x08d4 ============================================================
13:06:37.0583 0x1b40 Detected object count: 2
13:06:37.0583 0x1b40 Actual detected object count: 2
13:07:39.0969 0x1b40 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:07:39.0969 0x1b40 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:07:39.0969 0x1b40 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
13:07:39.0969 0x1b40 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip

thanks
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm

Re: Serious malware infection

Unread postby Dakeyras » March 10th, 2014, 2:33 pm

Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a variant of the TDSS Boot type Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Next:

I can attempt to clean this machine(anything I try may not be successful and the machine could loose internet connectivity) but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Serious malware infection

Unread postby thatguy87871 » March 10th, 2014, 3:16 pm

Hi,
Thanks for the help.

Couple of questions before I make a decision,

If I made no "dangerous" transaction when I realized I click on the bad program how much I am at risk? Can they get data from past transactions? .... I changed passwords to everything I could ... Banking seems fine. I will check my identity profile in a couple of month.

If I save data on a USB is there any chances it will be infected?

If there's other computer on the network with wifi internet are they compromised too?

OF course I would really prefer not to format if possible, but it seems like you think the risk is too high to try to remove the malware ...

If I decide to format, I assume it's too late to make a booting disk without an infection which means I would need to buy another Windows system?

Thank you again
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm

Re: Serious malware infection

Unread postby Dakeyras » March 11th, 2014, 5:57 am

Hi. :)

Thanks for the help

You're welcome!

If I made no "dangerous" transaction when I realized I click on the bad program how much I am at risk? Can they get data from past transactions? ....

In all honestly I cannot say as at this juncture I do not know how long your machine was compromised for.

If I save data on a USB is there any chances it will be infected?

I can provide the appropriate instructions regarding the safe transfer and checking anything you may wish to backup etc.

If there's other computer on the network with wifi internet are they compromised too?

There is no indication that your machines TCPIP(transmission control protocol internet protocol) stack is compromised and all that is denoted pertains to your ISP(internet service provider) Videotron Ltee. Though no entries for your actual Router are present, now unless you have file sharing enabled on your LAN(local are network) the other machine(s) should be fine. However to err on the side of caution as I do not know what was removed by say prior scans it would be prudent to reset your Router and apply a new admin password.

OF course I would really prefer not to format if possible, but it seems like you think the risk is too high to try to remove the malware ...

Understandable but the decision is yours to make and whatever you decide I will respect that.

If I decide to format, I assume it's too late to make a booting disk without an infection which means I would need to buy another Windows system?

You could invoke your machine's Recovery Partition and or use the Recovery Manager software, information about this is explained here. I am not sure if you could successfully create a set of Recovery Disks at this time and if you want to it would probably be prudent to try and eradicate the Rootkit first. Though you could always do so after invoking the aforementioned Recovery Partition safely. As it stands you do not need to purchase any Windows 7 Installation Media.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Serious malware infection

Unread postby thatguy87871 » March 12th, 2014, 11:08 am

Thank you for your responses,
I am leaning toward formatting. I will need to read a lot about formatting an use the recovery manager, since my computer came with windows installed. I will have to wait for the weekend to do that since i'll b pretty busy. So how do I make sure any of the data I transfer isn't infected if I put it on a USB key?
thatguy87871
Active Member
 
Posts: 8
Joined: March 7th, 2014, 2:35 pm

Re: Serious malware infection

Unread postby Dakeyras » March 12th, 2014, 11:36 am

Hi. :)

Thank you for your responses,
I am leaning toward formatting. I will need to read a lot about formatting an use the recovery manager, since my computer came with windows installed. I will have to wait for the weekend to do that since i'll b pretty busy.

You're welcome and fair play.

Download/Install & Run Panda USB Vaccine:

Please download the installer for Panda USB Vaccine from here to the desktop.

  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
  • Connect your USB Drive Drive to your machine...it will be automatically vaccinated.
  • Now transfer the files and documents etc what you want to backup to your USB Drive.
Scan your USB Drive:

Click on Computer >> locate your USB Drive >> right click on it and scan with your presently installed security software.

Then safely remove the External Hard Drive Drive from your machine via right-clicking on the Safely Remove Hardware and Eject Media system tray icon and then select Eject USB Mass Storage Device.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Serious malware infection

Unread postby Cypher » March 13th, 2014, 12:28 pm

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 74 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware