Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Infection, Overwhelming Popups, LuckYaShoppper

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 21st, 2014, 9:20 pm

My computer has been overtaken by Malware (or so it seems). It's to the point where browsing online is painful. There are many pop up windows/tabs that appear extremely frequently, and the computer gets bogged down extremely quickly even after a reboot. I've done scans with MalwareBytes and have Symantec Endpoint Protection as my active virus scan. I'll scan with both tools, and will delete/quarantine any items found, but that doesn't seem to take care of the issue.

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280
Run by Matt at 18:08:26 on 2014-09-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.506 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Belkin Storage Manager\StorageManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files\Ruiware\WinPatrol\WinPatrolEx.exe
C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Windows\system32\cleanmgr.exe
C:\Users\Matt\AppData\Local\Temp\2D2A1885-2B5A-49DE-9762-8DE1D7DAFF0B\dismhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Tuguu ... type=ds&q={searchTerms}&installDate=21/01/2014
uSearch Page = hxxp://feed.snapdo.com/?publisher=Tuguu ... type=ds&q={searchTerms}&installDate=21/01/2014
mStart Page = about:blank
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu ... type=ds&q={searchTerms}&installDate=21/01/2014
BHO: Translate Genius: {037f6ebe-1b5b-438b-b4b2-9dc9f17f234d} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Belkin Storage Manager] "c:\program files\belkin storage manager\StorageManager.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6}\353656E6963602055726C696360275962756C6563737 : DHCPNameServer = 10.100.0.1 202.37.101.1 202.37.101.2
TCP: Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6}\3577565647771647562763 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\b97c34uf.default-1391741145504\
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\users\matt\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymDS.sys [2013-10-20 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymEFA.sys [2013-10-20 935512]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\bashdefs\20140913.012\BHDrvx86.sys [2014-9-16 1101616]
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\ccSetx86.sys [2013-10-20 134744]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\ipsdefs\20140915.011\IDSvix86.sys [2014-9-16 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\Ironx86.sys [2013-10-20 175192]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\symnets.sys [2013-10-20 341080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-12 111408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-2-7 16024]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-5-18 89856]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-5-18 184192]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\SyDvCtrl32.sys [2013-10-20 28576]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-21 52224]
.
=============== Created Last 30 ================
.
2014-09-22 00:38:50 -------- d-----w- c:\users\matt\appdata\roaming\WinPatrol
2014-09-22 00:37:46 -------- d-----w- c:\program files\Ruiware
2014-09-22 00:37:45 -------- d-----w- c:\programdata\InstallMate
2014-09-19 19:07:50 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad5af447-5db8-49dd-aca0-1c71a968849c}\offreg.dll
2014-09-19 19:01:59 23864 ----a-w- c:\program files\mozilla firefox\updated\components\Scriptff.dll
2014-09-19 19:01:59 2106216 ----a-w- c:\program files\mozilla firefox\updated\D3DCompiler_43.dll
2014-09-19 19:01:59 114288 ----a-w- c:\program files\mozilla firefox\updated\crashreporter.exe
2014-09-19 19:01:56 74864 ----a-w- c:\program files\mozilla firefox\updated\breakpadinjector.dll
2014-09-19 19:01:56 47216 ----a-w- c:\program files\mozilla firefox\updated\browser\components\browsercomps.dll
2014-09-19 19:01:56 20080 ----a-w- c:\program files\mozilla firefox\updated\AccessibleMarshal.dll
2014-09-19 19:00:13 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad5af447-5db8-49dd-aca0-1c71a968849c}\mpengine.dll
2014-09-13 18:33:02 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-12 23:20:45 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-12 23:20:45 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-12 23:19:17 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-12 23:19:07 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-12 23:18:49 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-12 23:18:48 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-06 21:24:17 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-06 21:24:16 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-06 20:42:12 -------- d-----w- c:\programdata\RoyallShopperApp
.
==================== Find3M ====================
.
2014-09-10 06:17:08 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 03:33:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 03:33:35 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-25 13:53:44 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 09:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 01:44:26 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-07-23 01:32:41 33264 ----a-w- c:\windows\system32\drivers\WGX.SYS
2014-07-23 01:32:40 420752 ----a-w- c:\windows\system32\SymVPN.dll
2014-07-23 01:32:39 136080 ----a-w- c:\windows\system32\FwsVpn.dll
2014-07-23 01:32:39 11152 ----a-w- c:\windows\system32\sysferThunk.dll
2014-07-23 01:32:38 361360 ----a-w- c:\windows\system32\sysfer.dll
2014-07-23 01:32:38 126440 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-06-30 22:14:53 8856 ----a-w- c:\windows\system32\icardres.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C41000]<< >>UNKNOWN [0x893B4000]<< >>UNKNOWN [0x89400000]<< >>UNKNOWN [0x88CC9000]<< >>UNKNOWN [0x82C0A000]<< >>UNKNOWN [0x833B7000]<< >>UNKNOWN [0x88DD6000]<< >>UNKNOWN [0x8F0DB000]<< >>UNKNOWN [0x88D7B000]<< >>UNKNOWN [0x8923A000]<< >>UNKNOWN [0x88FD8000]<< >>UNKNOWN [0x88C00000]<< >>UNKNOWN [0x8F681000]<< >>UNKNOWN [0x8959A000]<< >>UNKNOWN [0x89355000]<< >>UNKNOWN [0x89382000]<< >>UNKNOWN [0x99414000]<< >>UNKNOWN [0x94F47000]<< >>UNKNOWN [0x94814000]<< >>UNKNOWN [0x88DDD000]<< >>UNKNOWN [0x88C28000]<< >>UNKNOWN [0x88D57000]<< >>UNKNOWN [0x89035000]<< >>UNKNOWN [0x832A0000]<< >>UNKNOWN [0x9294D000]<< >>UNKNOWN [0x9988C000]<< >>UNKNOWN [0x82D6190B]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\Harddisk0\DR0[0x85C52030]
\Driver\Disk[0x85C50620] -> IRP_MJ_CREATE -> 0x893B839F
3 [0x893B859E] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x857D0270]
\Driver\ACPI[0x84E59B48] -> IRP_MJ_CREATE -> 0x88CD24CC
5 [0x88CD23D4] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\Ide\IdeDeviceP0T0L0-0[0x857D7030]
\Driver\atapi[0x857CE418] -> IRP_MJ_CREATE -> 0x833D18CE
7 [0x82E37AE7] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\HarddiskVolume2[0x85C54DE0]
\Driver\volmgr[0x857C4F38] -> IRP_MJ_CREATE -> 0x88D7C49A
9 [0x82E87511] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\MountPointManager[0x857CED90]
\Driver\mountmgr[0x857CD858] -> IRP_MJ_CREATE -> 0x88C07E84
11 [0x82E73C90] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\MountPointManager[0x857CED90]
\Driver\mountmgr[0x857CD858] -> IRP_MJ_CREATE -> 0x88C07E84
13 [0x82E37B8C] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\MountPointManager[0x857CED90]
\Driver\mountmgr[0x857CD858] -> IRP_MJ_CREATE -> 0x88C07E84
15 [0x82E87511] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x85C58020]
\Driver\volsnap[0x85C1D7B0] -> IRP_MJ_CREATE -> 0x895CC038
17 [0x895CC056] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x85C55B08]
\Driver\rdyboost[0x85C1ABF0] -> IRP_MJ_CREATE -> 0x8935C0A6
19 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x85C56BE8]
\Driver\fvevol[0x85C1AE00] -> IRP_MJ_CREATE -> 0x89383836
21 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
23 [0x82E73C90] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
25 [0x8959D92E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
27 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
29 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
31 [0x88C09036] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
33 [0x895CA211] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
35 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
37 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
39 [0x88C09036] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
41 [0x895CA211] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
43 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
45 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
47 [0x82E72BF1] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
49 [0x895A4D4B] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
51 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
53 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
55 [0x82E37C28] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
57 [0x895ABC85] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
59 [0x89361774] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
61 [0x8938346F] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
63 [0x88D7C9A8] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
65 [0x88D58111] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
67 [0x893B859E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
69 [0x88CD23D4] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
71 [0x893B859E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
73 [0x88CD23D4] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
75 [0x82E73C90] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
77 [0x8959D92E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
79 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
81 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
83 [0x88C09036] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
85 [0x895CA211] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
87 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
89 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:11:24.45 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2011 7:29:07 PM
System Uptime: 9/14/2014 8:50:58 PM (166 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 14.376 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_046D&PID_08C6&MI_00\6&2736F340&0&0000
Manufacturer:
Name:
PNP Device ID: USB\VID_046D&PID_08C6&MI_00\6&2736F340&0&0000
Service:
.
==== System Restore Points ===================
.
RP330: 9/19/2014 11:58:21 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader 9.5.4
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Storage Manager
Bonjour
Camtasia Studio 7
CaptureWizPro 4.40
Conexant HDA D110 MDC V.92 Modem
FLV Player
Free Mp3 Wma Converter V 2.2
Google Chrome
HyperCam 2
iExplorer 3.2.5.0
IObit Malware Fighter
iTunes
Logitech QuickCam
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyFreeCodec
NVIDIA Drivers
Optimizer Pro v3.2
PDF reDirect (remove only)
QuickTime
RICOH Media Driver ver.2.07.01.04
Samsung Kies3
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.6005)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Spybot - Search & Destroy
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Torch
Translate Genius
TrueCrypt
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.6
WinPatrol
WinRAR 4.01 (32-bit)
.
==== End Of File ===========================
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm
Advertisement
Register to Remove

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby askey127 » September 22nd, 2014, 7:26 am

Looking at your logs.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby askey127 » September 22nd, 2014, 7:37 am

Hi MDSteg,
You have Symantec Endpoint Protection, and an Enterprise version of MS Office.
These are both designed for Corporate rather than home use.
What can you tell me about them?
---------------------------------------------
Before We Start, Some Notes On This Process
During this repair, we may need to remove some obsolete programs, and some which interfere with our tools.
If that is the case, we will install replacements later.
Please do not install, uninstall, delete or scan with anything, unless I ask, until we are through fixing the machine.
Please use Notepad to paste all the requested log replies. Notepad's Format >Wordwrap should be turned OFF (unchecked).
-----------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled "Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

µTorrent
Adobe Reader 9.5.4
Advanced SystemCare 6
IObit Malware Fighter
Optimizer Pro v3.2
Torch

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right Click on TDSSKiller.exe and select "Run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected...
    • let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be unchecked/ignored) & then choose reboot.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 22nd, 2014, 1:51 pm

Askey127,

Thanks for the prompt investigation and reply.

Regarding Symantec and Enterprise MS Office...
Both were provided by my company for home use.

Along these lines, before installing Symantec, my previous anti-virus software was provided by my university for home use when I was a student. I had been using that software (I believe it was Mcafee) for the past 7 years or so since graduating (the license allowed for regular virus definition updates). However, that software (or maybe just my license from school) was being obsoleted/discontinued, and would no longer be providing virus definition updates, so I got a license for Symantec from work, and uninstalled Mcafee and installed Symantec. This seemed to open up the flood gates for Malware as it wasn't very long after that my computer started getting a lot of pop-ups and was generally getting bogged down. I began manually sweeping with Malwarebytes and Symatec on a somewhat routine basis (or at least a whole lot more than I ever had to before swapping to Symantec), and the sweeps would find items that I'd quarantine or delete, but would not really take care of the infection as my computer remained "laggy," and the next time I'd sweep, I'd still find issues.

I'm at work now, but once I'm home this evening I'll take the actions you recommended and will report back.

Thanks again for your help!

-Matt
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 23rd, 2014, 3:03 am

TDSSKiller Log File:
Entire message contained >5000 characters over the limit. Have broken log file into two posts.

23:53:59.0483 0x0a40 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:54:37.0599 0x0a40 ============================================================
23:54:37.0599 0x0a40 Current date / time: 2014/09/22 23:54:37.0599
23:54:37.0599 0x0a40 SystemInfo:
23:54:37.0599 0x0a40
23:54:37.0599 0x0a40 OS Version: 6.1.7601 ServicePack: 1.0
23:54:37.0599 0x0a40 Product type: Workstation
23:54:37.0599 0x0a40 ComputerName: LAPTOP
23:54:37.0599 0x0a40 UserName: Matt
23:54:37.0599 0x0a40 Windows directory: C:\Windows
23:54:37.0599 0x0a40 System windows directory: C:\Windows
23:54:37.0599 0x0a40 Processor architecture: Intel x86
23:54:37.0599 0x0a40 Number of processors: 2
23:54:37.0599 0x0a40 Page size: 0x1000
23:54:37.0599 0x0a40 Boot type: Normal boot
23:54:37.0599 0x0a40 ============================================================
23:55:10.0608 0x0a40 KLMD registered as C:\Windows\system32\drivers\46693489.sys
23:55:16.0373 0x0a40 System UUID: {4BB37A81-17A8-3CF6-9D85-18811BD45251}
23:55:23.0367 0x0a40 Drive \Device\Harddisk0\DR0 - Size: 0x1B98B79400 ( 110.39 Gb ), SectorSize: 0x200, Cylinders: 0x384A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:55:23.0477 0x0a40 ============================================================
23:55:23.0477 0x0a40 \Device\Harddisk0\DR0:
23:55:23.0537 0x0a40 MBR partitions:
23:55:23.0537 0x0a40 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0xD56F0AB
23:55:23.0537 0x0a40 ============================================================
23:55:23.0847 0x0a40 C: <-> \Device\Harddisk0\DR0\Partition1
23:55:24.0147 0x0a40 ============================================================
23:55:24.0147 0x0a40 Initialize success
23:55:24.0147 0x0a40 ============================================================
23:55:34.0483 0x086c ============================================================
23:55:34.0483 0x086c Scan started
23:55:34.0483 0x086c Mode: Manual;
23:55:34.0483 0x086c ============================================================
23:55:34.0483 0x086c KSN ping started
23:55:37.0404 0x086c KSN ping finished: true
23:55:46.0395 0x086c ================ Scan system memory ========================
23:55:46.0395 0x086c System memory - ok
23:55:46.0395 0x086c ================ Scan services =============================
23:55:54.0176 0x086c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:55:54.0196 0x086c 1394ohci - ok
23:55:54.0546 0x086c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:55:54.0576 0x086c ACPI - ok
23:55:54.0736 0x086c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:55:54.0766 0x086c AcpiPmi - ok
23:55:55.0507 0x086c [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:55:55.0567 0x086c AdobeFlashPlayerUpdateSvc - ok
23:55:55.0917 0x086c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:55:55.0957 0x086c adp94xx - ok
23:55:56.0187 0x086c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:55:56.0227 0x086c adpahci - ok
23:55:56.0367 0x086c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:55:56.0377 0x086c adpu320 - ok
23:55:56.0447 0x086c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:55:56.0447 0x086c AeLookupSvc - ok
23:55:56.0757 0x086c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
23:55:56.0777 0x086c AFD - ok
23:55:56.0897 0x086c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:55:56.0967 0x086c agp440 - ok
23:55:57.0187 0x086c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:55:57.0207 0x086c aic78xx - ok
23:55:57.0477 0x086c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
23:55:57.0507 0x086c ALG - ok
23:55:57.0677 0x086c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
23:55:57.0737 0x086c aliide - ok
23:55:57.0787 0x086c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:55:57.0837 0x086c amdagp - ok
23:55:57.0867 0x086c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
23:55:57.0887 0x086c amdide - ok
23:55:58.0027 0x086c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:55:58.0067 0x086c AmdK8 - ok
23:55:58.0157 0x086c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:55:58.0187 0x086c AmdPPM - ok
23:55:58.0377 0x086c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:55:58.0407 0x086c amdsata - ok
23:55:58.0607 0x086c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:55:58.0637 0x086c amdsbs - ok
23:55:58.0797 0x086c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:55:58.0857 0x086c amdxata - ok
23:55:59.0089 0x086c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
23:55:59.0159 0x086c AppID - ok
23:55:59.0329 0x086c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:55:59.0369 0x086c AppIDSvc - ok
23:55:59.0649 0x086c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
23:55:59.0659 0x086c Appinfo - ok
23:56:00.0769 0x086c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:56:00.0809 0x086c Apple Mobile Device - ok
23:56:01.0089 0x086c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:56:01.0119 0x086c AppMgmt - ok
23:56:01.0279 0x086c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:56:01.0319 0x086c arc - ok
23:56:01.0369 0x086c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:56:01.0409 0x086c arcsas - ok
23:56:03.0049 0x086c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:56:03.0489 0x086c aspnet_state - ok
23:56:03.0599 0x086c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:56:03.0629 0x086c AsyncMac - ok
23:56:03.0759 0x086c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
23:56:03.0759 0x086c atapi - ok
23:56:03.0949 0x086c [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:56:03.0999 0x086c AudioEndpointBuilder - ok
23:56:04.0109 0x086c [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:56:04.0129 0x086c Audiosrv - ok
23:56:04.0269 0x086c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:56:04.0329 0x086c AxInstSV - ok
23:56:04.0639 0x086c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:56:04.0699 0x086c b06bdrv - ok
23:56:04.0869 0x086c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:56:04.0929 0x086c b57nd60x - ok
23:56:05.0179 0x086c [ 82DD21BFA8BBE0A3A3833A1BD8E86158, 72975911934948B47D4E88BCF1A6260185E6F1C451BEB62DD3F3A238DC7EE3C2 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:56:05.0209 0x086c bcm4sbxp - ok
23:56:05.0490 0x086c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
23:56:05.0520 0x086c BDESVC - ok
23:56:05.0750 0x086c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
23:56:05.0790 0x086c Beep - ok
23:56:06.0350 0x086c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
23:56:06.0400 0x086c BFE - ok
23:56:07.0710 0x086c [ 5A55D8D9340A00B3BD2CC3413B4CB0C0, 438BB95072EC14AD597CFEF040CA7FDE8D46E4AAEE9145AC1014522F1842F713 ] BHDrvx86 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx86.sys
23:56:07.0820 0x086c BHDrvx86 - ok
23:56:08.0240 0x086c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
23:56:08.0280 0x086c BITS - ok
23:56:08.0320 0x086c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:56:08.0380 0x086c blbdrive - ok
23:56:08.0760 0x086c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:56:08.0800 0x086c Bonjour Service - ok
23:56:08.0970 0x086c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:56:08.0990 0x086c bowser - ok
23:56:09.0110 0x086c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:56:09.0170 0x086c BrFiltLo - ok
23:56:09.0250 0x086c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:56:09.0291 0x086c BrFiltUp - ok
23:56:09.0461 0x086c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
23:56:09.0511 0x086c Browser - ok
23:56:09.0781 0x086c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:56:09.0801 0x086c Brserid - ok
23:56:09.0861 0x086c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:56:09.0881 0x086c BrSerWdm - ok
23:56:09.0981 0x086c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:56:10.0011 0x086c BrUsbMdm - ok
23:56:10.0061 0x086c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:56:10.0101 0x086c BrUsbSer - ok
23:56:10.0551 0x086c [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:56:10.0611 0x086c BthEnum - ok
23:56:10.0681 0x086c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:56:10.0701 0x086c BTHMODEM - ok
23:56:10.0911 0x086c [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:56:10.0961 0x086c BthPan - ok
23:56:11.0331 0x086c [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:56:11.0401 0x086c BTHPORT - ok
23:56:11.0721 0x086c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
23:56:13.0843 0x086c bthserv - ok
23:56:13.0961 0x086c [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:56:13.0974 0x086c BTHUSB - ok
23:56:14.0373 0x086c [ 0D38EFACCEE90AD18740D28D1AE765CC, 6DFD6968F005F18D9E81AAE0729C91B2862010706A9FBB9A54809A87A632958A ] ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450} C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys
23:56:14.0883 0x086c ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450} - ok
23:56:15.0053 0x086c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:56:15.0373 0x086c cdfs - ok
23:56:15.0623 0x086c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:56:15.0683 0x086c cdrom - ok
23:56:16.0013 0x086c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
23:56:16.0055 0x086c CertPropSvc - ok
23:56:16.0215 0x086c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:56:16.0265 0x086c circlass - ok
23:56:16.0405 0x086c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
23:56:16.0425 0x086c CLFS - ok
23:56:17.0537 0x086c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:56:18.0007 0x086c clr_optimization_v2.0.50727_32 - ok
23:56:18.0357 0x086c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:56:20.0077 0x086c clr_optimization_v4.0.30319_32 - ok
23:56:20.0167 0x086c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:56:20.0227 0x086c CmBatt - ok
23:56:20.0348 0x086c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:56:20.0358 0x086c cmdide - ok
23:56:20.0558 0x086c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
23:56:20.0598 0x086c CNG - ok
23:56:21.0028 0x086c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:56:21.0168 0x086c Compbatt - ok
23:56:21.0368 0x086c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:56:21.0388 0x086c CompositeBus - ok
23:56:21.0618 0x086c COMSysApp - ok
23:56:21.0738 0x086c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:56:21.0788 0x086c crcdisk - ok
23:56:22.0128 0x086c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:56:22.0228 0x086c CryptSvc - ok
23:56:22.0488 0x086c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
23:56:22.0508 0x086c CSC - ok
23:56:22.0948 0x086c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
23:56:22.0998 0x086c CscService - ok
23:56:23.0198 0x086c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
23:56:23.0288 0x086c DcomLaunch - ok
23:56:23.0450 0x086c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
23:56:23.0510 0x086c defragsvc - ok
23:56:23.0610 0x086c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:56:23.0670 0x086c DfsC - ok
23:56:23.0860 0x086c [ 1D93C52AF82D68CFF028B51AA8E024C6, D68DBA930EF89FD3A6D7FF889722EE458D52550411FA399CF20F3BA62AAB9FBA ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:56:23.0880 0x086c dg_ssudbus - ok
23:56:24.0200 0x086c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:56:24.0250 0x086c Dhcp - ok
23:56:24.0331 0x086c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
23:56:24.0331 0x086c discache - ok
23:56:24.0481 0x086c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:56:24.0531 0x086c Disk - ok
23:56:24.0653 0x086c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:56:24.0693 0x086c Dnscache - ok
23:56:24.0843 0x086c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
23:56:24.0893 0x086c dot3svc - ok
23:56:25.0473 0x086c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
23:56:25.0513 0x086c DPS - ok
23:56:25.0683 0x086c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:56:25.0703 0x086c drmkaud - ok
23:56:25.0953 0x086c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:56:26.0003 0x086c DXGKrnl - ok
23:56:26.0193 0x086c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
23:56:26.0243 0x086c EapHost - ok
23:56:27.0965 0x086c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:56:28.0225 0x086c ebdrv - ok
23:56:28.0715 0x086c [ 8CEAC32AD17E06113DB87150C214E237, 2ECEB4216E7874E3240161B26D983B3D1202D30DDD2E524B1FA8A11690B0E239 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:56:28.0755 0x086c eeCtrl - ok
23:56:28.0885 0x086c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
23:56:29.0025 0x086c EFS - ok
23:56:29.0935 0x086c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:56:30.0055 0x086c ehRecvr - ok
23:56:30.0185 0x086c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
23:56:30.0235 0x086c ehSched - ok
23:56:30.0535 0x086c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:56:30.0565 0x086c elxstor - ok
23:56:30.0835 0x086c [ 54BDBCA093814E7002723C424C0FA3F6, 677237F6898D0B96ADBB3C2BEFB6B15DF560005E31DC09799C0948C92497D58B ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:56:30.0885 0x086c EraserUtilRebootDrv - ok
23:56:30.0975 0x086c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:56:30.0985 0x086c ErrDev - ok
23:56:31.0345 0x086c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
23:56:31.0405 0x086c EventSystem - ok
23:56:31.0505 0x086c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
23:56:31.0545 0x086c exfat - ok
23:56:31.0697 0x086c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:56:31.0727 0x086c fastfat - ok
23:56:32.0067 0x086c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
23:56:32.0087 0x086c Fax - ok
23:56:32.0137 0x086c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:56:32.0187 0x086c fdc - ok
23:56:32.0287 0x086c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
23:56:32.0287 0x086c fdPHost - ok
23:56:32.0377 0x086c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
23:56:32.0427 0x086c FDResPub - ok
23:56:32.0517 0x086c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:56:32.0537 0x086c FileInfo - ok
23:56:32.0577 0x086c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:56:32.0627 0x086c Filetrace - ok
23:56:32.0707 0x086c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:56:32.0737 0x086c flpydisk - ok
23:56:32.0887 0x086c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:56:32.0947 0x086c FltMgr - ok
23:56:33.0627 0x086c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
23:56:33.0707 0x086c FontCache - ok
23:56:33.0949 0x086c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:56:33.0964 0x086c FontCache3.0.0.0 - ok
23:56:34.0009 0x086c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:56:34.0069 0x086c FsDepends - ok
23:56:34.0199 0x086c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:56:34.0239 0x086c Fs_Rec - ok
23:56:34.0519 0x086c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:56:34.0559 0x086c fvevol - ok
23:56:35.0029 0x086c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:56:35.0229 0x086c gagp30kx - ok
23:56:35.0329 0x086c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:56:35.0359 0x086c GEARAspiWDM - ok
23:56:35.0849 0x086c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
23:56:36.0039 0x086c gpsvc - ok
23:56:36.0249 0x086c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:56:36.0279 0x086c hcw85cir - ok
23:56:36.0679 0x086c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:56:36.0719 0x086c HdAudAddService - ok
23:56:36.0839 0x086c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:56:36.0969 0x086c HDAudBus - ok
23:56:37.0089 0x086c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:56:37.0149 0x086c HidBatt - ok
23:56:37.0339 0x086c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:56:37.0429 0x086c HidBth - ok
23:56:37.0539 0x086c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:56:37.0659 0x086c HidIr - ok
23:56:37.0759 0x086c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
23:56:37.0779 0x086c hidserv - ok
23:56:38.0079 0x086c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:56:38.0089 0x086c HidUsb - ok
23:56:38.0199 0x086c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
23:56:38.0229 0x086c hkmsvc - ok
23:56:38.0379 0x086c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:56:38.0399 0x086c HomeGroupListener - ok
23:56:38.0689 0x086c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:56:38.0739 0x086c HomeGroupProvider - ok
23:56:38.0919 0x086c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:56:38.0939 0x086c HpSAMD - ok
23:56:39.0739 0x086c [ E8EC1767EA315A39A0DD8989952CA0E9, E7586CF0D4F2898E551E51035D7979B6EAF5E20B40FDDFA6297B84E171DB9016 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:56:39.0789 0x086c HSF_DPV - ok
23:56:39.0899 0x086c [ 61478FA42EE04562E7F11F4DCA87E9C8, 3F54BE008E0D109B00BC2B069B5D509FE784D399B0F5E856E651B12021F0DBA0 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:56:39.0939 0x086c HSXHWAZL - ok
23:56:40.0331 0x086c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:56:40.0451 0x086c HTTP - ok
23:56:40.0551 0x086c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:56:40.0551 0x086c hwpolicy - ok
23:56:40.0853 0x086c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:56:40.0863 0x086c i8042prt - ok
23:56:41.0053 0x086c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:56:41.0123 0x086c iaStorV - ok
23:56:41.0723 0x086c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:56:41.0903 0x086c idsvc - ok
23:56:42.0443 0x086c [ FFBDBF55501225FA6D2679FEB4BCD664, C99EC87E08EACEBAAD82428B7B3A31701F44558EB65A36777E1E2C23CD6A7086 ] IDSVix86 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140922.011\IDSvix86.sys
23:56:42.0463 0x086c IDSVix86 - ok
23:56:42.0573 0x086c IEEtwCollectorService - ok
23:56:42.0723 0x086c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:56:42.0743 0x086c iirsp - ok
23:56:43.0063 0x086c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
23:56:43.0133 0x086c IKEEXT - ok
23:56:43.0253 0x086c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
23:56:43.0293 0x086c intelide - ok
23:56:43.0423 0x086c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:56:43.0423 0x086c intelppm - ok
23:56:43.0493 0x086c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:56:43.0533 0x086c IPBusEnum - ok
23:56:43.0603 0x086c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:56:43.0633 0x086c IpFilterDriver - ok
23:56:43.0873 0x086c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:56:43.0925 0x086c iphlpsvc - ok
23:56:43.0983 0x086c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:56:43.0994 0x086c IPMIDRV - ok
23:56:44.0085 0x086c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:56:44.0125 0x086c IPNAT - ok
23:56:44.0596 0x086c [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:56:44.0656 0x086c iPod Service - ok
23:56:44.0698 0x086c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:56:44.0738 0x086c IRENUM - ok
23:56:44.0858 0x086c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:56:44.0898 0x086c isapnp - ok
23:56:45.0128 0x086c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:56:45.0168 0x086c iScsiPrt - ok
23:56:45.0248 0x086c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:56:45.0268 0x086c kbdclass - ok
23:56:45.0368 0x086c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:56:45.0398 0x086c kbdhid - ok
23:56:45.0448 0x086c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
23:56:45.0459 0x086c KeyIso - ok
23:56:45.0510 0x086c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:56:45.0550 0x086c KSecDD - ok
23:56:45.0730 0x086c [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:56:45.0760 0x086c KSecPkg - ok
23:56:45.0930 0x086c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:56:45.0970 0x086c KtmRm - ok
23:56:46.0280 0x086c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:56:46.0290 0x086c LanmanServer - ok
23:56:46.0400 0x086c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:56:46.0440 0x086c LanmanWorkstation - ok
23:56:46.0610 0x086c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:56:46.0630 0x086c lltdio - ok
23:56:46.0760 0x086c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:56:46.0790 0x086c lltdsvc - ok
23:56:46.0850 0x086c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:56:46.0870 0x086c lmhosts - ok
23:56:46.0980 0x086c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:56:47.0010 0x086c LSI_FC - ok
23:56:47.0180 0x086c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:56:47.0220 0x086c LSI_SAS - ok
23:56:47.0390 0x086c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:56:47.0450 0x086c LSI_SAS2 - ok
23:56:47.0530 0x086c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:56:47.0740 0x086c LSI_SCSI - ok
23:56:47.0900 0x086c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
23:56:47.0950 0x086c luafv - ok
23:56:48.0770 0x086c [ DBBFDA5F1A763D72654FCAE3713308B0, F137DDD8FEF79440650EB0B729C3AE66CAF2BC9A7B770A7C4463588AE47D3A25 ] LVcKap C:\Windows\system32\DRIVERS\LVcKap.sys
23:56:48.0882 0x086c LVcKap - ok
23:56:49.0794 0x086c [ ABC526D47203D5D85699C92A90E4676C, C51D2928ACF86C08AFC4DA03BAF1964ED477091DD4D0A4817308993181C55B5E ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
23:56:49.0934 0x086c LVMVDrv - ok
23:56:50.0334 0x086c [ 50A57D0000AD06FEB085C241CE51AE95, B8E7412ABB4A0216153C368740B2219084EDB2696EE3B7A77B7A974660A3AB1E ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
23:56:50.0334 0x086c LVPr2Mon - ok
23:56:50.0554 0x086c [ 0DC0A489EFD3C272EC2A84229E6C8F4E, 207503AD1093954E3E0F41A02C98DBFB9CB6C59FB01ACB5A84B28EE06C25BEEA ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
23:56:50.0564 0x086c LVPrcSrv - ok
23:56:50.0904 0x086c [ DF49109A174E8CAA29D829BF22C0D636, 57317C98D3C23AAB26661FF2D37C9253C2485E0665E77665C7012E6B4F2E7F5A ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
23:56:50.0904 0x086c LVSrvLauncher - ok
23:56:51.0076 0x086c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:56:51.0206 0x086c Mcx2Svc - ok
23:56:51.0358 0x086c [ E246A32C445056996074A397DA56E815, 5CD5B22840151CAC1FC990C3E468E5382DCC3F89EFD8CE422B9B10B5BEB6F990 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:56:51.0388 0x086c mdmxsdk - ok
23:56:51.0428 0x086c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:56:51.0448 0x086c megasas - ok
23:56:51.0708 0x086c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:56:51.0768 0x086c MegaSR - ok
23:56:52.0558 0x086c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:56:52.0568 0x086c Microsoft Office Groove Audit Service - ok
23:56:52.0698 0x086c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
23:56:52.0708 0x086c MMCSS - ok
23:56:52.0838 0x086c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
23:56:52.0838 0x086c Modem - ok
23:56:52.0928 0x086c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:56:52.0928 0x086c monitor - ok
23:56:53.0098 0x086c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:56:53.0178 0x086c mouclass - ok
23:56:53.0468 0x086c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:56:53.0518 0x086c mouhid - ok
23:56:53.0608 0x086c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:56:53.0658 0x086c mountmgr - ok
23:56:54.0028 0x086c [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:56:54.0088 0x086c MozillaMaintenance - ok
23:56:54.0148 0x086c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
23:56:54.0208 0x086c mpio - ok
23:56:54.0368 0x086c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:56:54.0388 0x086c mpsdrv - ok
23:56:54.0908 0x086c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:56:54.0998 0x086c MpsSvc - ok
23:56:55.0198 0x086c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:56:55.0258 0x086c MRxDAV - ok
23:56:55.0669 0x086c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:56:55.0729 0x086c mrxsmb - ok
23:56:55.0839 0x086c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:56:55.0949 0x086c mrxsmb10 - ok
23:56:56.0019 0x086c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:56:56.0069 0x086c mrxsmb20 - ok
23:56:56.0159 0x086c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
23:56:56.0179 0x086c msahci - ok
23:56:56.0239 0x086c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:56:56.0259 0x086c msdsm - ok
23:56:56.0329 0x086c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
23:56:56.0349 0x086c MSDTC - ok
23:56:56.0541 0x086c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:56:56.0591 0x086c Msfs - ok
23:56:56.0681 0x086c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:56:56.0701 0x086c mshidkmdf - ok
23:56:56.0961 0x086c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:56:57.0051 0x086c msisadrv - ok
23:56:57.0361 0x086c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:56:57.0431 0x086c MSiSCSI - ok
23:56:57.0451 0x086c msiserver - ok
23:56:57.0643 0x086c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:56:57.0663 0x086c MSKSSRV - ok
23:56:57.0773 0x086c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:56:57.0803 0x086c MSPCLOCK - ok
23:56:57.0843 0x086c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:56:57.0873 0x086c MSPQM - ok
23:56:57.0965 0x086c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:56:57.0985 0x086c MsRPC - ok
23:56:58.0095 0x086c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:56:58.0095 0x086c mssmbios - ok
23:56:58.0315 0x086c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:56:58.0655 0x086c MSTEE - ok
23:56:58.0755 0x086c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:56:58.0805 0x086c MTConfig - ok
23:56:58.0895 0x086c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
23:56:58.0915 0x086c Mup - ok
23:56:59.0125 0x086c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
23:56:59.0165 0x086c napagent - ok
23:56:59.0435 0x086c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:56:59.0455 0x086c NativeWifiP - ok
23:56:59.0925 0x086c [ 339D6CD79DFCB48EF125A89949ED54B4, D3C6F56363F0FA9A45C3560816DD7533C7D15D7DCC78346A4A48C29EA86D9439 ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140922.018\NAVENG.SYS
23:56:59.0975 0x086c NAVENG - ok
23:57:00.0875 0x086c [ 2061D3961C053AA0C55A20F6184DA4CF, 4D50107E7245ED58B943BA536B6B69A6C7465202DCE78135BB0FD5EF2EF02FB3 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140922.018\NAVEX15.SYS
23:57:00.0995 0x086c NAVEX15 - ok
23:57:01.0355 0x086c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:57:01.0405 0x086c NDIS - ok
23:57:01.0505 0x086c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:57:01.0525 0x086c NdisCap - ok
23:57:01.0585 0x086c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:57:01.0625 0x086c NdisTapi - ok
23:57:01.0815 0x086c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:57:01.0855 0x086c Ndisuio - ok
23:57:01.0925 0x086c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:57:01.0945 0x086c NdisWan - ok
23:57:02.0065 0x086c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:57:02.0115 0x086c NDProxy - ok
23:57:02.0275 0x086c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:57:02.0305 0x086c NetBIOS - ok
23:57:02.0415 0x086c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:57:02.0465 0x086c NetBT - ok
23:57:02.0495 0x086c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
23:57:02.0555 0x086c Netlogon - ok
23:57:02.0755 0x086c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
23:57:02.0795 0x086c Netman - ok
23:57:03.0025 0x086c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:57:03.0765 0x086c NetMsmqActivator - ok
23:57:03.0955 0x086c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:57:03.0955 0x086c NetPipeActivator - ok
23:57:04.0305 0x086c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
23:57:04.0365 0x086c netprofm - ok
23:57:04.0465 0x086c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:57:04.0475 0x086c NetTcpActivator - ok
23:57:04.0575 0x086c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:57:04.0585 0x086c NetTcpPortSharing - ok
23:57:06.0205 0x086c [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
23:57:06.0457 0x086c netw5v32 - ok
23:57:06.0627 0x086c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:57:06.0667 0x086c nfrd960 - ok
23:57:06.0837 0x086c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:57:06.0877 0x086c NlaSvc - ok
23:57:06.0947 0x086c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:57:06.0967 0x086c Npfs - ok
23:57:07.0027 0x086c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
23:57:07.0137 0x086c nsi - ok
23:57:07.0167 0x086c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:57:07.0167 0x086c nsiproxy - ok
23:57:07.0737 0x086c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:57:07.0857 0x086c Ntfs - ok
23:57:07.0967 0x086c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
23:57:08.0007 0x086c Null - ok
23:57:11.0157 0x086c [ 05B288B25C2EBD9A4E9E5114AE790876, 84EFC4983DC1D679EC19E8A427B96351628CD3ECBF5D22CF1F7E984540D129A2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:57:11.0587 0x086c nvlddmkm - ok
23:57:11.0677 0x086c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:57:11.0697 0x086c nvraid - ok
23:57:11.0747 0x086c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:57:11.0837 0x086c nvstor - ok
23:57:12.0017 0x086c [ E937A615D4289E83E234C3EC26092431, C7C1BFBBC2592AFC45F71AC6C474000AA4F4D2A1593D5075036EB3201E1E3C19 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:57:12.0067 0x086c nvsvc - ok
23:57:12.0157 0x086c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:57:12.0257 0x086c nv_agp - ok
23:57:12.0927 0x086c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:57:12.0967 0x086c odserv - ok
23:57:13.0069 0x086c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:57:13.0119 0x086c ohci1394 - ok
23:57:13.0501 0x086c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:57:13.0511 0x086c ose - ok
23:57:13.0721 0x086c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:57:13.0761 0x086c p2pimsvc - ok
23:57:13.0931 0x086c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
23:57:13.0981 0x086c p2psvc - ok
23:57:14.0101 0x086c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:57:14.0151 0x086c Parport - ok
23:57:14.0231 0x086c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:57:14.0251 0x086c partmgr - ok
23:57:14.0331 0x086c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:57:14.0351 0x086c Parvdm - ok
23:57:14.0461 0x086c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:57:14.0521 0x086c PcaSvc - ok
23:57:14.0671 0x086c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
23:57:14.0711 0x086c pci - ok
23:57:14.0821 0x086c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
23:57:14.0851 0x086c pciide - ok
23:57:15.0011 0x086c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:57:15.0041 0x086c pcmcia - ok
23:57:15.0061 0x086c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
23:57:15.0131 0x086c pcw - ok
23:57:15.0361 0x086c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:57:15.0411 0x086c PEAUTH - ok
23:57:15.0811 0x086c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:57:15.0891 0x086c PeerDistSvc - ok
23:57:16.0501 0x086c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
23:57:16.0621 0x086c pla - ok
23:57:16.0881 0x086c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:57:16.0911 0x086c PlugPlay - ok
23:57:17.0021 0x086c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:57:17.0051 0x086c PNRPAutoReg - ok
23:57:17.0191 0x086c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:57:17.0201 0x086c PNRPsvc - ok
23:57:17.0421 0x086c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:57:17.0451 0x086c PolicyAgent - ok
23:57:17.0601 0x086c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
23:57:17.0661 0x086c Power - ok
23:57:17.0791 0x086c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:57:17.0811 0x086c PptpMiniport - ok
23:57:17.0841 0x086c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:57:17.0873 0x086c Processor - ok
23:57:18.0013 0x086c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:57:18.0113 0x086c ProfSvc - ok
23:57:18.0163 0x086c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:57:18.0173 0x086c ProtectedStorage - ok
23:57:18.0373 0x086c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:57:18.0403 0x086c Psched - ok
23:57:18.0643 0x086c [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI C:\Windows\system32\DRIVERS\psi_mf_x86.sys
23:57:18.0643 0x086c PSI - ok
23:57:19.0243 0x086c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:57:19.0343 0x086c ql2300 - ok
23:57:19.0413 0x086c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:57:19.0453 0x086c ql40xx - ok
23:57:19.0643 0x086c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
23:57:19.0683 0x086c QWAVE - ok
23:57:19.0753 0x086c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:57:19.0793 0x086c QWAVEdrv - ok
23:57:19.0883 0x086c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:57:19.0903 0x086c RasAcd - ok
23:57:19.0983 0x086c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:57:20.0013 0x086c RasAgileVpn - ok
23:57:20.0123 0x086c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
23:57:20.0133 0x086c RasAuto - ok
23:57:20.0193 0x086c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:57:20.0233 0x086c Rasl2tp - ok
23:57:20.0393 0x086c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
23:57:20.0423 0x086c RasMan - ok
23:57:20.0493 0x086c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:57:20.0543 0x086c RasPppoe - ok
23:57:20.0663 0x086c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:57:20.0673 0x086c RasSstp - ok
23:57:20.0813 0x086c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:57:20.0873 0x086c rdbss - ok
23:57:20.0933 0x086c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:57:20.0963 0x086c rdpbus - ok
23:57:21.0113 0x086c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:57:21.0123 0x086c RDPCDD - ok
23:57:21.0233 0x086c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:57:21.0283 0x086c RDPDR - ok
23:57:21.0454 0x086c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:57:21.0454 0x086c RDPENCDD - ok
23:57:21.0504 0x086c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:57:21.0504 0x086c RDPREFMP - ok
23:57:21.0644 0x086c [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:57:21.0664 0x086c RDPWD - ok
23:57:21.0884 0x086c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:57:21.0914 0x086c rdyboost - ok
23:57:22.0074 0x086c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:57:22.0114 0x086c RemoteAccess - ok
23:57:22.0194 0x086c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:57:22.0254 0x086c RemoteRegistry - ok
23:57:22.0504 0x086c [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:57:22.0534 0x086c RFCOMM - ok
23:57:22.0672 0x086c [ DF672613FBBCD58C38BB0BC2694BCFB0, 9B574773C7E796B7E30481F7A22D996078D5D3D295270B5BA5931A2D2F03EB4B ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:57:22.0706 0x086c rimmptsk - ok
23:57:22.0876 0x086c [ 9BFB54D3559F2FF7301271D29D383564, DA7F9D7432D2DD4B8FCEEB5D995E4E0A2BF6226C3A244BE4EE6BF08EF29C8687 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:57:22.0950 0x086c rimsptsk - ok
23:57:23.0078 0x086c [ DCB87DA83CC1010CBC9FC4DC9E395BBC, 2123B7CAD746141C69F7DFCB4C351905C32E5B433F806EDA50074B088DC886DC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:57:23.0128 0x086c rismxdp - ok
23:57:23.0258 0x086c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:57:23.0308 0x086c RpcEptMapper - ok
23:57:23.0468 0x086c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
23:57:23.0518 0x086c RpcLocator - ok
23:57:23.0760 0x086c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
23:57:23.0780 0x086c RpcSs - ok
23:57:23.0932 0x086c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:57:23.0994 0x086c rspndr - ok
23:57:24.0094 0x086c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:57:24.0154 0x086c s3cap - ok
23:57:24.0204 0x086c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
23:57:24.0204 0x086c SamSs - ok
23:57:24.0414 0x086c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:57:24.0444 0x086c sbp2port - ok
23:57:25.0254 0x086c [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
23:57:25.0344 0x086c SBSDWSCService - ok
23:57:25.0454 0x086c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:57:25.0494 0x086c SCardSvr - ok
23:57:25.0554 0x086c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:57:25.0604 0x086c scfilter - ok
23:57:25.0944 0x086c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
23:57:25.0994 0x086c Schedule - ok
23:57:26.0044 0x086c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:57:26.0054 0x086c SCPolicySvc - ok
23:57:26.0204 0x086c [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:57:26.0254 0x086c sdbus - ok
23:57:26.0354 0x086c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:57:26.0394 0x086c SDRSVC - ok
23:57:26.0614 0x086c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:57:26.0634 0x086c secdrv - ok
23:57:26.0754 0x086c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
23:57:26.0754 0x086c seclogon - ok
23:57:27.0574 0x086c [ E43C0D32FF2D9A72F2D975B83B916964, 48EA724E1131DF080EFA54708EDC6C1F351FC741611B0E7AA6AE71A689E95D53 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
23:57:27.0724 0x086c Secunia PSI Agent - ok
23:57:28.0484 0x086c [ CB2D183E27D1443F7D4CF10665B2BDED, 90D55D22BC224DE9C193D98AC6C7C73799F73933E77F874D83EA7CEA2F38B891 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
23:57:28.0584 0x086c Secunia Update Agent - ok
23:57:28.0744 0x086c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
23:57:28.0754 0x086c SENS - ok
23:57:28.0826 0x086c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:57:28.0936 0x086c SensrSvc - ok
23:57:30.0220 0x086c [ 18E1127C5341E2F037439033EE0D0D4B, 74ABC4EC09F7050A35C353D2367900CBD92ADD4785CF379CBD46DFAADAFE8844 ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
23:57:30.0320 0x086c SepMasterService - ok
23:57:30.0550 0x086c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:57:30.0630 0x086c Serenum - ok
23:57:30.0700 0x086c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:57:30.0740 0x086c Serial - ok
23:57:30.0840 0x086c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:57:30.0850 0x086c sermouse - ok
23:57:30.0952 0x086c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
23:57:31.0022 0x086c SessionEnv - ok
23:57:31.0102 0x086c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:57:31.0152 0x086c sffdisk - ok
23:57:31.0212 0x086c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:57:31.0232 0x086c sffp_mmc - ok
23:57:31.0262 0x086c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:57:31.0322 0x086c sffp_sd - ok
23:57:31.0472 0x086c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:57:31.0492 0x086c sfloppy - ok
23:57:31.0782 0x086c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:57:31.0822 0x086c SharedAccess - ok
23:57:31.0970 0x086c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:57:31.0994 0x086c ShellHWDetection - ok
23:57:32.0044 0x086c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:57:32.0054 0x086c sisagp - ok
23:57:32.0184 0x086c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:57:32.0194 0x086c SiSRaid2 - ok
23:57:32.0234 0x086c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:57:32.0254 0x086c SiSRaid4 - ok
23:57:32.0354 0x086c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:57:32.0424 0x086c Smb - ok
23:57:33.0574 0x086c [ 274D13E3AA30BD8F86165FC0B662894E, B15577BD69C8D4014D61EA04E8E4A4EE84F8FFB0F5E888CB4130C2014E9A146C ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
23:57:34.0608 0x086c SmcService - ok
23:57:34.0860 0x086c [ 7C6085C72FE7415B2E643990FB484CCB, 560E89AABD456F4EA48AA9E157BF3846530281BED206D4D6DDF7341B31CBC226 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe
23:57:34.0930 0x086c SNAC - ok
23:57:35.0090 0x086c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:57:35.0120 0x086c SNMPTRAP - ok
23:57:35.0190 0x086c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
23:57:35.0210 0x086c spldr - ok
23:57:35.0420 0x086c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
23:57:35.0450 0x086c Spooler - ok
23:57:36.0750 0x086c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
23:57:36.0970 0x086c sppsvc - ok
23:57:37.0160 0x086c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:57:37.0200 0x086c sppuinotify - ok
23:57:37.0420 0x086c [ D52D335CEF10FA933141863100226610, 40A545972E5D8B58DD7746D7BFEE7829F7061B70BA214381ECA5A324EC3655F1 ] SRTSP C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSP.SYS
23:57:37.0450 0x086c SRTSP - ok
23:57:37.0570 0x086c [ FE9BD381778A344F0E39AE2D5E607D7F, 04F7EEE5ADF802BE120CFC730D5D5B97AF561278ABDE3C094E43174886C3867B ] SRTSPX C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSPX.SYS
23:57:37.0600 0x086c SRTSPX - ok
23:57:37.0780 0x086c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:57:37.0790 0x086c srv - ok
23:57:37.0950 0x086c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:57:37.0960 0x086c srv2 - ok
23:57:38.0070 0x086c [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:57:38.0110 0x086c SrvHsfHDA - ok
23:57:38.0200 0x086c [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:57:38.0240 0x086c SrvHsfV92 - ok
23:57:38.0412 0x086c [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:57:38.0442 0x086c SrvHsfWinac - ok
23:57:38.0514 0x086c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:57:38.0524 0x086c srvnet - ok
23:57:38.0674 0x086c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:57:38.0704 0x086c SSDPSRV - ok
23:57:38.0754 0x086c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:57:38.0774 0x086c SstpSvc - ok
23:57:38.0914 0x086c [ 2C71F7AFB1DA599E87F3C4FF15188EBE, 1B9DC278674AB8663A2D92CC66ECF233DC101844B0F9D8D8CD5BD4825460B469 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:57:38.0934 0x086c ssudmdm - ok
23:57:39.0030 0x086c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:57:39.0106 0x086c stexstor - ok
23:57:39.0386 0x086c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
23:57:39.0406 0x086c StiSvc - ok
23:57:39.0436 0x086c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:57:39.0456 0x086c storflt - ok
23:57:39.0596 0x086c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
23:57:39.0616 0x086c StorSvc - ok
23:57:39.0736 0x086c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:57:39.0746 0x086c storvsc - ok
23:57:39.0856 0x086c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
23:57:39.0886 0x086c swenum - ok
23:57:40.0116 0x086c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
23:57:40.0166 0x086c swprv - ok
23:57:40.0278 0x086c [ FBB45518D08A7010E804234188D8CB3F, CB8AD5BB61F1952029ACD43BD90AC2F2E2D5FDA5217EDC1D65E61A53990052B1 ] SyDvCtrl C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys
23:57:40.0298 0x086c SyDvCtrl - ok
23:57:40.0428 0x086c [ 5A193E5E0F0A776430E5D62A051C1E16, A65E927581CD92F9769F540D3292EF12299273F9EEE99DECAE01E2B52B8DB465 ] SymDS C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMDS.SYS
23:57:40.0448 0x086c SymDS - ok
23:57:40.0758 0x086c [ 68762EF9ED8A8D4A07112B3E3590EA29, 1D07F12351F5CC0D296841D7084159BB547CB76209F10E7117E851750B66497A ] SymEFA C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMEFA.SYS
23:57:40.0798 0x086c SymEFA - ok
23:57:40.0900 0x086c [ E987A9CB539147527F56943BB34B7375, 4627C3E237549587B53CBD0D89AC2CEFF03C04F7624E2868936BCE5D70496AFD ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:57:40.0910 0x086c SymEvent - ok
23:57:41.0160 0x086c [ 34A34E3E3B37E36DA570489ABE7A9AE0, E72E6F8EE1194FDE4750CFFAF1817B2F277845F41FABD56B4C2B8F0F50C6B2D3 ] SymIRON C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.SYS
23:57:41.0180 0x086c SymIRON - ok
23:57:41.0961 0x086c [ 51165F9280509289CE1B1959275240F4, 51F7ACE923D94A4C8D01729177577560C8E86523F7E6BA3717F8C722FB7A241C ] SYMNETS C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMNETS.SYS
23:57:41.0991 0x086c SYMNETS - ok
23:57:42.0231 0x086c [ FA2DAA32BED908023272A0F77D625DAE, 7A9A38360D694229BB8B9D3F4C0BEDCD6872F7F074CA81F1425E36C85F602B59 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:57:42.0251 0x086c SynTP - ok
23:57:42.0581 0x086c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
23:57:42.0681 0x086c SysMain - ok
23:57:42.0903 0x086c [ 5A9A5CE08168E6D23BED96B97E002DF9, 498B5CDCEFFC49AB20FF8A82B5D621F2A55776EFAFA1A025BDDDBBBE991063E0 ] SysPlant C:\Windows\system32\Drivers\SysPlant.sys
23:57:42.0943 0x086c SysPlant - ok
23:57:43.0033 0x086c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
23:57:43.0183 0x086c TabletInputService - ok
23:57:43.0733 0x086c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
23:57:43.0783 0x086c TapiSrv - ok
23:57:43.0855 0x086c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
23:57:43.0865 0x086c TBS - ok
23:57:44.0100 0x086c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:57:44.0147 0x086c Tcpip - ok
23:57:44.0567 0x086c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:57:44.0610 0x086c TCPIP6 - ok
23:57:44.0689 0x086c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:57:44.0719 0x086c tcpipreg - ok
23:57:44.0779 0x086c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:57:44.0799 0x086c TDPIPE - ok
23:57:44.0859 0x086c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:57:44.0879 0x086c TDTCP - ok
23:57:44.0929 0x086c [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:57:44.0959 0x086c tdx - ok
23:57:45.0211 0x086c [ 1ACE75CCABF098F96ED839C8AB45B9ED, 48CCA0025B42973448B390CCDD8279D021B1A9255B1AF1B0BC0A6EE993CC4E40 ] Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys
23:57:45.0271 0x086c Teefer2 - ok
23:57:45.0361 0x086c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:57:45.0481 0x086c TermDD - ok
23:57:45.0781 0x086c [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
23:57:45.0821 0x086c TermService - ok
23:57:46.0201 0x086c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
23:57:46.0241 0x086c Themes - ok
23:57:46.0313 0x086c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
23:57:46.0313 0x086c THREADORDER - ok
23:57:46.0383 0x086c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
23:57:46.0463 0x086c TrkWks - ok
23:57:46.0773 0x086c [ ED5E4CE36C54F55E7698642E94D32EC7, 07BD324083D1784F8F716C528D530003369E6D87EFC7B79BCAA1767F80DA4FDC ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
23:57:46.0793 0x086c truecrypt - ok
23:57:47.0033 0x086c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:57:47.0033 0x086c TrustedInstaller - ok
23:57:47.0237 0x086c [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:57:47.0237 0x086c tssecsrv - ok
23:57:47.0549 0x086c [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:57:47.0559 0x086c TsUsbFlt - ok
23:57:47.0639 0x086c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:57:47.0679 0x086c tunnel - ok
23:57:47.0779 0x086c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:57:47.0799 0x086c uagp35 - ok
23:57:47.0899 0x086c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:57:47.0939 0x086c udfs - ok
23:57:48.0089 0x086c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:57:48.0129 0x086c UI0Detect - ok
23:57:48.0581 0x086c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:57:48.0671 0x086c uliagpkx - ok
23:57:48.0781 0x086c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:57:48.0801 0x086c umbus - ok
23:57:48.0861 0x086c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:57:48.0881 0x086c UmPass - ok
23:57:49.0215 0x086c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
23:57:49.0385 0x086c UmRdpService - ok
23:57:49.0645 0x086c [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
23:57:49.0665 0x086c UnlockerDriver5 - ok
23:57:49.0725 0x086c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
23:57:49.0745 0x086c upnphost - ok
23:57:49.0815 0x086c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:57:49.0825 0x086c USBAAPL - ok
23:57:49.0905 0x086c [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:57:49.0925 0x086c usbaudio - ok
23:57:49.0995 0x086c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:57:50.0005 0x086c usbccgp - ok
23:57:50.0075 0x086c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:57:50.0135 0x086c usbcir - ok
23:57:50.0195 0x086c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:57:50.0205 0x086c usbehci - ok
23:57:50.0315 0x086c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:57:50.0345 0x086c usbhub - ok
23:57:50.0385 0x086c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:57:50.0395 0x086c usbohci - ok
23:57:50.0465 0x086c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:57:50.0475 0x086c usbprint - ok
23:57:50.0545 0x086c [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:57:50.0555 0x086c usbscan - ok
23:57:50.0615 0x086c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:57:50.0655 0x086c USBSTOR - ok
23:57:50.0715 0x086c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:57:50.0735 0x086c usbuhci - ok
23:57:50.0785 0x086c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
23:57:50.0835 0x086c UxSms - ok
23:57:50.0905 0x086c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
23:57:50.0905 0x086c VaultSvc - ok
23:57:50.0975 0x086c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:57:50.0975 0x086c vdrvroot - ok
23:57:51.0215 0x086c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
23:57:51.0315 0x086c vds - ok
23:57:51.0787 0x086c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:57:51.0797 0x086c vga - ok
23:57:51.0827 0x086c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:57:51.0877 0x086c VgaSave - ok
23:57:51.0989 0x086c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:57:52.0009 0x086c vhdmp - ok
23:57:52.0119 0x086c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:57:52.0129 0x086c viaagp - ok
23:57:52.0179 0x086c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:57:52.0199 0x086c ViaC7 - ok
23:57:52.0249 0x086c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
23:57:52.0259 0x086c viaide - ok
23:57:52.0341 0x086c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:57:52.0351 0x086c vmbus - ok
23:57:52.0381 0x086c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:57:52.0421 0x086c VMBusHID - ok
23:57:52.0451 0x086c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:57:52.0481 0x086c volmgr - ok
23:57:52.0531 0x086c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:57:52.0551 0x086c volmgrx - ok
23:57:52.0653 0x086c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:57:52.0673 0x086c volsnap - ok
23:57:52.0773 0x086c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:57:52.0783 0x086c vsmraid - ok
23:57:52.0943 0x086c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
23:57:52.0987 0x086c VSS - ok
23:57:53.0025 0x086c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:57:53.0125 0x086c vwifibus - ok
23:57:53.0255 0x086c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
23:57:53.0285 0x086c W32Time - ok
23:57:53.0465 0x086c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:57:53.0475 0x086c WacomPen - ok
23:57:53.0615 0x086c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:57:53.0625 0x086c WANARP - ok
23:57:53.0655 0x086c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:57:53.0655 0x086c Wanarpv6 - ok
23:57:54.0245 0x086c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:57:54.0335 0x086c WatAdminSvc - ok
23:57:55.0165 0x086c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
23:57:55.0345 0x086c wbengine - ok
23:57:55.0737 0x086c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:57:55.0767 0x086c WbioSrvc - ok
23:57:55.0927 0x086c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:57:55.0937 0x086c wcncsvc - ok
23:57:56.0009 0x086c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:57:56.0049 0x086c WcsPlugInService - ok
23:57:56.0119 0x086c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:57:56.0179 0x086c Wd - ok
23:57:56.0389 0x086c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:57:56.0419 0x086c Wdf01000 - ok
23:57:56.0511 0x086c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:57:56.0521 0x086c WdiServiceHost - ok
23:57:56.0551 0x086c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:57:56.0561 0x086c WdiSystemHost - ok
23:57:56.0651 0x086c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
23:57:56.0671 0x086c WebClient - ok
23:57:56.0751 0x086c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:57:56.0781 0x086c Wecsvc - ok
23:57:56.0841 0x086c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:57:56.0843 0x086c wercplsupport - ok
23:57:56.0923 0x086c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
23:57:56.0943 0x086c WerSvc - ok
23:57:57.0043 0x086c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:57:57.0193 0x086c WfpLwf - ok
23:57:57.0253 0x086c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:57:57.0253 0x086c WIMMount - ok
23:57:57.0483 0x086c [ BA6B6FB242A6BA4068C8B763063BEB63, 424324919D018033D93A19F30C8CACF4F88808A79EA17B35284EA02BA8A7DD27 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:57:57.0523 0x086c winachsf - ok
23:57:57.0735 0x086c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:57:57.0765 0x086c WinDefend - ok
23:57:57.0814 0x086c WinHttpAutoProxySvc - ok
23:57:58.0427 0x086c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:57:58.0497 0x086c Winmgmt - ok
23:57:58.0937 0x086c [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
23:57:59.0051 0x086c WinRM - ok
23:57:59.0619 0x086c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:57:59.0661 0x086c WinUsb - ok
23:58:00.0041 0x086c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:58:00.0111 0x086c Wlansvc - ok
23:58:00.0243 0x086c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:58:00.0243 0x086c WmiAcpi - ok
23:58:00.0363 0x086c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:58:00.0383 0x086c wmiApSrv - ok
23:58:00.0803 0x086c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:58:00.0846 0x086c WMPNetworkSvc - ok
23:58:00.0915 0x086c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:58:00.0925 0x086c WPCSvc - ok
23:58:01.0025 0x086c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:58:01.0135 0x086c WPDBusEnum - ok
23:58:01.0235 0x086c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:58:01.0265 0x086c ws2ifsl - ok
23:58:01.0425 0x086c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
23:58:01.0685 0x086c wscsvc - ok
23:58:01.0705 0x086c WSearch - ok
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 23rd, 2014, 3:03 am

23:58:02.0477 0x086c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
23:58:02.0639 0x086c wuauserv - ok
23:58:02.0751 0x086c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:58:02.0781 0x086c WudfPf - ok
23:58:02.0971 0x086c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:03.0001 0x086c WUDFRd - ok
23:58:03.0301 0x086c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:58:03.0351 0x086c wudfsvc - ok
23:58:03.0521 0x086c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
23:58:03.0551 0x086c WwanSvc - ok
23:58:03.0623 0x086c ================ Scan global ===============================
23:58:03.0693 0x086c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
23:58:03.0813 0x086c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
23:58:03.0903 0x086c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
23:58:03.0973 0x086c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
23:58:04.0145 0x086c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
23:58:04.0175 0x086c [ Global ] - ok
23:58:04.0185 0x086c ================ Scan MBR ==================================
23:58:04.0205 0x086c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:58:26.0653 0x086c \Device\Harddisk0\DR0 - ok
23:58:26.0653 0x086c ================ Scan VBR ==================================
23:58:26.0733 0x086c [ 936548347FEE2B38E52607C2275F67FF ] \Device\Harddisk0\DR0\Partition1
23:58:26.0803 0x086c \Device\Harddisk0\DR0\Partition1 - ok
23:58:26.0813 0x086c ================ Scan generic autorun ======================
23:58:26.0813 0x086c NvCplDaemon - ok
23:58:26.0813 0x086c NvMediaCenter - ok
23:58:26.0823 0x086c NVHotkey - ok
23:58:27.0223 0x086c [ ABB85828C394CEACACBC90373C59C529, 3B18DFB898903209D372051FD25FC4146D9E7CCC71B1FD083D6B957C783FBF24 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:58:27.0283 0x086c SynTPEnh - ok
23:58:27.0613 0x086c [ B8DAA7EF432A492E576CA4DE8E103D2F, C93B05444059ACA531280FC4FE2C2A2A3DCC9B0A0D9E8D6A35897381346C91C8 ] C:\Program Files\Belkin Storage Manager\StorageManager.exe
23:58:27.0730 0x086c Belkin Storage Manager - ok
23:58:27.0795 0x086c [ 255E405D801CF01247390F38F92D8042, B0A4C2B6F40D7AD177DBD40C26B579D67CC9A95552970D9F6F0C7DE372CE2A2F ] C:\Program Files\Unlocker\UnlockerAssistant.exe
23:58:27.0815 0x086c UnlockerAssistant - ok
23:58:28.0225 0x086c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:58:28.0285 0x086c Sidebar - ok
23:58:28.0375 0x086c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:58:28.0415 0x086c mctadmin - ok
23:58:28.0837 0x086c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:58:28.0857 0x086c Sidebar - ok
23:58:28.0897 0x086c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:58:28.0897 0x086c mctadmin - ok
23:58:29.0287 0x086c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
23:58:29.0287 0x086c Google Update - ok
23:58:29.0647 0x086c [ 6E6656C6618C4B0B000267D9AF9EF743, DBDDE7B99008AE40C1EDF9F25BC1DA24FE120CE4BB5164FBAF24057199A64641 ] C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
23:58:29.0677 0x086c GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63 - ok
23:58:29.0987 0x086c [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
23:58:30.0017 0x086c WinPatrol - ok
23:58:30.0027 0x086c Waiting for KSN requests completion. In queue: 10
23:58:31.0033 0x086c Waiting for KSN requests completion. In queue: 10
23:58:32.0039 0x086c Waiting for KSN requests completion. In queue: 10
23:58:33.0041 0x086c Waiting for KSN requests completion. In queue: 10
23:58:34.0167 0x086c AV detected via SS2: Symantec Endpoint Protection, C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
23:58:34.0177 0x086c FW detected via SS2: Symantec Endpoint Protection, C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe ( 12.1.4013.4013 ), 0x41010 ( enabled )
23:58:37.0139 0x086c ============================================================
23:58:37.0139 0x086c Scan finished
23:58:37.0139 0x086c ============================================================
23:58:37.0149 0x1630 Detected object count: 0
23:58:37.0149 0x1630 Actual detected object count: 0
23:58:57.0326 0x0ea8 Deinitialize success
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby askey127 » September 23rd, 2014, 9:05 am

MDSteg,
-------------------------------------------------------------
AdwCleaner Download and Run

Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete.
When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
You will then be presented with the report. Copy & Paste it into a reply here.

Image
If you lose track of the log, it is saved in this folder C:\AdwCleaner\
The filename will be adwcleaner[xx].txt where [xx] will be R1, or S2, etc. whichever filename is newest.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 24th, 2014, 1:01 am

# AdwCleaner v3.310 - Report created 23/09/2014 at 21:41:30
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Matt - LAPTOP
# Running from : C:\Users\Matt\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ExttraShoppoer
Folder Deleted : C:\Program Files\jfilemanager
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\Christi\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\Christi\AppData\LocalLow\iac
Folder Deleted : C:\Users\Matt\AppData\Local\apn
Folder Deleted : C:\Users\Matt\AppData\Local\genienext
Folder Deleted : C:\Users\Matt\AppData\Local\jfilemanager
Folder Deleted : C:\Users\Matt\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Matt\AppData\Local\torch
Folder Deleted : C:\Users\Matt\AppData\LocalLow\iac
Folder Deleted : C:\Users\Matt\Documents\Mobogenie
Folder Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kioijmpindokaaahaeigkkkbogccljhm
Folder Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakgbeonjhgfibjhlglkmjcjofcbacmc
Folder Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdncklaccdhcapapeefeockgnokibekf
File Deleted : C:\Users\Christi\daemonprocess.txt
File Deleted : C:\Users\Matt\daemonprocess.txt
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Christi\AppData\Roaming\Mozilla\Firefox\Profiles\qkmiz7pe.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=2DE76A90-4330-4A1E-9778-8DF75FD4DC1B&n=77fc2419&p2=^XP^xdm044^S03645^us&si=CJmPg5SdqbMCFSFyQ[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013013017");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm044^S03645^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CJmPg5SdqbMCFSFyQgodXCsAzg");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "2DE76A90-4330-4A1E-9778-8DF75FD4DC1B");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1390347360369");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "1800 contacts");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "90001");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\b97c34uf.default-1391741145504\prefs.js ]

Line Deleted : user_pref("extensions.5obCMp.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.Z3p.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
Line Deleted : user_pref("extensions.yCncZ.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.index[...]

-\\ Google Chrome v

[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : aakgbeonjhgfibjhlglkmjcjofcbacmc
Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
Deleted [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel
Deleted [Extension] : hhbgpoakplhahbklhkcfbpicgjcaoglk
Deleted [Extension] : kioijmpindokaaahaeigkkkbogccljhm
Deleted [Extension] : mdncklaccdhcapapeefeockgnokibekf
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk

*************************

AdwCleaner[R0].txt - [8858 octets] - [23/09/2014 21:30:15]
AdwCleaner[S0].txt - [8490 octets] - [23/09/2014 21:41:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8550 octets] ##########
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 24th, 2014, 1:16 am

I should note that there wasn't a box available to "Include 64 bit scans"

OTL logfile created on: 9/23/2014 10:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.67% Memory free
4.00 Gb Paging File | 2.78 Gb Available in Paging File | 69.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.72 Gb Total Space | 14.54 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive D: | 463.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/23 21:57:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/07/20 18:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
PRC - [2013/10/20 18:45:08 | 001,746,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
PRC - [2013/10/20 18:45:06 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/02/07 05:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/02/07 05:31:20 | 000,660,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/02/07 05:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/02/03 18:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin Storage Manager\StorageManager.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/02/13 10:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/09/23 21:28:57 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/19 12:02:23 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/18 14:36:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/20 18:45:10 | 000,288,656 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe -- (SNAC)
SRV - [2013/10/20 18:45:08 | 001,746,576 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:06 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/07 05:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/02/07 05:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/09/20 19:53:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/02/13 10:44:34 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/13 10:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2014/09/12 23:06:35 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/09/12 23:06:35 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/21 02:04:33 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140923.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/08/21 02:04:33 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140923.017\NAVENG.SYS -- (NAVENG)
DRV - [2014/07/22 18:44:26 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/07/22 18:32:38 | 000,126,440 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2014/07/22 17:08:52 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140923.011\IDSvix86.sys -- (IDSVix86)
DRV - [2014/07/03 22:15:54 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/04/11 01:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/04/11 01:39:22 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/10/20 18:45:12 | 000,935,512 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2013/10/20 18:45:12 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\srtsp.sys -- (SRTSP)
DRV - [2013/10/20 18:45:12 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\SymDS.sys -- (SymDS)
DRV - [2013/10/20 18:45:12 | 000,341,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\symnets.sys -- (SYMNETS)
DRV - [2013/10/20 18:45:12 | 000,175,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2013/10/20 18:45:12 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys -- (ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450})
DRV - [2013/10/20 18:45:12 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2013/10/20 18:45:10 | 000,072,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2013/10/20 18:45:10 | 000,028,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2013/02/07 05:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2012/12/15 14:30:23 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 15:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/13 10:42:28 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/13 10:42:04 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/13 10:39:54 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014/07/22 19:01:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/19 12:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/19 12:01:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/13 13:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/09/21 17:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\b97c34uf.default-1391741145504\extensions
[2014/09/19 12:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/19 12:02:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/22 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Translate Genius = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdebfobecnopjndjbdoapgokdjfffpj\1.0.2_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Math Anywhere = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\148\
CHR - Extension: Time Warp = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmhadpnjmokjbmgamifipkjddhlfkhi\155\
CHR - Extension: Lite Bookmarks = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpneoicaochhlckfkackiigepakdgapj\127\
CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Disable AntiAdblock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\oimhabmdhenmcaligiilhadkdliolpah\143\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3621500318-1394627752-788584526-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3621500318-1394627752-788584526-1001..\Run: [WinPatrol] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/17 10:46:21 | 000,000,129 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4134f92f-ddf4-11e3-9f6d-0016cffe22d3}\Shell - "" = AutoRun
O33 - MountPoints2\{4134f92f-ddf4-11e3-9f6d-0016cffe22d3}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{7b5af2b1-e3f7-11e0-acc0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5af2b1-e3f7-11e0-acc0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2012/10/17 10:46:21 | 001,719,912 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\{ef1fb603-3cd7-11e2-bbb1-0016cffe22d3}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1fb603-3cd7-11e2-bbb1-0016cffe22d3}\Shell\AutoRun\command - "" = E:\OpenSecureFiles.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/23 21:57:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/09/23 21:32:00 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/09/23 21:30:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/22 23:52:41 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2014/09/22 22:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/21 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\WinPatrol
[2014/09/21 17:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/09/21 17:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ruiware
[2014/09/21 17:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/09/19 12:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/13 11:34:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/09/13 11:34:51 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/13 11:34:50 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/13 11:34:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/09/13 11:34:49 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/09/13 11:34:49 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/09/13 11:34:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/09/13 11:34:48 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/09/13 11:34:48 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/13 11:34:48 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/13 11:34:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/13 11:34:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/13 11:34:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/09/13 11:34:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/09/13 11:34:46 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/09/13 11:34:45 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/09/13 11:34:45 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/09/13 11:34:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/13 11:34:45 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/09/13 11:34:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/09/13 11:34:44 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/09/13 11:34:37 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/13 11:34:36 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/13 11:33:02 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/09/12 22:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/09/12 16:19:17 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/09/12 16:19:07 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/09/12 16:18:49 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/09/12 16:18:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/09/06 14:24:17 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/09/06 13:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RoyallShopperApp
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/23 21:59:43 | 000,027,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 21:59:43 | 000,027,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 21:57:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/09/23 21:51:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/23 21:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/23 21:50:37 | 1609,187,328 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/23 21:28:50 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/23 21:28:50 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/23 21:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621500318-1394627752-788584526-1001UA.job
[2014/09/23 21:27:51 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621500318-1394627752-788584526-1001Core.job
[2014/09/22 23:53:32 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2014/09/15 09:06:04 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/13 11:07:59 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/13 11:07:59 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/09 23:17:08 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/09 20:13:37 | 003,804,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/04 18:52:10 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/09/04 18:47:39 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/12/12 18:53:26 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/11/13 15:01:27 | 000,004,608 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/30 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\Christi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/06/18 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\Christi\AppData\Roaming\IObit
[2012/08/07 23:21:33 | 000,000,000 | ---D | M] -- C:\Users\Christi\AppData\Roaming\PDF reDirect
[2014/08/13 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\21269
[2014/07/23 23:33:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\bytewdownload
[2014/04/18 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.leawo.imediago
[2012/12/12 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FreeAudioPack
[2014/02/06 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IObit
[2012/12/12 18:44:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\mp3converter
[2013/02/10 11:38:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PDAppFlex
[2013/02/15 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PDF reDirect
[2011/11/13 15:17:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PixelMetrics
[2014/07/23 19:48:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Samsung
[2013/01/19 12:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TrueCrypt
[2012/12/12 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2012/12/28 09:09:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUpMedia
[2014/04/18 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WindSolutions
[2014/09/21 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 24th, 2014, 1:17 am

OTL Extras logfile created on: 9/23/2014 10:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.67% Memory free
4.00 Gb Paging File | 2.78 Gb Available in Paging File | 69.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.72 Gb Total Space | 14.54 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive D: | 463.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19F44391-F74C-470C-B8D6-040CB6795ADF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B008BE4-D51D-4C7B-BB44-95A1F4F75FE8}" = rport=137 | protocol=17 | dir=out | app=system |
"{28B4872E-0161-4516-BE40-654F820A5070}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D0C53C0-2633-479F-83A7-B37390CD3CA2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4087BFFE-0BAF-4A40-9D4A-EBD971EBD787}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{414FB5F2-D411-44CF-BBD8-37F7DAD505BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41B6D9BF-7653-4255-8AC6-5363FDC98BD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50FDA6B5-3343-48B2-9614-6D8B2FBCF919}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{564AD8F7-7F50-409B-8CD0-BB8B1D632F6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B671CD7-C1EB-45B0-A6C0-A23F49C16A8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E30CE21-382A-4A72-8D4D-338E554F67D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8283290B-89B9-4FC0-813E-6FCF335D513D}" = lport=137 | protocol=17 | dir=in | app=system |
"{845C761D-9AB4-4883-BC6F-28D940F72FFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BCB16A6-8D7D-4B47-9C22-9A7B9CFFD980}" = lport=445 | protocol=6 | dir=in | app=system |
"{9FD1A0A6-C533-4920-8D59-FC871DB44850}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1D8E499-AB93-40BE-BAF5-DFD71C506BBC}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB7D95B0-F42F-405C-8BCB-6BE4F03362C2}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCB1F61D-BDA1-41BC-813F-CD4B38E8BF3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C75650AE-52DF-4875-B795-BCD606203F0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D081324A-6E8D-468A-A34D-592D228530E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDE44478-45D0-4665-9789-459781589199}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E34E1C77-3F52-4BE4-9E1E-A68AAC47D3CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E853E3CF-0481-41EE-8A93-B0CA92E30990}" = lport=3389 | protocol=6 | dir=in | app=system |
"{ED7B5936-7480-4F8C-920C-27569C874FB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F41467B3-BB92-45EE-8A67-4AC0087534ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F61A9BE4-B1BB-4462-B99B-932998693FB0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F626ACCD-6366-4711-95C7-4E229CFC6B69}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA809DD0-1BB5-4E8C-8196-858EAC9E0E7E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FC52685B-5AA2-4497-B744-B45706D824E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E0FE03-916A-48BD-B2E4-63BCBD47184B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B227ACD-A088-4095-B593-B59554957486}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15F9623C-43BB-4DB6-98B8-B8DF5063B47D}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{21ECE22D-57DA-4296-8CD8-E4A3B6334C29}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{25CA1474-679A-4EFA-9E0F-6B97DFEAA74E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3AC45E68-B7C1-435B-A511-7E23F53F3657}" = protocol=6 | dir=out | app=system |
"{3D86CD3B-6617-4A40-A66B-2FD896D3A77A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{432C3211-B439-4E82-8911-EFE4334B9656}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{493D515E-7D4D-4AFC-8ADB-FF734B86248F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{584962EB-3C3E-45D3-81E5-CAE4728BB5A1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{59D0F446-C57A-48C3-AA50-6AA39FBDF61C}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\snac.exe |
"{64C8EA0D-A907-454D-957E-C0E5CC3E45D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6946C16A-29A0-45FE-8089-F1CBB8330020}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{72717235-AC5B-48AE-ADCF-7255D1BA8291}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E29C8D8-BB48-4B9A-BFAB-648EFCD86F1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91E2A1D2-4D35-4362-8BE0-FE433EF3B20A}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\smc.exe |
"{923D11BD-3B90-4527-810F-118734BE4DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{946AF22E-65B4-4A98-8086-4AF766924F5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6D93EF9-E286-429C-BCEF-D3CE0BE03B1F}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ACC01F3D-4F43-4C59-87A5-88C2400BA3E7}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{B657FFBF-8047-4405-A3DD-2A4254DFA77C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA2491BE-54E2-472E-8C3C-E31D406461BB}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\snac.exe |
"{C596A22B-D2AD-4DC6-977F-8A68263B510D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C87C6741-F93E-434C-BB79-FA7556C8CD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8DC8612-8807-415E-999B-327D38817805}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D63AFEC4-C842-44E7-B475-A5A4ACC4F2B3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{D8936C3B-41C3-4BBB-B949-DABE53E0E3B5}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\smc.exe |
"{DF49ABFC-723D-4E27-B255-567C7903F822}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E1DBE21C-98E1-4809-ACCC-6B9056B145DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9E4EBD4-4702-42D6-89DB-A3015FC47465}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E9FAF10C-EA8B-4827-B20D-3AD6E597932D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2EC4AB8-03B8-4442-94EA-A2E82D9BC627}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F3911DDF-D9BC-4C33-B9AE-64BBEE92A5B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4F8EE08-896B-4215-9891-C11329334CD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB1A574D-E8D8-4E38-8CEC-73C4176FE9CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{11212348-0319-4B59-A2BF-E3753D055C0C}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"TCP Query User{D8C20A12-6CF0-4BEF-A2D9-70188758EF19}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"UDP Query User{12650B8F-6E26-424E-9589-41C54799B331}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"UDP Query User{D7048040-D46A-4747-9B05-016AF87503EB}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{5FA1D4AD-5929-4A14-B711-A5A9D8DC9F96}" = Translate Genius
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.5.0
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9932886E-7874-4BA1-A1AA-E61EA5A9352D}" = Logitech QuickCam
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A84E6630-FE81-4D1F-BBA0-4BFBCC1D9493}" = Symantec Endpoint Protection
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"CaptureWiz" = CaptureWizPro 4.40
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FLV Player2.0.25" = FLV Player
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HyperCam 2" = HyperCam 2
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 32.0.2 (x86 en-US)" = Mozilla Firefox 32.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PDF reDirect" = PDF reDirect (remove only)
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3621500318-1394627752-788584526-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2013 2:34:50 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15085

Error - 9/27/2013 2:34:51 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/27/2013 2:34:51 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16551

Error - 9/27/2013 2:34:51 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16551

Error - 9/27/2013 8:30:47 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/27/2013 8:30:47 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64572635

Error - 9/27/2013 8:30:47 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64572635

Error - 9/27/2013 8:42:50 PM | Computer Name = Laptop | Source = McLogEvent | ID = 5051
Description =

Error - 9/27/2013 8:42:51 PM | Computer Name = Laptop | Source = McLogEvent | ID = 5051
Description =

Error - 9/27/2013 8:42:57 PM | Computer Name = Laptop | Source = McLogEvent | ID = 1008
Description =

[ Media Center Events ]
Error - 3/22/2013 3:40:46 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:40:46 PM - Error connecting to the internet. 12:40:46 PM - Unable
to contact server..

Error - 3/22/2013 3:41:28 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:41:15 PM - Error connecting to the internet. 12:41:15 PM - Unable
to contact server..

[ OSession Events ]
Error - 5/30/2013 11:28:48 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 683642
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 7/31/2013 12:19:28 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 379310
seconds with 1140 seconds of active time. This session ended with a crash.

[ Symantec Endpoint Protection Client Events ]
Error - 8/6/2014 2:51:09 PM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711754
Description = SONAR has generated an error: code 0: description: Definition Failure

Error - 8/11/2014 7:41:12 PM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711754
Description = SONAR has generated an error: code 0: description: Definition Failure

Error - 8/11/2014 8:07:58 PM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711754
Description = SONAR has generated an error: code 0: description: Definition Failure

Error - 8/17/2014 8:00:16 PM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.ADH.SMH in File: C:\ProgramData\DealsFactor\DealsFactor.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 8/17/2014 8:11:05 PM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!OptimizerPro in File: C:\PROGRAM FILES\OPTIMIZER
PRO\OptProStart.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access
denied. Action Description: The file was quarantined successfully.

Error - 8/17/2014 8:11:26 PM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!OptimizerPro in File: C:\PROGRAM FILES\OPTIMIZER
PRO\OptProUninstaller.exe by: Auto-Protect scan. Action: Quarantine succeeded
: Access denied. Action Description: The file was quarantined successfully.

Error - 8/21/2014 12:54:49 AM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Infostealer.Limitail in File: C:\Users\Christi\Downloads\JFileManager.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 9/15/2014 12:10:29 AM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: .doubleclick.net by:
Startup scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

Error - 9/23/2014 2:56:50 AM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: .pd0.imp.revsci.net
by: Startup scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

Error - 9/24/2014 1:02:14 AM | Computer Name = Laptop | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: .quantserve.com by:
Startup scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

[ System Events ]
Error - 2/7/2014 12:38:53 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.

Error - 2/7/2014 12:41:17 AM | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:38:53 PM on ?2/?6/?2014 was unexpected.

Error - 2/7/2014 12:41:25 AM | Computer Name = LAPTOP | Source = BugCheck | ID = 1001
Description =

Error - 2/9/2014 2:48:29 PM | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:21:01 PM on ?2/?6/?2014 was unexpected.

Error - 2/9/2014 3:02:09 PM | Computer Name = Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 11 for Windows 7.

Error - 2/9/2014 3:09:22 PM | Computer Name = Laptop | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 2/11/2014 5:19:24 PM | Computer Name = Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 11 for Windows 7.

Error - 2/13/2014 10:29:48 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/14/2014 2:32:19 AM | Computer Name = Laptop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/15/2014 4:08:08 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 2 time(s).


< End of report >
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby askey127 » September 24th, 2014, 7:33 am

MDSteg,
Got rid of a lot of junk there.
----------------------------------------------
Perform a Custom Fix with OTL
Right click OTL on your desktop, and choose "Run as administrator" to open it.
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    If you click on select all, it will highlight the Code for copying
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-3621500318-1394627752-788584526-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    [2010/10/22 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    O4 - HKU\S-1-5-21-3621500318-1394627752-788584526-1001..\Run: [AdobeBridge] File not found
    O33 - MountPoints2\{4134f92f-ddf4-11e3-9f6d-0016cffe22d3}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
    [2014/09/06 13:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RoyallShopperApp
    [2013/06/18 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\Christi\AppData\Roaming\IObit
    [2014/02/06 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IObit
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • That is the FIX log file. Copy the contents of that file and post it in your next reply.
    It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

Let me know how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 25th, 2014, 12:52 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-3621500318-1394627752-788584526-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Program Files\Mozilla Firefox\components\Scriptff.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3621500318-1394627752-788584526-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4134f92f-ddf4-11e3-9f6d-0016cffe22d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4134f92f-ddf4-11e3-9f6d-0016cffe22d3}\ not found.
File E:\VZW_Software_upgrade_assistant.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\VZW_Software_upgrade_assistant.exe not found.
C:\ProgramData\RoyallShopperApp folder moved successfully.
C:\Users\Christi\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Christi\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Christi\AppData\Roaming\IObit\Advanced SystemCare V6\boottime folder moved successfully.
C:\Users\Christi\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Christi\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Christi\AppData\Roaming\IObit folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Matt\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Matt\Desktop\cmd.bat deleted successfully.
C:\Users\Matt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Christi

User: Default

User: Default User

User: Matt

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Christi
->Flash cache emptied: 77385 bytes

User: Default
->Flash cache emptied: 57472 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Matt
->Flash cache emptied: 19807 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Christi
->Temp folder emptied: 13393773 bytes
->Temporary Internet Files folder emptied: 4134618 bytes
->FireFox cache emptied: 207306951 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 38701463 bytes
->Temporary Internet Files folder emptied: 102933831 bytes
->FireFox cache emptied: 236983753 bytes
->Google Chrome cache emptied: 185232866 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 587305591 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,312.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09242014_213747

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 25th, 2014, 1:03 am

Thanks again for your help!

OTL logfile created on: 9/24/2014 9:53:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.72% Memory free
4.00 Gb Paging File | 2.95 Gb Available in Paging File | 73.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.72 Gb Total Space | 15.46 Gb Free Space | 14.48% Space Free | Partition Type: NTFS
Drive D: | 463.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/23 21:57:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/09/19 12:02:24 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/07/20 18:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
PRC - [2013/10/20 18:45:08 | 001,746,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
PRC - [2013/10/20 18:45:06 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/02/07 05:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/02/07 05:31:20 | 000,660,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/02/07 05:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/02/03 18:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin Storage Manager\StorageManager.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/02/13 10:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/09/19 12:02:21 | 003,734,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/09/23 21:28:57 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/19 12:02:23 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/18 14:36:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/20 18:45:10 | 000,288,656 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe -- (SNAC)
SRV - [2013/10/20 18:45:08 | 001,746,576 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:06 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/07 05:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/02/07 05:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/09/20 19:53:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/02/13 10:44:34 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/13 10:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2014/09/12 23:06:35 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/09/12 23:06:35 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/21 02:04:33 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140923.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/08/21 02:04:33 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140923.017\NAVENG.SYS -- (NAVENG)
DRV - [2014/07/22 18:44:26 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/07/22 18:32:38 | 000,126,440 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2014/07/22 17:08:52 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140923.011\IDSvix86.sys -- (IDSVix86)
DRV - [2014/07/03 22:15:54 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/04/11 01:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/04/11 01:39:22 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/10/20 18:45:12 | 000,935,512 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2013/10/20 18:45:12 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\srtsp.sys -- (SRTSP)
DRV - [2013/10/20 18:45:12 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\SymDS.sys -- (SymDS)
DRV - [2013/10/20 18:45:12 | 000,341,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\symnets.sys -- (SYMNETS)
DRV - [2013/10/20 18:45:12 | 000,175,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2013/10/20 18:45:12 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys -- (ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450})
DRV - [2013/10/20 18:45:12 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2013/10/20 18:45:10 | 000,072,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2013/10/20 18:45:10 | 000,028,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2013/02/07 05:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2012/12/15 14:30:23 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 15:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/13 10:42:28 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/13 10:42:04 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/13 10:39:54 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014/07/22 19:01:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/24 21:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/24 21:38:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/13 13:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/09/21 17:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\b97c34uf.default-1391741145504\extensions
[2014/09/19 12:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/19 12:02:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Translate Genius = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdebfobecnopjndjbdoapgokdjfffpj\1.0.2_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Math Anywhere = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebhifiddmaaeecbaiemfpejghjdjmhc\148\
CHR - Extension: Time Warp = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmhadpnjmokjbmgamifipkjddhlfkhi\155\
CHR - Extension: Lite Bookmarks = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpneoicaochhlckfkackiigepakdgapj\127\
CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Disable AntiAdblock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\oimhabmdhenmcaligiilhadkdliolpah\143\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/17 10:46:21 | 000,000,129 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7b5af2b1-e3f7-11e0-acc0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5af2b1-e3f7-11e0-acc0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2012/10/17 10:46:21 | 001,719,912 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\{ef1fb603-3cd7-11e2-bbb1-0016cffe22d3}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1fb603-3cd7-11e2-bbb1-0016cffe22d3}\Shell\AutoRun\command - "" = E:\OpenSecureFiles.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/24 21:37:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/23 21:57:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/09/23 21:32:00 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/09/23 21:30:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/22 23:52:41 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2014/09/22 22:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/21 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\WinPatrol
[2014/09/21 17:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/09/21 17:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ruiware
[2014/09/21 17:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/09/19 12:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/12 22:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/24 21:52:36 | 000,027,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/24 21:52:36 | 000,027,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/24 21:43:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/24 21:43:12 | 1609,187,328 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/24 21:32:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/24 21:32:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621500318-1394627752-788584526-1001UA.job
[2014/09/24 18:28:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621500318-1394627752-788584526-1001Core.job
[2014/09/23 21:57:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/09/22 23:53:32 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2014/09/13 11:07:59 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/13 11:07:59 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/09 23:17:08 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/09 20:13:37 | 003,804,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/12/12 18:53:26 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/11/13 15:01:27 | 000,004,608 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/08/13 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\21269
[2014/07/23 23:33:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\bytewdownload
[2014/04/18 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.leawo.imediago
[2012/12/12 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FreeAudioPack
[2012/12/12 18:44:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\mp3converter
[2013/02/10 11:38:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PDAppFlex
[2013/02/15 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PDF reDirect
[2011/11/13 15:17:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PixelMetrics
[2014/07/23 19:48:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Samsung
[2013/01/19 12:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TrueCrypt
[2012/12/12 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2012/12/28 09:09:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUpMedia
[2014/04/18 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WindSolutions
[2014/09/21 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby askey127 » September 25th, 2014, 7:37 am

Please tell me how your system is running.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection, Overwhelming Popups, LuckYaShoppper

Unread postby MDSteg » September 25th, 2014, 12:29 pm

It's running MUCH better! About as good as one could ask for out of a 7 yr old machine.

So moving forward, my next question would be what software you'd recommend to maintain the current state and prevent future infections?

Thanks again for all your help!
MDSteg
Active Member
 
Posts: 11
Joined: September 21st, 2014, 9:01 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware