Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rootkit warning - DgSafe.sys

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Rootkit warning - DgSafe.sys

Unread postby no1so » February 2nd, 2014, 9:53 pm

GMER.txt
I downloaded and installed a trial DriverGenius 2013 on my Windows 7 machine.

When I uninstalled the program I am left with some 30 infections found by AVGFree. This says that a folder named DgSafe.sys is in System32 and contains these rootkit infections. This folder is not present when I check. AVG reports - unable to remove, data not valid.

I have ran a program called GMER and have a log in which the following is highlighted in red:

dghmpg.dll_d_24c8bb
dguimn.dll_d_24c8ea

which it says are 'hidden'. However, these files are in Program Files/MyDrivers/DiiverGenius 2013

In the same log are entries such as:

SSDT \??\C:\Windows\system32\drivers\DgSafe.sys ZwCreateKey [0x9BEAC120]

SSDT \??\C:\Windows\system32\drivers\DgSafe.sys ZwCreateThreadEx [0x9BEB51CF]
SSDT \??\C:\Windows\system32\drivers\DgSafe.sys ZwCreateUserProcess [0x9BEB4ADC]

5.JPG


I have scanned the system with NOD32 which finds nothing.

I cannot run dds.scr
You do not have the required permissions to view the files attached to this post.
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm
Advertisement
Register to Remove

Re: Rootkit warning - DgSafe.sys

Unread postby wannabeageek » February 9th, 2014, 12:51 am

Hello no1so, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 9th, 2014, 7:10 am

Results of scans as request thank you:

OTL logfile created on: 09/02/2014 10:46:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\My Profile\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 51.90% Memory free
5.99 Gb Paging File | 4.42 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.85 Gb Total Space | 18.72 Gb Free Space | 34.77% Space Free | Partition Type: NTFS
Drive D: | 244.14 Gb Total Space | 70.95 Gb Free Space | 29.06% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 9.48 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
Drive H: | 983.09 Mb Total Space | 983.08 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 30.03 Gb Total Space | 29.19 Gb Free Space | 97.19% Space Free | Partition Type: NTFS
Drive Y: | 339.67 Gb Total Space | 330.35 Gb Free Space | 97.26% Space Free | Partition Type: NTFS

Computer Name: NEWLAPPY | User Name: makem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/09 10:42:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\My Profile\Desktop\OTL.exe
PRC - [2014/01/22 20:37:14 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/01/22 20:37:14 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/12 21:19:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/08 21:40:19 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/10/10 11:48:14 | 000,094,416 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\syncappw.exe
PRC - [2013/09/27 07:36:30 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/09/24 20:45:14 | 000,390,192 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\DigiGuide.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/07/31 20:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/06/14 16:39:34 | 000,422,536 | ---- | M] () -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
PRC - [2013/06/13 19:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2013/02/06 11:27:58 | 000,225,008 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2012/03/26 16:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/10/11 15:08:58 | 000,109,400 | ---- | M] (中国工商银行) -- C:\Windows\System32\hhukcert02.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2011/04/01 16:42:08 | 000,080,840 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/13 11:27:32 | 019,384,088 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
PRC - [2010/04/27 09:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/23 21:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/05 21:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/20 15:12:40 | 000,039,240 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe
PRC - [2009/08/13 11:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/09/12 07:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/03 12:38:15 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/12 21:19:54 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/10 11:48:14 | 000,094,416 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\syncappw.exe
MOD - [2013/10/10 11:22:56 | 008,214,016 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\syncapp.dll
MOD - [2013/09/24 20:45:14 | 000,872,448 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\libeay32.dll
MOD - [2013/09/24 20:45:14 | 000,713,216 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\js32.dll
MOD - [2013/09/24 20:45:14 | 000,390,192 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\DigiGuide.exe
MOD - [2013/09/24 20:45:14 | 000,312,832 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\Network.dll
MOD - [2013/09/24 20:45:14 | 000,159,744 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\ssleay32.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/06/18 15:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2010/09/19 15:20:00 | 000,148,312 | ---- | M] () -- C:\Windows\System32\hhukey3k02.dll
MOD - [2010/05/28 13:57:36 | 000,801,976 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\ContactsLib.dll
MOD - [2010/04/19 08:48:28 | 000,277,904 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\sqlite3.dll
MOD - [2009/08/25 17:51:10 | 000,155,320 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\mailprefs.dll
MOD - [2009/06/25 15:40:04 | 000,977,080 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\MCore.dll
MOD - [2008/09/12 17:39:34 | 000,611,936 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\MailAnalysis.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- c:\program files\kingsoft\ijinshan_antivierus2013\kxescore.exe /service kxescore -- (kxescore)
SRV - [2014/02/05 22:37:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/22 20:37:14 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/12 21:19:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/26 08:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/08 15:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [On_Demand | Stopped] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/10/01 16:40:03 | 003,246,040 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/09/25 18:48:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/14 16:39:34 | 000,422,536 | ---- | M] () [Auto | Running] -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe -- (ICBC Daemon Service)
SRV - [2013/06/13 19:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/05 15:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/04/01 16:41:44 | 000,152,496 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/02/04 15:30:04 | 002,040,144 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2010/12/06 06:37:38 | 000,804,528 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/12/23 21:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/11/05 21:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006/09/12 07:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\kisknl.sys -- (kisknl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HHVRdr.sys -- (HHVReader)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqd12zfe)
DRV - [2014/02/02 18:35:18 | 000,085,352 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksapi.sys -- (ksapi)
DRV - [2014/01/22 20:37:26 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/01/22 20:37:26 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/01/22 20:37:26 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/06 21:05:21 | 000,320,120 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/27 23:21:11 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 16:40:05 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2013/10/01 16:39:56 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2013/10/01 16:39:52 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2013/10/01 16:39:40 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/05/23 06:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 06:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 06:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 06:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/11/16 07:52:12 | 000,035,184 | ---- | M] (ICBC) [Kernel | System | Running] -- C:\Windows\icbckeyflt.sys -- (icbckeyflt2)
DRV - [2012/08/27 19:51:50 | 000,181,128 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV - [2012/08/27 19:51:46 | 000,091,016 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rusb3hub.sys -- (rusb3hub)
DRV - [2011/09/13 08:53:52 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsnmea.sys -- (zghsnmea)
DRV - [2011/09/13 08:53:52 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011/09/13 08:53:50 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2011/08/30 12:48:56 | 000,236,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2011/07/13 01:07:40 | 000,016,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2011/07/07 15:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/07/07 15:10:08 | 000,032,408 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2011/02/02 14:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/02/02 14:51:26 | 000,072,352 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/01/27 14:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010/11/29 10:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 09:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010/10/07 12:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/09/27 14:37:40 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/08/30 09:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/04/26 10:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010/04/20 14:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/21 06:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/07 00:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/19 15:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/06/17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/12/01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?f=1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtCyDtAyC0E0B0FtD0EyDtCtN0D0Tzu0CyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1918066720&ir=
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}: "URL" = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_dg&ch=5&ie=utf-8
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}: "URL" = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_dg&ch=5&ie=utf-8
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?f=1
IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtCyDtAyC0E0B0FtD0EyDtCtN0D0Tzu0CyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1918066720&ir=
IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\..\SearchScopes\{2BD482BC-8EE2-41BE-8146-6FF997CDCBCC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\..\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}: "URL" = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_dg&ch=5&ie=utf-8
IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@icbc.com.cn/npicbc_hh_usbkey2gchinese: C:\Program Files\ICBCEbankTools\ICBCEbankPlugin\npicbc_hh_usbkey2gchinese.dll (北京华虹电子系统有限责任公司)
FF - HKLM\Software\MozillaPlugins\@icbc.com.cn/npicbc_infosec_certenroll: C:\Program Files\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_certenroll.dll ()
FF - HKLM\Software\MozillaPlugins\@icbc.com.cn/npicbc_infosec_netsign: C:\Program Files\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_netsign.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npClCache,Version=1.0.0.2: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll ()
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npClientBinding,Version=1.0.0.2: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npFullScreen,Version=1.0.0.2: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll ()
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npsubmit,Version=1.0.0.7: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npxxin,Version=1.0.0.8: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/npAssistComm,Version=1.0.0.1: C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: c:\program files\kingsoft\ijinshan_antivierus2013\npkws.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/10/04 10:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/09/24 19:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\makem\AppData\Roaming\Mozilla\Extensions
[2013/11/16 15:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 21:19:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [hhukcert02] C:\Windows\System32\hhukcert02.exe (中国工商银行)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe (GipsyMedia Limited)
O4 - Startup: C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\..Trusted Domains: icbc.com.cn ([]https in Trusted sites)
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll (certInStall Class)
O16 - DPF: {3D14998A-4CFB-4FC8-A98D-A24F05E4ED88} https://mybank.icbc.com.cn/icbc/icbc_bhdc2vdv.cab (icbc_bhdc2vdvCom Class)
O16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cab (ICBC Security Ctrl)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab (AxSubmitControl Class)
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll (InfoSecICBCNetSign Class)
O16 - DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} https://mybank.icbc.com.cn/icbc/ICBCQPK_HH.cab (ICBCQPKCom_HH Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A51BA33-BEEE-4226-A46F-93F34FFF231A}: DhcpNameServer = 208.67.222.222 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59170D88-5A4F-42E7-8519-D635A450BEE3}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/02 14:56:12 | 000,000,043 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b076a430-2c69-11e3-bcad-00a0d1536ebf}\Shell - "" = AutoRun
O33 - MountPoints2\{b076a430-2c69-11e3-bcad-00a0d1536ebf}\Shell\AutoRun\command - "" = I:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 10:42:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\My Profile\Desktop\OTL.exe
[2014/02/06 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Local\GARMIN_Corp
[2014/02/04 17:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\kingsoft
[2014/02/04 17:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\MyDrivers
[2014/02/04 01:09:01 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/02/04 01:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/04 00:06:45 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Roaming\Malwarebytes
[2014/02/04 00:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/03 18:46:07 | 000,000,000 | ---D | C] -- D:\My Profile\My Documents\Deaths
[2014/02/03 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/02/03 16:54:30 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/02/03 13:53:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/02/03 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Roaming\AVG2014
[2014/02/03 13:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/02/03 13:15:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/02/03 13:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/02/03 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Local\Avg2014
[2014/02/02 18:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2014/02/02 18:21:28 | 000,085,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2014/02/02 00:14:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/02/02 00:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/02 00:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/02 00:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/02 00:13:41 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/02/02 00:13:29 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/02/02 00:13:29 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/02/02 00:13:29 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/02/02 00:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/02 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\2C0A
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\0C0A
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\0C04
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\0816
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\0804
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\0424
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\041F
[2014/02/01 00:14:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\041E
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\041D
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\041B
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0419
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0416
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0415
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0414
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0413
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0412
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0411
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0410
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\040E
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\040D
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\040C
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\040B
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\040A
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0409
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0408
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0406
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0405
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0404
[2014/02/01 00:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\0401
[2014/01/31 19:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2014/01/31 19:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Renesas Electronics
[2014/01/22 20:37:26 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2014/01/15 14:08:18 | 000,129,904 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\knbdrv.sys
[2014/01/15 13:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2014/01/15 13:42:20 | 001,161,760 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\AGRSM.sys
[2014/01/15 13:42:20 | 000,058,888 | ---- | C] (LSI Corporation) -- C:\Windows\agrsmdel.exe
[2014/01/15 13:42:20 | 000,013,824 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2014/01/15 13:42:00 | 001,425,208 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\LogiLDA.DLL
[2014/01/15 13:30:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2014/01/15 13:28:18 | 001,824,000 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2014/01/15 13:28:18 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2014/01/15 13:28:17 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2014/01/15 13:28:17 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2014/01/15 13:28:17 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2014/01/15 13:28:17 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2014/01/15 13:28:17 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2014/01/15 13:28:16 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2014/01/15 13:28:16 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2014/01/15 13:28:16 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2014/01/15 13:28:13 | 000,919,600 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2014/01/15 13:28:13 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2014/01/15 13:28:12 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2014/01/15 13:28:12 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2014/01/15 13:28:11 | 001,596,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2014/01/15 13:28:10 | 002,547,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2014/01/15 13:28:09 | 000,124,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2014/01/15 13:28:09 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2014/01/15 13:28:08 | 000,782,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2014/01/15 13:28:07 | 002,328,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2014/01/15 13:28:04 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2014/01/15 13:28:04 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2014/01/15 13:28:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2014/01/15 13:28:04 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2014/01/15 13:28:03 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2014/01/15 13:28:03 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2014/01/15 13:27:59 | 038,385,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2014/01/15 13:27:54 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2014/01/15 13:27:54 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2014/01/15 13:27:54 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2014/01/15 13:27:54 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2014/01/15 13:27:53 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2014/01/15 13:27:50 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2014/01/15 13:27:44 | 001,677,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2014/01/15 13:27:43 | 013,881,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2014/01/15 13:27:41 | 001,935,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2014/01/15 13:27:40 | 000,873,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2014/01/15 13:27:40 | 000,859,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2014/01/15 13:27:39 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2014/01/15 13:27:39 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2014/01/15 13:27:39 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2014/01/15 13:27:37 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2014/01/15 13:27:28 | 002,395,680 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2014/01/15 13:27:28 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2014/01/15 13:27:27 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2014/01/15 13:27:27 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2014/01/15 13:27:27 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2014/01/15 13:27:27 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2014/01/15 13:27:26 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2014/01/15 13:27:26 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2014/01/15 13:27:25 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2014/01/15 13:27:25 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2014/01/15 13:27:25 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2014/01/15 13:27:25 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2014/01/15 13:27:24 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2014/01/15 13:27:24 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2014/01/15 13:27:24 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2014/01/15 13:27:23 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2014/01/15 13:27:20 | 006,176,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPP32A.dll
[2014/01/15 13:27:20 | 001,489,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPD32A.dll
[2014/01/15 13:27:20 | 000,272,048 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPO32A.dll
[2014/01/15 13:27:20 | 000,219,312 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\DDPA32.dll
[2014/01/15 13:27:19 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2014/01/15 13:27:17 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2014/01/15 13:27:16 | 000,182,472 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2014/01/15 10:15:47 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/15 10:15:45 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/15 10:15:45 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/12 20:05:27 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Local\IsolatedStorage
[2014/01/12 20:04:34 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Local\Ancestry.com
[2014/01/12 20:03:47 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2014/01/12 20:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2014/01/12 20:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2014/01/12 20:03:24 | 000,000,000 | ---D | C] -- C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
[2014/01/12 20:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2014/01/12 20:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/01/12 20:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2010
[2014/01/12 20:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
[2014/01/12 20:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Family Tree Maker 2010
[2014/01/12 19:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailWasher Pro
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/09 10:46:51 | 000,025,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 10:46:51 | 000,025,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 10:45:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 10:42:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\My Profile\Desktop\OTL.exe
[2014/02/09 10:39:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/09 10:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/09 00:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/06 20:27:26 | 000,000,124 | ---- | M] () -- D:\My Profile\My Documents\ax_files.xml
[2014/02/05 22:37:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/05 22:37:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/02/04 19:50:29 | 000,000,600 | ---- | M] () -- C:\Users\makem\AppData\Local\PUTTY.RND
[2014/02/04 17:35:19 | 000,000,030 | ---- | M] () -- C:\Users\makem\AppData\Roaming\fixcfg.ini
[2014/02/04 01:09:01 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/02/03 19:47:18 | 000,000,600 | ---- | M] () -- C:\Users\makem\AppData\Roaming\winscp.rnd
[2014/02/03 14:27:36 | 000,007,605 | ---- | M] () -- C:\Users\makem\AppData\Local\Resmon.ResmonCfg
[2014/02/03 12:30:34 | 000,278,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/03 01:16:18 | 000,319,811 | ---- | M] () -- C:\Users\makem\AppData\Local\census.cache
[2014/02/03 01:15:55 | 000,128,601 | ---- | M] () -- C:\Users\makem\AppData\Local\ars.cache
[2014/02/03 00:20:53 | 000,000,036 | ---- | M] () -- C:\Users\makem\AppData\Local\housecall.guid.cache
[2014/02/02 22:08:48 | 000,007,680 | ---- | M] () -- C:\Users\makem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/02 18:35:18 | 000,129,904 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\knbdrv.sys
[2014/02/02 18:35:18 | 000,097,232 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\knbdrv64.sys
[2014/02/02 18:35:18 | 000,085,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2014/02/02 00:13:18 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/02/02 00:13:17 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/02/02 00:13:17 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/02/02 00:13:16 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/01/31 14:09:05 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/01/22 20:37:26 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2014/01/18 22:50:33 | 000,034,032 | ---- | M] () -- D:\My Profile\Desktop\Cap
[2014/01/16 23:35:09 | 000,001,511 | ---- | M] () -- D:\My Profile\Desktop\_SYNCAPP - Shortcut.lnk
[2014/01/15 14:06:11 | 000,001,107 | ---- | M] () -- C:\Users\makem\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2014/01/15 14:06:02 | 000,665,836 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/15 14:06:02 | 000,126,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/15 13:31:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/01/13 18:13:37 | 000,001,171 | ---- | M] () -- C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/04 22:31:52 | 000,002,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Streets & Trips 2002.lnk
[2014/02/03 14:27:36 | 000,007,605 | ---- | C] () -- C:\Users\makem\AppData\Local\Resmon.ResmonCfg
[2014/02/03 01:16:18 | 000,319,811 | ---- | C] () -- C:\Users\makem\AppData\Local\census.cache
[2014/02/03 01:15:55 | 000,128,601 | ---- | C] () -- C:\Users\makem\AppData\Local\ars.cache
[2014/02/03 00:20:53 | 000,000,036 | ---- | C] () -- C:\Users\makem\AppData\Local\housecall.guid.cache
[2014/01/18 22:04:45 | 000,034,032 | ---- | C] () -- D:\My Profile\Desktop\Cap
[2014/01/16 23:35:09 | 000,001,511 | ---- | C] () -- D:\My Profile\Desktop\_SYNCAPP - Shortcut.lnk
[2014/01/15 13:36:54 | 000,000,030 | ---- | C] () -- C:\Users\makem\AppData\Roaming\fixcfg.ini
[2014/01/15 13:31:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/01/15 13:28:11 | 005,681,192 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2014/01/15 13:28:03 | 000,681,905 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014/01/13 18:13:37 | 000,001,171 | ---- | C] () -- C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
[2013/12/10 22:07:59 | 000,000,850 | ---- | C] () -- C:\Users\makem\.recently-used.xbel
[2013/12/07 20:11:10 | 000,389,175 | ---- | C] () -- C:\Windows\System32\RsaFun.dll
[2013/12/07 20:11:10 | 000,282,734 | ---- | C] () -- C:\Windows\System32\NPCard.dll
[2013/12/07 20:11:10 | 000,099,744 | ---- | C] () -- C:\Windows\System32\jcutilHUAUK.dll
[2013/12/07 20:11:08 | 000,308,360 | ---- | C] () -- C:\Windows\System32\InputControl.dll
[2013/12/07 20:11:08 | 000,279,688 | ---- | C] () -- C:\Windows\System32\icbc_hhusbkey.dll
[2013/12/07 20:11:08 | 000,277,128 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
[2013/12/07 20:11:08 | 000,251,808 | ---- | C] () -- C:\Windows\System32\ClientBinding.dll
[2013/12/07 20:11:08 | 000,066,976 | ---- | C] () -- C:\Windows\System32\GDReadPub.dll
[2013/12/07 20:11:08 | 000,054,688 | ---- | C] () -- C:\Windows\System32\icbc_gdgetdv.dll
[2013/12/07 20:11:08 | 000,052,432 | ---- | C] () -- C:\Windows\System32\icbc_mwusbkey.dll
[2013/12/07 20:11:08 | 000,040,064 | ---- | C] () -- C:\Windows\System32\icbc_bhdcdv.dll
[2013/12/07 20:11:07 | 000,077,008 | ---- | C] () -- C:\Windows\System32\certInStall.dll
[2013/11/28 11:30:07 | 000,776,968 | ---- | C] () -- C:\Windows\System32\HHx64Setup.exe
[2013/11/28 11:30:06 | 000,357,160 | ---- | C] () -- C:\Windows\System32\hhpkcs1102.dll
[2013/11/28 11:30:06 | 000,148,312 | ---- | C] () -- C:\Windows\System32\hhukey3k02.dll
[2013/11/28 11:30:06 | 000,091,552 | ---- | C] () -- C:\Windows\System32\jcutilHUAUKLCD.dll
[2013/11/28 11:30:05 | 000,037,376 | ---- | C] () -- C:\Windows\System32\HHUKCSP02.dll
[2013/10/27 16:53:08 | 000,000,600 | ---- | C] () -- C:\Users\makem\AppData\Local\PUTTY.RND
[2013/10/24 12:34:47 | 000,007,680 | ---- | C] () -- C:\Users\makem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 13:57:22 | 000,000,994 | ---- | C] () -- C:\Users\makem\AppData\Local\InfosecCertInstall0
[2013/10/20 13:56:58 | 000,127,776 | ---- | C] () -- C:\Windows\System32\hhukapi.dll
[2013/10/20 13:56:16 | 000,066,752 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2013/10/20 13:56:15 | 000,980,160 | ---- | C] () -- C:\Windows\System32\CryptoKitAxForICBCAU_2HASH.dll
[2013/10/20 13:56:15 | 000,273,152 | ---- | C] () -- C:\Windows\System32\crycomp.dll
[2013/10/20 13:56:14 | 000,146,640 | ---- | C] () -- C:\Windows\System32\GDEraseCtrl.dll
[2013/10/20 13:56:09 | 000,269,584 | ---- | C] () -- C:\Windows\System32\GPKPCSC.dll
[2013/10/20 13:56:09 | 000,249,136 | ---- | C] () -- C:\Windows\System32\GPKPIN.dll
[2013/10/20 13:56:09 | 000,060,624 | ---- | C] () -- C:\Windows\System32\CEA_Crypt.dll
[2013/10/20 13:56:09 | 000,054,688 | ---- | C] () -- C:\Windows\System32\jcutilTdrUKLCD.dll
[2013/10/20 13:56:09 | 000,040,144 | ---- | C] () -- C:\Windows\System32\ChangPIN.dll
[2013/10/20 13:56:09 | 000,029,392 | ---- | C] () -- C:\Windows\System32\GEMPIN01.dll
[2013/10/20 13:56:08 | 000,050,592 | ---- | C] () -- C:\Windows\System32\jcutilgem101101.dll
[2013/10/20 13:56:08 | 000,046,496 | ---- | C] () -- C:\Windows\System32\hmukchk.dll
[2013/10/20 13:56:05 | 000,072,912 | ---- | C] () -- C:\Windows\System32\jcinHUAUK.dll
[2013/10/20 13:56:05 | 000,062,880 | ---- | C] () -- C:\Windows\System32\jcidHUAUK.dll
[2013/10/20 13:56:05 | 000,050,592 | ---- | C] () -- C:\Windows\System32\jcinGEM101.dll
[2013/10/20 13:56:05 | 000,050,592 | ---- | C] () -- C:\Windows\System32\jcidGEM101.dll
[2013/10/20 13:56:05 | 000,050,592 | ---- | C] () -- C:\Windows\System32\jcidGD84.dll
[2013/10/20 13:56:05 | 000,046,496 | ---- | C] () -- C:\Windows\System32\jcinGD84.dll
[2013/10/20 13:56:05 | 000,034,208 | ---- | C] () -- C:\Windows\System32\jcinWATCHK.dll
[2013/10/20 13:56:05 | 000,032,672 | ---- | C] () -- C:\Windows\System32\jcinGEM102.dll
[2013/10/20 13:56:05 | 000,028,576 | ---- | C] () -- C:\Windows\System32\jcidGEM102.dll
[2013/10/20 13:56:04 | 000,087,456 | ---- | C] () -- C:\Windows\System32\jcinTHTFUK.dll
[2013/10/20 13:56:04 | 000,079,264 | ---- | C] () -- C:\Windows\System32\jcidTHTFUK.dll
[2013/10/20 13:56:04 | 000,064,720 | ---- | C] () -- C:\Windows\System32\USBKey.dll
[2013/10/20 13:56:04 | 000,060,624 | ---- | C] () -- C:\Windows\System32\GDSetLET.dll
[2013/10/20 13:56:04 | 000,034,208 | ---- | C] () -- C:\Windows\System32\jcidWATCHK.dll
[2013/10/20 13:35:40 | 000,112,032 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2013/10/20 13:35:40 | 000,071,072 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2013/10/20 13:35:38 | 000,174,288 | ---- | C] () -- C:\Windows\System32\icbcclean.dll
[2013/10/12 16:47:01 | 000,004,096 | -H-- | C] () -- C:\Users\makem\AppData\Local\keyfile3.drm
[2013/10/04 17:11:39 | 000,038,427 | ---- | C] () -- C:\Users\makem\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/10/04 10:15:56 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2013/10/04 10:14:08 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2013/10/04 10:14:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2013/10/04 10:14:08 | 000,010,134 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2013/10/04 10:14:08 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2013/10/03 22:46:22 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2013/09/25 17:38:03 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/09/25 17:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/24 22:59:14 | 000,000,600 | ---- | C] () -- C:\Users\makem\AppData\Roaming\winscp.rnd
[2013/09/24 20:42:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/11 05:31:08 | 000,092,520 | ---- | C] () -- C:\Windows\System32\NP_jcutilHUAUKLCD.dll
[2012/11/20 14:46:04 | 000,107,936 | ---- | C] () -- C:\Windows\System32\ICBCQPK_HH.dll
[2012/11/15 09:43:42 | 000,328,912 | ---- | C] () -- C:\Windows\patchbld.dll
[2012/11/15 09:43:42 | 000,232,656 | ---- | C] () -- C:\Windows\PATCHW32.DLL
[2012/11/15 09:43:42 | 000,188,416 | ---- | C] () -- C:\Windows\BankThief.bin

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


OTL Extras logfile created on: 09/02/2014 10:46:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\My Profile\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 51.90% Memory free
5.99 Gb Paging File | 4.42 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.85 Gb Total Space | 18.72 Gb Free Space | 34.77% Space Free | Partition Type: NTFS
Drive D: | 244.14 Gb Total Space | 70.95 Gb Free Space | 29.06% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 9.48 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
Drive H: | 983.09 Mb Total Space | 983.08 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 30.03 Gb Total Space | 29.19 Gb Free Space | 97.19% Space Free | Partition Type: NTFS
Drive Y: | 339.67 Gb Total Space | 330.35 Gb Free Space | 97.26% Space Free | Partition Type: NTFS

Computer Name: NEWLAPPY | User Name: makem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2971882474-1144138496-3696702083-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A36EF-DD1B-4FFF-9038-D5BD5D61CF42}" = lport=445 | protocol=6 | dir=in | app=system |
"{05A17BC7-5F69-4284-A980-3B5920C5626F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17762D15-4EBA-437C-9511-BDE71DD67FFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1D65F972-FF95-4FBF-A791-C919969F165A}" = lport=138 | protocol=17 | dir=in | app=system |
"{2052F090-D8E0-47AD-AEE0-7D6022879BCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{276D9BB7-B0F0-4AA9-90B1-522788D47F59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33C02588-047B-4E4A-BC4A-17A78825F6BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35C9CEB0-5386-4A59-B644-7EF9DE19FEFB}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F2CD3B1-5FBB-49A0-98DA-158104038F58}" = rport=139 | protocol=6 | dir=out | app=system |
"{46050D7E-E5FE-441C-8601-39189F8C8FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7190E2DE-2615-4E9C-A29B-3614E4639EA3}" = lport=137 | protocol=17 | dir=in | app=system |
"{759478BA-AB69-4421-B1B4-CDDF054213BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8E1F8DAB-71D0-4CE0-AE1C-301A0F1F7535}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{907A23A4-0A81-469D-8F25-3518D725C62D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94024465-9D1B-49A5-9E6E-6AB13F48EA21}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9AE7B013-3CBF-47E1-83AA-468ED03188CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C2BF252-154D-4625-9BE1-9B4E594A52E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAD0E185-A5DC-436E-BB67-B8895BCD9144}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFAF7FE5-AA8F-4DFB-B344-114BF6841821}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7FB399E-EB69-4862-B2AB-DF15E69D34FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA4769E8-E72D-4991-BEC7-FBA9A3D8F9F5}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F8EAA6-02FC-49D4-B059-2D6ACA4F0A54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C7B4D04-A127-40B3-AC91-62F6D95A0C43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{145D18C3-B4F4-4026-AE6F-50AE69EBA56C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{587424F9-CA74-4587-B879-F75E9FE33D47}" = protocol=6 | dir=out | app=system |
"{975A1224-CFBC-49C3-A180-21386F062D51}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{98124D3D-9FC0-4C53-AE5F-7ECD01F48356}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3415DBE-FDFA-4E0E-9C01-AE41CD7B66CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADAAA039-B47D-4D5C-A872-66158256A654}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE812EF-EF7E-4663-9500-09887B099C3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4632AE1-F29E-43DF-BB0C-C0FEEB53D18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D91F5817-3C6A-463D-8B50-CD136B028384}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA900607-491A-4060-8072-F1D54B884FFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E70C77A6-06A4-46BA-9F95-40865CC12065}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E9F84884-3B87-4523-830A-B160A03B28B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EED3D4AA-6C93-498D-AAB1-A5304B178597}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F403F4E9-94BD-4A3F-9BC6-18D02FB34286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019210C1-32C8-423C-BEFD-763C8E7A188F}" = Microsoft Money
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money System Pack
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series" = Canon MG4200 series MP Drivers
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}" = Garmin POI Loader
"{3A76D8EA-E4DA-4C9B-BB65-7FDEB8AA57FF}" = ICBCEbankPlugins
"{3AB18A98-082D-41A1-B269-7FA8AD3AA30C}" = Garmin Express Tray
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{401C04AC-99A0-4DE2-879F-30D03A633FEF}" = AVG 2014
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5582719E-BB29-477B-BDD4-B494A746CE7D}" = Macromedia Dreamweaver 8
"{5FDF063D-ABB4-4AAB-A5CC-C7E110771324}" = ICBCEBankAssist
"{62BBDA21-1002-4B7E-8FCB-F75E509E5F0C}" = BHDC_LCD Ukey Client
"{6f60b921-2ae3-43fe-a6fb-ad849bd91451}" = Garmin Express
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{93156467-FD99-4A30-9CA5-8563F4BB8DB3}" = icbc_netbank_client_controls
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B3931BE3-3189-4A07-833C-50527AC4F2F4}" = Garmin Express
"{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = TIPCI
"{b64ca997-b626-4abb-a046-5ca2d92ed659}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{B77A308F-85F5-4D68-8CB5-313332CB2779}" = TOSHIBA Hardware Setup
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6436884-D620-4213-A7AD-5FE1FCB36D2E}" = ICBCSetupInput
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{D903B276-81AE-4AED-AEF9-45DACFBF16CE}" = TightVNC
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7CE0436-4E29-4EF8-B678-9747C60D81FB}" = 中国工商银行防钓鱼软件
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}" = Garmin BaseCamp
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E9C364-0DFD-434B-AF0D-3F5D095B3F8F}" = Elevated Installer
"{F312B2F8-A700-46D2-A2DD-BB758313EA2F}" = Macromedia Extension Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"27B21B818275954E98AB9C30CE8CF38E59FA66E4" = Windows Driver Package - LSI (AgereSoftModem) Modem (07/21/2009 2.2.97)
"497F28D36FB76129F2FDC947E265E1D551226EE2" = Windows Driver Package - TOSHIBA (FwLnk) System (07/07/2009 1.0.0.6)
"5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A" = Windows Driver Package - Logitech (HidUsb) HIDClass (08/31/2012 1.10.77.0)
"695CFD288064D5B9D072C610E63BDD3D3E4DE666" = Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 7.1
"Allway Sync_is1" = Allway Sync version 12.16.9
"AVG" = AVG 2014
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"DigiGuide TV Guide" = DigiGuide TV Guide
"Family Tree Maker 2010" = Family Tree Maker 2010
"Geany" = Geany 1.23.1
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"icbc_hh_usbkey2gchinese_plugin" = icbc_hh_usbkey2gchinese_plugin
"icbc_infosec_certenroll" = ICBC Infosec CertEnroll Plugins
"icbc_infosec_netsign" = ICBC Infosec NetSign Plugins
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"MailWasher Pro_is1" = MailWasher Pro
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"QuickPar" = QuickPar 0.9
"Rapport_msi" = Trusteer Endpoint Protection
"sp6" = Logitech SetPoint 6.61
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.1.2
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 5.01 (32-位)
"winscp3_is1" = WinSCP 5.1.7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/02/2014 09:44:16 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MyDrivers\DriverGenius2013\update\reboot_update\uninstall.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/02/2014 10:33:54 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MyDrivers\DriverGenius2013\update\kav\main\uninstall.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/02/2014 12:11:23 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MyDrivers\DriverGenius2013\update\kav\main\uninstall.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/02/2014 12:12:03 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MyDrivers\DriverGenius2013\update\reboot_update\uninstall.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/02/2014 12:12:09 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MyDrivers\DriverGenius2013\update\reboot_update\uninstall.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/02/2014 14:10:02 | Computer Name = newlappy | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mydrivers\drivergenius2013\delzip179.dll".Error
in manifest or policy file "c:\program files\mydrivers\drivergenius2013\delzip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 04/02/2014 14:10:05 | Computer Name = newlappy | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\mydrivers\drivergenius2013\drvinst64.exe".Error
in manifest or policy file "c:\program files\mydrivers\drivergenius2013\Microsoft.VC80.CRT.MANIFEST"
on line 4. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053".
Definition
is Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 04/02/2014 14:11:21 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\common
files\LogiShrd\sp6_uninstall\tools\64\AddBrowsers.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 06/02/2014 10:37:25 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\common
files\LogiShrd\sp6_uninstall\tools\64\AddBrowsers.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 08/02/2014 16:48:49 | Computer Name = newlappy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\common
files\LogiShrd\sp6_uninstall\tools\64\AddBrowsers.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 15/01/2014 09:46:03 | Computer Name = newlappy | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 15/01/2014 09:58:57 | Computer Name = newlappy | Source = Service Control Manager | ID = 7030
Description = The Kingsoft Core Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 15/01/2014 10:06:56 | Computer Name = newlappy | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 15/01/2014 10:07:25 | Computer Name = newlappy | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 15/01/2014 13:53:59 | Computer Name = newlappy | Source = Service Control Manager | ID = 7000
Description = The kisknl service failed to start due to the following error: %%2

Error - 15/01/2014 13:54:07 | Computer Name = newlappy | Source = Service Control Manager | ID = 7000
Description = The Kingsoft Core Service service failed to start due to the following
error: %%2

Error - 15/01/2014 13:55:57 | Computer Name = newlappy | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 15/01/2014 15:12:51 | Computer Name = newlappy | Source = Service Control Manager | ID = 7000
Description = The kisknl service failed to start due to the following error: %%2

Error - 15/01/2014 15:13:00 | Computer Name = newlappy | Source = Service Control Manager | ID = 7000
Description = The Kingsoft Core Service service failed to start due to the following
error: %%2

Error - 15/01/2014 15:14:44 | Computer Name = newlappy | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby wannabeageek » February 9th, 2014, 7:25 pm

Greetings no1so,

Please run the following.

Step 1.
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image


Step 2.
Junkware Removal Tool
  • Please download and run the following program: JRT.exe
  • Right-click JRT.exe and select " Run as administrator " to run it.
  • When the program is finished running, post the log JRT.txt in your next reply.


Step 3.
TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Please include in your next reply:
  1. Contents of C:\AdwCleaner[S?].txt
  2. Contents of JRT.txt
  3. Contents of TDSSKiller.2.4.0.0 24.07.2010 <The numbers will correlate to today's date and time.
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 9th, 2014, 9:11 pm

Scans as requested, thank you:

# AdwCleaner v3.018 - Report created 10/02/2014 at 00:27:37
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : makem - NEWLAPPY
# Running from : D:\My Profile\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tencent
Folder Deleted : C:\Program Files\Common Files\Tencent
Folder Deleted : C:\Users\makem\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\makem\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\makem\AppData\Roaming\Tencent

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (en-US)

*************************

AdwCleaner[R0].txt - [1569 octets] - [10/02/2014 00:24:32]
AdwCleaner[S0].txt - [1344 octets] - [10/02/2014 00:27:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1404 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x86
Ran by makem on 10/02/2014 at 0:36:21.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/02/2014 at 0:50:07.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I received a browser error when posting the scans:

Your message contains 111149 characters. The maximum number of allowed characters is 100000.

Therefore I have posted the TDSSkiller scan in the following post. (It may need to be posted in two parts)
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 9th, 2014, 9:19 pm

I received a second browser error so have poste TDSSkiller in two parts:

Your message contains 108769 characters. The maximum number of allowed characters is 100000.

Third scan as requested:

00:54:34.0511 0x1104 TDSS rootkit removing tool 3.0.0.22 Feb 3 2014 16:45:35
00:54:40.0912 0x1104 ============================================================
00:54:40.0912 0x1104 Current date / time: 2014/02/10 00:54:40.0912
00:54:40.0912 0x1104 SystemInfo:
00:54:40.0912 0x1104
00:54:40.0912 0x1104 OS Version: 6.1.7601 ServicePack: 1.0
00:54:40.0912 0x1104 Product type: Workstation
00:54:40.0912 0x1104 ComputerName: NEWLAPPY
00:54:40.0912 0x1104 UserName: makem
00:54:40.0912 0x1104 Windows directory: C:\Windows
00:54:40.0912 0x1104 System windows directory: C:\Windows
00:54:40.0912 0x1104 Processor architecture: Intel x86
00:54:40.0912 0x1104 Number of processors: 2
00:54:40.0912 0x1104 Page size: 0x1000
00:54:40.0912 0x1104 Boot type: Normal boot
00:54:40.0912 0x1104 ============================================================
00:54:42.0736 0x1104 KLMD registered as C:\Windows\system32\drivers\20979955.sys
00:54:42.0896 0x1104 System UUID: {B6415CA4-76A6-0B1E-3650-BED64D4527DD}
00:54:43.0596 0x1104 Drive \Device\Harddisk1\DR1 - Size: 0x3D7E2000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x3E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x20, Type 'K0', Flags 0x00000050
00:54:43.0606 0x1104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:54:43.0616 0x1104 Drive \Device\Harddisk1\DR1 - Size: 0x3D7E2000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x3E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x20, Type 'A'
00:54:43.0616 0x1104 Drive \Device\Harddisk1\DR1 - Size: 0x3D7E2000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x3E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x20, Type 'W'
00:54:43.0626 0x1104 Drive \Device\Harddisk2\DR2 - Size: 0x3B98FA000 (14.90 Gb), SectorSize: 0x200, Cylinders: 0x798, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:54:43.0626 0x1104 ============================================================
00:54:43.0626 0x1104 \Device\Harddisk1\DR1:
00:54:43.0636 0x1104 MBR partitions:
00:54:43.0636 0x1104 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBAE1
00:54:43.0636 0x1104 \Device\Harddisk0\DR0:
00:54:43.0636 0x1104 MBR partitions:
00:54:43.0636 0x1104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:54:43.0636 0x1104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6BB3000
00:54:43.0636 0x1104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6BE5800, BlocksNum 0x1E848000
00:54:43.0636 0x1104 \Device\Harddisk1\DR1:
00:54:43.0636 0x1104 MBR partitions:
00:54:43.0636 0x1104 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBAE1
00:54:43.0636 0x1104 \Device\Harddisk2\DR2:
00:54:43.0636 0x1104 MBR partitions:
00:54:43.0636 0x1104 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1DCC661
00:54:43.0636 0x1104 ============================================================
00:54:43.0656 0x1104 C: <-> \Device\Harddisk0\DR0\Partition2
00:54:43.0686 0x1104 D: <-> \Device\Harddisk0\DR0\Partition3
00:54:43.0686 0x1104 ============================================================
00:54:43.0686 0x1104 Initialize success
00:54:43.0686 0x1104 ============================================================
00:54:46.0706 0x1704 ============================================================
00:54:46.0706 0x1704 Scan started
00:54:46.0706 0x1704 Mode: Manual;
00:54:46.0706 0x1704 ============================================================
00:54:46.0706 0x1704 KSN ping started
00:54:49.0540 0x1704 KSN ping finished: true
00:54:50.0290 0x1704 ================ Scan system memory ========================
00:54:50.0300 0x1704 System memory - ok
00:54:50.0300 0x1704 ================ Scan services =============================
00:54:50.0450 0x1704 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:54:50.0460 0x1704 1394ohci - ok
00:54:50.0540 0x1704 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:54:50.0550 0x1704 ACPI - ok
00:54:50.0560 0x1704 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:54:50.0560 0x1704 AcpiPmi - ok
00:54:50.0660 0x1704 [ 1CDA8B4C6575D7E53D1FE0ADAEE45961, 377D49AEEA2AB26955F92877CB9B09B54CC8553DE4CD89FDF36C082B4F2758E6 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
00:54:50.0690 0x1704 AcrSch2Svc - ok
00:54:50.0790 0x1704 [ EA91221CF2E4F89707014A8238AA3A61, 27B6A675507C9F96D9E7558DD014FBD99B6A3D51CB78B300513BA8D86A5F60AA ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
00:54:50.0840 0x1704 acssrv - ok
00:54:50.0880 0x1704 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:54:50.0880 0x1704 AdobeARMservice - ok
00:54:50.0930 0x1704 [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:54:50.0930 0x1704 AdobeFlashPlayerUpdateSvc - ok
00:54:50.0980 0x1704 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:54:51.0000 0x1704 adp94xx - ok
00:54:51.0030 0x1704 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:54:51.0050 0x1704 adpahci - ok
00:54:51.0060 0x1704 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:54:51.0070 0x1704 adpu320 - ok
00:54:51.0100 0x1704 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:54:51.0110 0x1704 AeLookupSvc - ok
00:54:51.0130 0x1704 [ 53696AD8FFC5FAC51949A525FF65A689, 6233D5407670052A922897B7845DDEE285794613C9F58183D38726FB15B27944 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
00:54:51.0140 0x1704 afcdp - ok
00:54:51.0260 0x1704 [ AF44F7E027037628F1FAC3C13CDE73E6, 56A95EBF2241C275FD401487C5F0E86859F8637D8B1BD01B7157EE9BC22B1907 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
00:54:51.0382 0x1704 afcdpsrv - ok
00:54:51.0432 0x1704 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
00:54:51.0452 0x1704 AFD - ok
00:54:51.0472 0x1704 [ 5C4125D2AF6DDBB6422CE5F6E9BE7098, 0FF8D2F3D14AB2391C116B80E36CDC5FE322EF9018CABE11F5F7CFAB5E21D65F ] afw C:\Windows\system32\DRIVERS\afw.sys
00:54:51.0472 0x1704 afw - ok
00:54:51.0502 0x1704 [ C223C5327FF06330B0251F1830FEE1AF, 410987FB3401FD4A1B7232E1EA230F94776DACBE383D43C677CDA50A59CDC5FE ] afwcore C:\Windows\system32\drivers\afwcore.sys
00:54:51.0522 0x1704 afwcore - ok
00:54:51.0542 0x1704 [ 1CB677BF1DABD3BAF4F944E2C90D6C73, 099466E899BB7BA176C42DB15D0D4946DC15845CA051BDACF3BE767157AB90BD ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
00:54:51.0552 0x1704 AgereModemAudio - ok
00:54:51.0592 0x1704 [ 07758C2196A62F207F77556311E7459A, E63C4BE29CA03907FC8E23D65D1D6CF517D22AA7F5C341E42777101AF1CAB2D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
00:54:51.0632 0x1704 AgereSoftModem - ok
00:54:51.0662 0x1704 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
00:54:51.0662 0x1704 agp440 - ok
00:54:51.0672 0x1704 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
00:54:51.0682 0x1704 aic78xx - ok
00:54:51.0692 0x1704 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
00:54:51.0702 0x1704 ALG - ok
00:54:51.0712 0x1704 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
00:54:51.0722 0x1704 aliide - ok
00:54:51.0732 0x1704 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:54:51.0742 0x1704 amdagp - ok
00:54:51.0762 0x1704 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
00:54:51.0762 0x1704 amdide - ok
00:54:51.0792 0x1704 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:54:51.0802 0x1704 AmdK8 - ok
00:54:51.0812 0x1704 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:54:51.0812 0x1704 AmdPPM - ok
00:54:51.0842 0x1704 [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:54:51.0842 0x1704 amdsata - ok
00:54:51.0862 0x1704 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:54:51.0872 0x1704 amdsbs - ok
00:54:51.0892 0x1704 [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:54:51.0892 0x1704 amdxata - ok
00:54:51.0912 0x1704 [ 0E46FDA73FD47FA4C61223E45187F7D5, 52241FBBAB07150C865B461D3F065250C3653A4D1BD80E4A21A65FFCB8CDA6B6 ] androidusb C:\Windows\system32\Drivers\androidusb.sys
00:54:51.0922 0x1704 androidusb - ok
00:54:51.0942 0x1704 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
00:54:51.0952 0x1704 AppID - ok
00:54:51.0962 0x1704 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:54:51.0972 0x1704 AppIDSvc - ok
00:54:52.0002 0x1704 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
00:54:52.0002 0x1704 Appinfo - ok
00:54:52.0032 0x1704 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:54:52.0042 0x1704 AppMgmt - ok
00:54:52.0052 0x1704 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
00:54:52.0062 0x1704 arc - ok
00:54:52.0082 0x1704 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:54:52.0092 0x1704 arcsas - ok
00:54:52.0182 0x1704 [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:54:52.0182 0x1704 aspnet_state - ok
00:54:52.0222 0x1704 [ 722213A5C09B21C0E6E61F4082F0C683, B2F96A3279278E041DDAD2FF3CC7D953C37391CDCEB3A0DD161ABF154D762121 ] ASWFilt C:\Windows\system32\Filt\ASWFilt.dll
00:54:52.0232 0x1704 ASWFilt - ok
00:54:52.0242 0x1704 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:54:52.0252 0x1704 AsyncMac - ok
00:54:52.0262 0x1704 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
00:54:52.0262 0x1704 atapi - ok
00:54:52.0302 0x1704 [ 2039E24FE00639A9123DCD6F22D42D74, 39B069EEE84FB5300674773CC14ABF8DDC081DF6D3049FDE7775A886CC05684B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
00:54:52.0322 0x1704 Ati External Event Utility - ok
00:54:52.0512 0x1704 [ D2E9ACB68FA61C911CC21E07F87705BF, FF4E2D8DF7DC014CF92046CA0F320CAA20D0C41B3EEF15FDDE45DAF0AEA046B2 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:54:52.0652 0x1704 atikmdag - ok
00:54:52.0702 0x1704 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:54:52.0712 0x1704 AudioEndpointBuilder - ok
00:54:52.0742 0x1704 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:54:52.0762 0x1704 Audiosrv - ok
00:54:52.0822 0x1704 [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
00:54:52.0822 0x1704 Avgdiskx - ok
00:54:52.0972 0x1704 [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
00:54:53.0052 0x1704 AVGIDSAgent - ok
00:54:53.0102 0x1704 [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
00:54:53.0112 0x1704 AVGIDSDriver - ok
00:54:53.0132 0x1704 [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
00:54:53.0132 0x1704 AVGIDSHX - ok
00:54:53.0152 0x1704 [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
00:54:53.0152 0x1704 AVGIDSShim - ok
00:54:53.0182 0x1704 [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
00:54:53.0182 0x1704 Avgldx86 - ok
00:54:53.0222 0x1704 [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
00:54:53.0232 0x1704 Avglogx - ok
00:54:53.0242 0x1704 [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
00:54:53.0252 0x1704 Avgmfx86 - ok
00:54:53.0282 0x1704 [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
00:54:53.0282 0x1704 Avgrkx86 - ok
00:54:53.0312 0x1704 [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
00:54:53.0322 0x1704 Avgtdix - ok
00:54:53.0352 0x1704 [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
00:54:53.0362 0x1704 avgwd - ok
00:54:53.0422 0x1704 [ 7692F4B242E45870873CAF4CB85CF769, 9D28627FD73F62134792528A9D2F2FCCBB0FDD7E45D8D7D816B9FC3C07AE4CA2 ] AxAutoMntSrv C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
00:54:53.0422 0x1704 AxAutoMntSrv - ok
00:54:53.0462 0x1704 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:54:53.0462 0x1704 AxInstSV - ok
00:54:53.0502 0x1704 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
00:54:53.0532 0x1704 b06bdrv - ok
00:54:53.0572 0x1704 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:54:53.0582 0x1704 b57nd60x - ok
00:54:53.0612 0x1704 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
00:54:53.0612 0x1704 BDESVC - ok
00:54:53.0632 0x1704 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
00:54:53.0632 0x1704 Beep - ok
00:54:53.0672 0x1704 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
00:54:53.0692 0x1704 BFE - ok
00:54:53.0742 0x1704 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
00:54:53.0772 0x1704 BITS - ok
00:54:53.0802 0x1704 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:54:53.0802 0x1704 blbdrive - ok
00:54:53.0832 0x1704 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:54:53.0832 0x1704 bowser - ok
00:54:53.0842 0x1704 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:54:53.0852 0x1704 BrFiltLo - ok
00:54:53.0862 0x1704 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:54:53.0862 0x1704 BrFiltUp - ok
00:54:53.0892 0x1704 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
00:54:53.0902 0x1704 Browser - ok
00:54:53.0922 0x1704 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:54:53.0932 0x1704 Brserid - ok
00:54:53.0942 0x1704 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:54:53.0952 0x1704 BrSerWdm - ok
00:54:53.0972 0x1704 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:54:53.0972 0x1704 BrUsbMdm - ok
00:54:53.0992 0x1704 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:54:53.0992 0x1704 BrUsbSer - ok
00:54:54.0002 0x1704 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:54:54.0012 0x1704 BthEnum - ok
00:54:54.0032 0x1704 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:54:54.0032 0x1704 BTHMODEM - ok
00:54:54.0062 0x1704 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:54:54.0072 0x1704 BthPan - ok
00:54:54.0112 0x1704 [ C2FBF6D271D9A94D839C416BF186EAD9, 492F8344BD2E354C3525E1E535A1BAAAC17A38EE01868B986AC112E33B3B2A66 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:54:54.0132 0x1704 BTHPORT - ok
00:54:54.0152 0x1704 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
00:54:54.0162 0x1704 bthserv - ok
00:54:54.0172 0x1704 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:54:54.0182 0x1704 BTHUSB - ok
00:54:54.0192 0x1704 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:54:54.0202 0x1704 cdfs - ok
00:54:54.0222 0x1704 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:54:54.0232 0x1704 cdrom - ok
00:54:54.0242 0x1704 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
00:54:54.0252 0x1704 CertPropSvc - ok
00:54:54.0292 0x1704 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:54:54.0292 0x1704 circlass - ok
00:54:54.0332 0x1704 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
00:54:54.0342 0x1704 CLFS - ok
00:54:54.0392 0x1704 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:54:54.0392 0x1704 clr_optimization_v2.0.50727_32 - ok
00:54:54.0412 0x1704 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:54:54.0442 0x1704 clr_optimization_v4.0.30319_32 - ok
00:54:54.0462 0x1704 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:54:54.0462 0x1704 CmBatt - ok
00:54:54.0482 0x1704 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:54:54.0482 0x1704 cmdide - ok
00:54:54.0522 0x1704 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
00:54:54.0532 0x1704 CNG - ok
00:54:54.0552 0x1704 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:54:54.0552 0x1704 Compbatt - ok
00:54:54.0582 0x1704 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:54:54.0582 0x1704 CompositeBus - ok
00:54:54.0592 0x1704 COMSysApp - ok
00:54:54.0612 0x1704 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:54:54.0612 0x1704 crcdisk - ok
00:54:54.0652 0x1704 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:54:54.0652 0x1704 CryptSvc - ok
00:54:54.0692 0x1704 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
00:54:54.0712 0x1704 CSC - ok
00:54:54.0752 0x1704 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
00:54:54.0772 0x1704 CscService - ok
00:54:54.0822 0x1704 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
00:54:54.0842 0x1704 DcomLaunch - ok
00:54:54.0882 0x1704 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
00:54:54.0892 0x1704 defragsvc - ok
00:54:54.0922 0x1704 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:54:54.0922 0x1704 DfsC - ok
00:54:54.0942 0x1704 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:54:54.0952 0x1704 Dhcp - ok
00:54:54.0972 0x1704 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
00:54:54.0972 0x1704 discache - ok
00:54:54.0982 0x1704 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:54:54.0992 0x1704 Disk - ok
00:54:55.0022 0x1704 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:54:55.0022 0x1704 Dnscache - ok
00:54:55.0052 0x1704 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
00:54:55.0062 0x1704 dot3svc - ok
00:54:55.0072 0x1704 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
00:54:55.0082 0x1704 DPS - ok
00:54:55.0112 0x1704 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:54:55.0112 0x1704 drmkaud - ok
00:54:55.0162 0x1704 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:54:55.0202 0x1704 DXGKrnl - ok
00:54:55.0232 0x1704 [ 20DE769B84960606D8DBB2AEC123021A, 3099D99E5D107D9A7301A8521F09EB3FD19C0E934EC061850395BCC1A1279B88 ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
00:54:55.0242 0x1704 E100B - ok
00:54:55.0272 0x1704 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
00:54:55.0282 0x1704 EapHost - ok
00:54:55.0412 0x1704 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
00:54:55.0522 0x1704 ebdrv - ok
00:54:55.0562 0x1704 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe
00:54:55.0572 0x1704 EFS - ok
00:54:55.0632 0x1704 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:54:55.0652 0x1704 ehRecvr - ok
00:54:55.0682 0x1704 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
00:54:55.0692 0x1704 ehSched - ok
00:54:55.0722 0x1704 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:54:55.0752 0x1704 elxstor - ok
00:54:55.0762 0x1704 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:54:55.0762 0x1704 ErrDev - ok
00:54:55.0812 0x1704 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
00:54:55.0822 0x1704 EventSystem - ok
00:54:55.0842 0x1704 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
00:54:55.0862 0x1704 exfat - ok
00:54:55.0882 0x1704 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:54:55.0892 0x1704 fastfat - ok
00:54:55.0932 0x1704 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
00:54:55.0952 0x1704 Fax - ok
00:54:55.0972 0x1704 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:54:55.0982 0x1704 fdc - ok
00:54:55.0992 0x1704 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
00:54:56.0002 0x1704 fdPHost - ok
00:54:56.0022 0x1704 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
00:54:56.0022 0x1704 FDResPub - ok
00:54:56.0042 0x1704 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:54:56.0052 0x1704 FileInfo - ok
00:54:56.0062 0x1704 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:54:56.0062 0x1704 Filetrace - ok
00:54:56.0089 0x1704 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:54:56.0093 0x1704 flpydisk - ok
00:54:56.0104 0x1704 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:54:56.0114 0x1704 FltMgr - ok
00:54:56.0164 0x1704 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
00:54:56.0184 0x1704 FontCache - ok
00:54:56.0254 0x1704 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:54:56.0264 0x1704 FontCache3.0.0.0 - ok
00:54:56.0284 0x1704 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:54:56.0294 0x1704 FsDepends - ok
00:54:56.0314 0x1704 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:54:56.0314 0x1704 Fs_Rec - ok
00:54:56.0344 0x1704 [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:54:56.0354 0x1704 fvevol - ok
00:54:56.0374 0x1704 [ 0F76E205BDC60364F08A5949082771CA, 13990BAE670BB37A683135FBEA4E93DFAC413099493F495E22BDDB81AD73D899 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
00:54:56.0374 0x1704 FwLnk - ok
00:54:56.0394 0x1704 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:54:56.0404 0x1704 gagp30kx - ok
00:54:56.0484 0x1704 [ 876D29312C0A297EEE28F3DA30A994E8, 09FD1AA8BA3BD8222CAB1FB915EF673D7A1C1604B0D7E78AB5F3A965D9D94886 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
00:54:56.0504 0x1704 Garmin Core Update Service - ok
00:54:56.0564 0x1704 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
00:54:56.0584 0x1704 gpsvc - ok
00:54:56.0614 0x1704 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:54:56.0624 0x1704 gupdate - ok
00:54:56.0634 0x1704 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:54:56.0634 0x1704 gupdatem - ok
00:54:56.0644 0x1704 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:54:56.0654 0x1704 hcw85cir - ok
00:54:56.0694 0x1704 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:54:56.0704 0x1704 HdAudAddService - ok
00:54:56.0724 0x1704 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:54:56.0734 0x1704 HDAudBus - ok
00:54:56.0744 0x1704 HHVReader - ok
00:54:56.0774 0x1704 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:54:56.0784 0x1704 HidBatt - ok
00:54:56.0814 0x1704 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:54:56.0824 0x1704 HidBth - ok
00:54:56.0864 0x1704 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:54:56.0864 0x1704 HidIr - ok
00:54:56.0894 0x1704 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
00:54:56.0904 0x1704 hidserv - ok
00:54:56.0934 0x1704 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:54:56.0944 0x1704 HidUsb - ok
00:54:56.0964 0x1704 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
00:54:56.0974 0x1704 hkmsvc - ok
00:54:56.0999 0x1704 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:54:57.0016 0x1704 HomeGroupListener - ok
00:54:57.0056 0x1704 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:54:57.0076 0x1704 HomeGroupProvider - ok
00:54:57.0103 0x1704 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:54:57.0108 0x1704 HpSAMD - ok
00:54:57.0148 0x1704 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:54:57.0158 0x1704 HTTP - ok
00:54:57.0180 0x1704 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:54:57.0184 0x1704 hwpolicy - ok
00:54:57.0200 0x1704 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:54:57.0210 0x1704 i8042prt - ok
00:54:57.0240 0x1704 [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:54:57.0250 0x1704 iaStorV - ok
00:54:57.0350 0x1704 [ B9DD6769F58109A1D2B872F6621BE15E, 8CBEF344FD30DF051695C97138285FF6AE9DC1F18396EFAC5221549CE50B72D9 ] ICBC Daemon Service C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
00:54:57.0360 0x1704 ICBC Daemon Service - ok
00:54:57.0405 0x1704 [ 8727FB6C5DCA4564A51F4513C0BA0683, 4B1BD8D4B135A59DA723B0525A5AA8910209274AA4FA211C1051BB00E4BE3489 ] icbckeyflt2 C:\Windows\icbckeyflt.sys
00:54:57.0409 0x1704 icbckeyflt2 - ok
00:54:57.0462 0x1704 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:54:57.0492 0x1704 idsvc - ok
00:54:57.0512 0x1704 IEEtwCollectorService - ok
00:54:57.0542 0x1704 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:54:57.0542 0x1704 iirsp - ok
00:54:57.0592 0x1704 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
00:54:57.0622 0x1704 IKEEXT - ok
00:54:57.0742 0x1704 [ 816EEF1A714ABF9A633F478EFAC8F24C, 362492F5922781CE1AD6EB3DC8415BBEC736A5046BF6D9E82C69BADDE86048B8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:54:57.0852 0x1704 IntcAzAudAddService - ok
00:54:57.0882 0x1704 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
00:54:57.0882 0x1704 intelide - ok
00:54:57.0902 0x1704 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:54:57.0912 0x1704 intelppm - ok
00:54:57.0942 0x1704 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:54:57.0952 0x1704 IPBusEnum - ok
00:54:57.0962 0x1704 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:54:57.0972 0x1704 IpFilterDriver - ok
00:54:58.0012 0x1704 [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:54:58.0032 0x1704 iphlpsvc - ok
00:54:58.0062 0x1704 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:54:58.0062 0x1704 IPMIDRV - ok
00:54:58.0082 0x1704 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:54:58.0092 0x1704 IPNAT - ok
00:54:58.0102 0x1704 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:54:58.0112 0x1704 IRENUM - ok
00:54:58.0122 0x1704 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:54:58.0132 0x1704 isapnp - ok
00:54:58.0152 0x1704 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:54:58.0162 0x1704 iScsiPrt - ok
00:54:58.0182 0x1704 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:54:58.0192 0x1704 kbdclass - ok
00:54:58.0202 0x1704 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:54:58.0212 0x1704 kbdhid - ok
00:54:58.0222 0x1704 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe
00:54:58.0222 0x1704 KeyIso - ok
00:54:58.0252 0x1704 kisknl - ok
00:54:58.0302 0x1704 [ 87922085849E4EA7552260C77D4AF2FE, 3691C87B67D695F45D599A6BB2FDA64441B93F55248B0984B553F44C451690CA ] ksapi C:\Windows\system32\drivers\ksapi.sys
00:54:58.0312 0x1704 ksapi - ok
00:54:58.0342 0x1704 [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:54:58.0342 0x1704 KSecDD - ok
00:54:58.0372 0x1704 [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:54:58.0382 0x1704 KSecPkg - ok
00:54:58.0422 0x1704 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:54:58.0442 0x1704 KtmRm - ok
00:54:58.0452 0x1704 kxescore - ok
00:54:58.0482 0x1704 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:54:58.0492 0x1704 LanmanServer - ok
00:54:58.0522 0x1704 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:54:58.0532 0x1704 LanmanWorkstation - ok
00:54:58.0572 0x1704 [ FF9E074CCC950398C7D293E1D4D003B3, 542104549F47BB99E9B93503485E7FDA50CAECB6B8C05D00752446DBE69A006B ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:54:58.0592 0x1704 LBTServ - ok
00:54:58.0622 0x1704 [ 59CED2543392EB10B2E8FEAE87A5D248, 3C412D8CB95AF1591D97884B6E3A1761C9EBC8FB66FC44820B47AB7AAEDB195F ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
00:54:58.0632 0x1704 LEqdUsb - ok
00:54:58.0652 0x1704 [ 26163F0F1C2636AE3FFF7C54600204A5, ED0BC7A1B70706896E2CF4909ECE472C3F28D515ECA8251CE907129CBAEE678B ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
00:54:58.0652 0x1704 LHidEqd - ok
00:54:58.0672 0x1704 [ 74EA099C3D9DAD3A657BD89ED4A81C6D, AE0AED792857458CBBEDAD02462FDB5B687D06F5A33547A3EBB39812513BCEDA ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:54:58.0682 0x1704 LHidFilt - ok
00:54:58.0712 0x1704 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:54:58.0712 0x1704 lltdio - ok
00:54:58.0742 0x1704 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:54:58.0762 0x1704 lltdsvc - ok
00:54:58.0792 0x1704 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:54:58.0802 0x1704 lmhosts - ok
00:54:58.0812 0x1704 [ E9D42CDD5BD22BE28247B77953735650, A3CB9B62278830A40150C079370431B71BF5D04240CCE48D116D467D94006402 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:54:58.0812 0x1704 LMouFilt - ok
00:54:58.0842 0x1704 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:54:58.0852 0x1704 LSI_FC - ok
00:54:58.0882 0x1704 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:54:58.0882 0x1704 LSI_SAS - ok
00:54:58.0902 0x1704 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:54:58.0912 0x1704 LSI_SAS2 - ok
00:54:58.0932 0x1704 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:54:58.0932 0x1704 LSI_SCSI - ok
00:54:58.0952 0x1704 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
00:54:58.0952 0x1704 luafv - ok
00:54:58.0972 0x1704 [ 3C7B3072C3C5CC23F5FD46F8DFDA7480, E685963025BA3C0A4D1C806C0563B224BC976CA4C99FBCDCF22EDA30B11A596A ] massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
00:54:58.0972 0x1704 massfilter_hs - ok
00:54:59.0002 0x1704 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:54:59.0012 0x1704 Mcx2Svc - ok
00:54:59.0022 0x1704 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:54:59.0022 0x1704 megasas - ok
00:54:59.0052 0x1704 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:54:59.0062 0x1704 MegaSR - ok
00:54:59.0082 0x1704 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
00:54:59.0082 0x1704 MMCSS - ok
00:54:59.0102 0x1704 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
00:54:59.0112 0x1704 Modem - ok
00:54:59.0132 0x1704 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:54:59.0132 0x1704 monitor - ok
00:54:59.0162 0x1704 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:54:59.0172 0x1704 mouclass - ok
00:54:59.0182 0x1704 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:54:59.0192 0x1704 mouhid - ok
00:54:59.0202 0x1704 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:54:59.0212 0x1704 mountmgr - ok
00:54:59.0242 0x1704 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:54:59.0252 0x1704 MozillaMaintenance - ok
00:54:59.0282 0x1704 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
00:54:59.0292 0x1704 mpio - ok
00:54:59.0312 0x1704 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:54:59.0312 0x1704 mpsdrv - ok
00:54:59.0362 0x1704 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:54:59.0382 0x1704 MpsSvc - ok
00:54:59.0412 0x1704 [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:54:59.0422 0x1704 MRxDAV - ok
00:54:59.0452 0x1704 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:54:59.0462 0x1704 mrxsmb - ok
00:54:59.0482 0x1704 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:54:59.0492 0x1704 mrxsmb10 - ok
00:54:59.0512 0x1704 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:54:59.0512 0x1704 mrxsmb20 - ok
00:54:59.0532 0x1704 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
00:54:59.0532 0x1704 msahci - ok
00:54:59.0562 0x1704 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:54:59.0562 0x1704 msdsm - ok
00:54:59.0592 0x1704 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
00:54:59.0602 0x1704 MSDTC - ok
00:54:59.0622 0x1704 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:54:59.0632 0x1704 Msfs - ok
00:54:59.0652 0x1704 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:54:59.0662 0x1704 mshidkmdf - ok
00:54:59.0682 0x1704 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:54:59.0682 0x1704 msisadrv - ok
00:54:59.0722 0x1704 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:54:59.0722 0x1704 MSiSCSI - ok
00:54:59.0732 0x1704 msiserver - ok
00:54:59.0762 0x1704 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:54:59.0762 0x1704 MSKSSRV - ok
00:54:59.0782 0x1704 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:54:59.0792 0x1704 MSPCLOCK - ok
00:54:59.0802 0x1704 [ F456E973590D663B1073E9C463B40932,
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 9th, 2014, 9:22 pm

Last part of TDSSkiller scan:

48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:54:59.0812 0x1704 MSPQM - ok
00:54:59.0832 0x1704 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:54:59.0842 0x1704 MsRPC - ok
00:54:59.0862 0x1704 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:54:59.0872 0x1704 mssmbios - ok
00:54:59.0892 0x1704 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:54:59.0902 0x1704 MSTEE - ok
00:54:59.0922 0x1704 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:54:59.0922 0x1704 MTConfig - ok
00:54:59.0932 0x1704 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
00:54:59.0942 0x1704 Mup - ok
00:54:59.0972 0x1704 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
00:54:59.0992 0x1704 napagent - ok
00:55:00.0032 0x1704 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:55:00.0042 0x1704 NativeWifiP - ok
00:55:00.0092 0x1704 [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:55:00.0112 0x1704 NDIS - ok
00:55:00.0142 0x1704 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:55:00.0142 0x1704 NdisCap - ok
00:55:00.0162 0x1704 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:00.0172 0x1704 NdisTapi - ok
00:55:00.0202 0x1704 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:00.0202 0x1704 Ndisuio - ok
00:55:00.0222 0x1704 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:00.0232 0x1704 NdisWan - ok
00:55:00.0262 0x1704 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:55:00.0262 0x1704 NDProxy - ok
00:55:00.0292 0x1704 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:55:00.0292 0x1704 NetBIOS - ok
00:55:00.0322 0x1704 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:55:00.0332 0x1704 NetBT - ok
00:55:00.0342 0x1704 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe
00:55:00.0352 0x1704 Netlogon - ok
00:55:00.0392 0x1704 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
00:55:00.0412 0x1704 Netman - ok
00:55:00.0442 0x1704 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:55:00.0442 0x1704 NetMsmqActivator - ok
00:55:00.0462 0x1704 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:55:00.0472 0x1704 NetPipeActivator - ok
00:55:00.0502 0x1704 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
00:55:00.0512 0x1704 netprofm - ok
00:55:00.0522 0x1704 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:55:00.0532 0x1704 NetTcpActivator - ok
00:55:00.0552 0x1704 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:55:00.0552 0x1704 NetTcpPortSharing - ok
00:55:00.0712 0x1704 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
00:55:00.0867 0x1704 netw5v32 - ok
00:55:01.0134 0x1704 [ D4EF7A9767C05905500EC312CB29EF46, 464DE67D1BE3A3A684206B2D494FEE723FB5B6559F3783EF929352F22B0A9492 ] NETwLv32 C:\Windows\system32\DRIVERS\NETwLv32.sys
00:55:01.0394 0x1704 NETwLv32 - ok
00:55:01.0459 0x1704 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:55:01.0464 0x1704 nfrd960 - ok
00:55:01.0486 0x1704 [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:55:01.0496 0x1704 NlaSvc - ok
00:55:01.0516 0x1704 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:55:01.0516 0x1704 Npfs - ok
00:55:01.0546 0x1704 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
00:55:01.0556 0x1704 nsi - ok
00:55:01.0566 0x1704 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:55:01.0576 0x1704 nsiproxy - ok
00:55:01.0666 0x1704 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:55:01.0696 0x1704 Ntfs - ok
00:55:01.0716 0x1704 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
00:55:01.0716 0x1704 Null - ok
00:55:01.0746 0x1704 [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:55:01.0746 0x1704 nvraid - ok
00:55:01.0776 0x1704 [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:55:01.0776 0x1704 nvstor - ok
00:55:01.0816 0x1704 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:55:01.0816 0x1704 nv_agp - ok
00:55:01.0836 0x1704 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:55:01.0846 0x1704 ohci1394 - ok
00:55:01.0876 0x1704 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:55:01.0886 0x1704 ose - ok
00:55:01.0936 0x1704 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:55:01.0946 0x1704 p2pimsvc - ok
00:55:01.0986 0x1704 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
00:55:02.0006 0x1704 p2psvc - ok
00:55:02.0026 0x1704 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:55:02.0036 0x1704 Parport - ok
00:55:02.0056 0x1704 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:55:02.0066 0x1704 partmgr - ok
00:55:02.0076 0x1704 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
00:55:02.0086 0x1704 Parvdm - ok
00:55:02.0106 0x1704 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:55:02.0116 0x1704 PcaSvc - ok
00:55:02.0136 0x1704 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
00:55:02.0146 0x1704 pci - ok
00:55:02.0176 0x1704 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
00:55:02.0176 0x1704 pciide - ok
00:55:02.0196 0x1704 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:55:02.0206 0x1704 pcmcia - ok
00:55:02.0226 0x1704 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
00:55:02.0226 0x1704 pcw - ok
00:55:02.0266 0x1704 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:55:02.0286 0x1704 PEAUTH - ok
00:55:02.0346 0x1704 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:55:02.0386 0x1704 PeerDistSvc - ok
00:55:02.0506 0x1704 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
00:55:02.0566 0x1704 pla - ok
00:55:02.0616 0x1704 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:55:02.0636 0x1704 PlugPlay - ok
00:55:02.0646 0x1704 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:55:02.0656 0x1704 PNRPAutoReg - ok
00:55:02.0676 0x1704 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:55:02.0686 0x1704 PNRPsvc - ok
00:55:02.0726 0x1704 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:55:02.0746 0x1704 PolicyAgent - ok
00:55:02.0786 0x1704 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
00:55:02.0796 0x1704 Power - ok
00:55:02.0836 0x1704 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:55:02.0846 0x1704 PptpMiniport - ok
00:55:02.0876 0x1704 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:55:02.0886 0x1704 Processor - ok
00:55:02.0916 0x1704 [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc C:\Windows\system32\profsvc.dll
00:55:02.0926 0x1704 ProfSvc - ok
00:55:02.0946 0x1704 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:55:02.0946 0x1704 ProtectedStorage - ok
00:55:02.0986 0x1704 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:55:02.0986 0x1704 Psched - ok
00:55:03.0056 0x1704 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:55:03.0106 0x1704 ql2300 - ok
00:55:03.0136 0x1704 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:55:03.0136 0x1704 ql40xx - ok
00:55:03.0186 0x1704 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
00:55:03.0196 0x1704 QWAVE - ok
00:55:03.0216 0x1704 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:55:03.0216 0x1704 QWAVEdrv - ok
00:55:03.0296 0x1704 [ AB51E1F08C8E789D6C9E8B94D15BE9A9, 35386087B0D57D181FE39E4AFBFFE4DB5B827DACA6D87F1F5563B26547993E24 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
00:55:03.0316 0x1704 RapportCerberus_59849 - ok
00:55:03.0356 0x1704 [ 528534113F229E56C2F22202AE2589B2, BB32E84C30D8806B0DA727312D39B19F29A924D346E42593FABFFA8BDAE01D08 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
00:55:03.0366 0x1704 RapportEI - ok
00:55:03.0396 0x1704 [ A2882E8E32852F1FC46BB7ACF3E9F1B5, E0AFA723DE37EB46FE311DBD6BA7B07B119D7680581DB7DA12441401A849B0CB ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
00:55:03.0396 0x1704 RapportKELL - ok
00:55:03.0466 0x1704 [ B22ACB059BD52A7091C54F16AEE8F040, 91548AC65FC3580A0B059C24B4C5F670A688F143293FE88707685252AE52BA1F ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
00:55:03.0506 0x1704 RapportMgmtService - ok
00:55:03.0536 0x1704 [ A621844BCFAED0DDF5808B032E296AED, 5280C6A5C30322F69FA79696F97503CC420CCCC07868FD9A6ACC380EC4AE2CBF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
00:55:03.0546 0x1704 RapportPG - ok
00:55:03.0566 0x1704 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:55:03.0566 0x1704 RasAcd - ok
00:55:03.0606 0x1704 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:55:03.0616 0x1704 RasAgileVpn - ok
00:55:03.0636 0x1704 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
00:55:03.0646 0x1704 RasAuto - ok
00:55:03.0666 0x1704 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:55:03.0676 0x1704 Rasl2tp - ok
00:55:03.0706 0x1704 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
00:55:03.0726 0x1704 RasMan - ok
00:55:03.0746 0x1704 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:55:03.0756 0x1704 RasPppoe - ok
00:55:03.0776 0x1704 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:55:03.0786 0x1704 RasSstp - ok
00:55:03.0826 0x1704 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:55:03.0836 0x1704 rdbss - ok
00:55:03.0856 0x1704 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:55:03.0856 0x1704 rdpbus - ok
00:55:03.0886 0x1704 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:55:03.0886 0x1704 RDPCDD - ok
00:55:03.0926 0x1704 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:55:03.0936 0x1704 RDPDR - ok
00:55:03.0956 0x1704 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:55:03.0956 0x1704 RDPENCDD - ok
00:55:03.0986 0x1704 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:55:03.0996 0x1704 RDPREFMP - ok
00:55:04.0036 0x1704 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:55:04.0046 0x1704 RDPWD - ok
00:55:04.0076 0x1704 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:55:04.0086 0x1704 rdyboost - ok
00:55:04.0116 0x1704 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:55:04.0126 0x1704 RemoteAccess - ok
00:55:04.0146 0x1704 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:55:04.0176 0x1704 RemoteRegistry - ok
00:55:04.0206 0x1704 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:55:04.0216 0x1704 RFCOMM - ok
00:55:04.0236 0x1704 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:55:04.0246 0x1704 RpcEptMapper - ok
00:55:04.0276 0x1704 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
00:55:04.0286 0x1704 RpcLocator - ok
00:55:04.0316 0x1704 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
00:55:04.0336 0x1704 RpcSs - ok
00:55:04.0356 0x1704 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:55:04.0366 0x1704 rspndr - ok
00:55:04.0406 0x1704 [ C21FD607A44431AD46DE0C9DE460CBA2, 90CE660EE7175F5BC7D5DA0BA60FDCEDC8498670923ED7F9C25F3FA759525101 ] rusb3hub C:\Windows\system32\DRIVERS\rusb3hub.sys
00:55:04.0416 0x1704 rusb3hub - ok
00:55:04.0456 0x1704 [ E5436758907467E9921124FF598A703A, 3344916EBD76C763FA6978A954EFAE8BF03260074D14C7C31C43523C3392EF75 ] rusb3xhc C:\Windows\system32\DRIVERS\rusb3xhc.sys
00:55:04.0466 0x1704 rusb3xhc - ok
00:55:04.0496 0x1704 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:55:04.0496 0x1704 s3cap - ok
00:55:04.0516 0x1704 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs C:\Windows\system32\lsass.exe
00:55:04.0516 0x1704 SamSs - ok
00:55:04.0566 0x1704 [ E5118CD3FEEDE70318A78D7D7A613DA9, 05937D30A479A41958B7D7F1E54CAAEEC0E531E069C306C9D8DF85E764F01225 ] SandBox C:\Windows\system32\drivers\SandBox.sys
00:55:04.0586 0x1704 SandBox - ok
00:55:04.0606 0x1704 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:55:04.0616 0x1704 sbp2port - ok
00:55:04.0636 0x1704 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:55:04.0656 0x1704 SCardSvr - ok
00:55:04.0676 0x1704 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:55:04.0686 0x1704 scfilter - ok
00:55:04.0736 0x1704 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
00:55:04.0756 0x1704 Schedule - ok
00:55:04.0806 0x1704 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:55:04.0806 0x1704 SCPolicySvc - ok
00:55:04.0836 0x1704 [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:55:04.0846 0x1704 sdbus - ok
00:55:04.0876 0x1704 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:55:04.0886 0x1704 SDRSVC - ok
00:55:04.0906 0x1704 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:55:04.0916 0x1704 secdrv - ok
00:55:04.0946 0x1704 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
00:55:04.0956 0x1704 seclogon - ok
00:55:04.0976 0x1704 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
00:55:04.0986 0x1704 SENS - ok
00:55:05.0026 0x1704 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:55:05.0026 0x1704 SensrSvc - ok
00:55:05.0056 0x1704 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:55:05.0056 0x1704 Serenum - ok
00:55:05.0086 0x1704 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:55:05.0086 0x1704 Serial - ok
00:55:05.0106 0x1704 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:55:05.0116 0x1704 sermouse - ok
00:55:05.0176 0x1704 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
00:55:05.0186 0x1704 SessionEnv - ok
00:55:05.0206 0x1704 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:55:05.0206 0x1704 sffdisk - ok
00:55:05.0236 0x1704 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:55:05.0236 0x1704 sffp_mmc - ok
00:55:05.0256 0x1704 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:55:05.0256 0x1704 sffp_sd - ok
00:55:05.0286 0x1704 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:55:05.0296 0x1704 sfloppy - ok
00:55:05.0356 0x1704 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:55:05.0376 0x1704 SharedAccess - ok
00:55:05.0416 0x1704 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:55:05.0426 0x1704 ShellHWDetection - ok
00:55:05.0456 0x1704 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:55:05.0456 0x1704 sisagp - ok
00:55:05.0486 0x1704 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:55:05.0486 0x1704 SiSRaid2 - ok
00:55:05.0516 0x1704 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:55:05.0516 0x1704 SiSRaid4 - ok
00:55:05.0556 0x1704 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:55:05.0566 0x1704 SkypeUpdate - ok
00:55:05.0586 0x1704 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:55:05.0596 0x1704 Smb - ok
00:55:05.0656 0x1704 [ EB49860E776CE860DC3CFB9EDB1BA517, 58921700F379F66BA2A777D56F0C03AF299B13D33711A2F96C540D0F46ACEFF5 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
00:55:05.0656 0x1704 snapman - ok
00:55:05.0676 0x1704 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:55:05.0686 0x1704 SNMPTRAP - ok
00:55:05.0706 0x1704 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
00:55:05.0716 0x1704 spldr - ok
00:55:05.0756 0x1704 [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler C:\Windows\System32\spoolsv.exe
00:55:05.0766 0x1704 Spooler - ok
00:55:05.0906 0x1704 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
00:55:06.0046 0x1704 sppsvc - ok
00:55:06.0076 0x1704 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:55:06.0086 0x1704 sppuinotify - ok
00:55:06.0126 0x1704 [ CBEAEA2729985BFB260641AB424E0166, 2FCED2951D5A1ACF93150BB0CA2293CCBE4227EBAAEA8438A78B5AFC6591F375 ] sptd C:\Windows\System32\Drivers\sptd.sys
00:55:06.0136 0x1704 sptd - ok
00:55:06.0186 0x1704 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:55:06.0196 0x1704 srv - ok
00:55:06.0216 0x1704 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:55:06.0226 0x1704 srv2 - ok
00:55:06.0256 0x1704 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:55:06.0256 0x1704 srvnet - ok
00:55:06.0296 0x1704 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:55:06.0306 0x1704 SSDPSRV - ok
00:55:06.0336 0x1704 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:55:06.0336 0x1704 SstpSvc - ok
00:55:06.0426 0x1704 [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
00:55:06.0436 0x1704 StarWindServiceAE - ok
00:55:06.0456 0x1704 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:55:06.0466 0x1704 stexstor - ok
00:55:06.0516 0x1704 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
00:55:06.0536 0x1704 StiSvc - ok
00:55:06.0556 0x1704 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:55:06.0556 0x1704 storflt - ok
00:55:06.0586 0x1704 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
00:55:06.0596 0x1704 StorSvc - ok
00:55:06.0626 0x1704 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:55:06.0626 0x1704 storvsc - ok
00:55:06.0656 0x1704 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
00:55:06.0656 0x1704 swenum - ok
00:55:06.0686 0x1704 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
00:55:06.0716 0x1704 swprv - ok
00:55:06.0756 0x1704 [ 5F063814F39156F5D26578BB745A4723, 41109EC767F2B05F1CC99CCC0F40091A8C3050DA5BE18331C8675C4D94C71773 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:55:06.0776 0x1704 SynTP - ok
00:55:06.0876 0x1704 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
00:55:06.0906 0x1704 SysMain - ok
00:55:06.0936 0x1704 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
00:55:06.0946 0x1704 TabletInputService - ok
00:55:06.0986 0x1704 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
00:55:06.0996 0x1704 TapiSrv - ok
00:55:07.0026 0x1704 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
00:55:07.0026 0x1704 TBS - ok
00:55:07.0126 0x1704 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:55:07.0156 0x1704 Tcpip - ok
00:55:07.0226 0x1704 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:55:07.0256 0x1704 TCPIP6 - ok
00:55:07.0296 0x1704 [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:55:07.0306 0x1704 tcpipreg - ok
00:55:07.0356 0x1704 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:55:07.0356 0x1704 TDPIPE - ok
00:55:07.0406 0x1704 [ 431801FCC97034E04A6EFF81136578D7, E061662D21FBECAEFDE939727E5892A8ED41C58C4D8738C2447777FB123FA2C3 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
00:55:07.0426 0x1704 tdrpman273 - ok
00:55:07.0446 0x1704 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:55:07.0446 0x1704 TDTCP - ok
00:55:07.0476 0x1704 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:55:07.0476 0x1704 tdx - ok
00:55:07.0496 0x1704 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:55:07.0506 0x1704 TermDD - ok
00:55:07.0556 0x1704 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
00:55:07.0576 0x1704 TermService - ok
00:55:07.0606 0x1704 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
00:55:07.0616 0x1704 Themes - ok
00:55:07.0636 0x1704 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
00:55:07.0646 0x1704 THREADORDER - ok
00:55:07.0696 0x1704 [ 28B7F973C36D157A7885B1AE42A4A2A9, BB8EEE9D38F1AFFF0E9667C9DBEB6E9C41AA099FACC7CEABAFE38C0612EAB724 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
00:55:07.0706 0x1704 tifm21 - ok
00:55:07.0756 0x1704 [ A34D7024BB7140EC785C86BC065D4F60, 4E4BB508AF2C8330BF0C5C49F1796CEB4B81E8AE8ABF4387FC0A8F18ACB8B47F ] timounter C:\Windows\system32\DRIVERS\timntr.sys
00:55:07.0776 0x1704 timounter - ok
00:55:07.0856 0x1704 [ 85EDF7A274435E4DF051BB23F8E01581, 2B0F963B0BB2BB38204156D1F5044089233ED41DD74F4389C8062929D937BE73 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:55:07.0876 0x1704 TosCoSrv - ok
00:55:07.0926 0x1704 [ F95208D35A9667C58CF8122EE22805A6, 80A72F21EE1E96753E90DDD87FA9BEACDF11E1A92FCDF01AFB499E751DA0613B ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
00:55:07.0936 0x1704 TOSHIBA Bluetooth Service - ok
00:55:07.0966 0x1704 [ 90AFA1A4451BBBEE87C9F18A665D8121, 592AE754F117018E8777C541437544E1BC7FD93F460F3EE5DDBBC150448BFBD7 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
00:55:07.0976 0x1704 tosporte - ok
00:55:08.0006 0x1704 [ 8B5E7545E0659745CB094BB1DE85B06A, F70D7B9295B39BD21AB4EEF238A58AEA3B1EE6D62C8D0FD4C467409D414FB24F ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
00:55:08.0016 0x1704 tosrfbd - ok
00:55:08.0046 0x1704 [ 75CD3C238A0FFC66C4581C3870C09314, 6D4690961ACEF48AEF630C6486A489D4CEB6BCF4ABCC81E70A30004B7569A270 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
00:55:08.0056 0x1704 tosrfbnp - ok
00:55:08.0096 0x1704 [ B551D3F266DDA311256F963E8CFD1E9B, 49724855BCC945F5DBFCD48282156DE9B1DD7B88FC6181710587156D655E1F24 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
00:55:08.0096 0x1704 Tosrfcom - ok
00:55:08.0126 0x1704 [ 51BAA142744E236C3A886479CAD99A06, B033630835D9274B7C8223FBCA89FB6D10DB084E4778295F978E19EB2919961F ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
00:55:08.0126 0x1704 tosrfec - ok
00:55:08.0146 0x1704 [ F3E8762163EE87F3AC95537584CF5B4F, C01B30E764F187022E48C6BE8BD648D53CB4065973B176B5EA03FD13BAA2C9CB ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
00:55:08.0156 0x1704 Tosrfhid - ok
00:55:08.0176 0x1704 [ B2A1A6538245FD69578224BBF2FD4677, 0393ECF2541A269169BA23D007266750958CD35E05FA7FCBEE1CF9727E07D9C4 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
00:55:08.0176 0x1704 tosrfnds - ok
00:55:08.0206 0x1704 [ 3DE5CBB4F8EB64563CE08E8EC7458D03, C993E67C3C5CD0190CC4EA622641621BA9D163528C06F009B7F1A8C7CB1BC488 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
00:55:08.0206 0x1704 TosRfSnd - ok
00:55:08.0236 0x1704 [ AF5126FB6E9ED41C99AB7A10E98729CD, A191CE117619C87AD98F2965EC4D01D890CE46ED7C0BCD0F719178BE1B7681FE ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
00:55:08.0236 0x1704 Tosrfusb - ok
00:55:08.0289 0x1704 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
00:55:08.0296 0x1704 TrkWks - ok
00:55:08.0358 0x1704 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:55:08.0368 0x1704 TrustedInstaller - ok
00:55:08.0428 0x1704 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:55:08.0428 0x1704 tssecsrv - ok
00:55:08.0458 0x1704 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:55:08.0468 0x1704 TsUsbFlt - ok
00:55:08.0498 0x1704 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:55:08.0508 0x1704 tunnel - ok
00:55:08.0528 0x1704 [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:55:08.0528 0x1704 TVALZ - ok
00:55:08.0568 0x1704 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:55:08.0568 0x1704 uagp35 - ok
00:55:08.0608 0x1704 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:55:08.0618 0x1704 udfs - ok
00:55:08.0668 0x1704 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:55:08.0681 0x1704 UI0Detect - ok
00:55:08.0710 0x1704 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:55:08.0720 0x1704 uliagpkx - ok
00:55:08.0750 0x1704 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
00:55:08.0760 0x1704 umbus - ok
00:55:08.0790 0x1704 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:55:08.0790 0x1704 UmPass - ok
00:55:08.0840 0x1704 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
00:55:08.0860 0x1704 UmRdpService - ok
00:55:08.0880 0x1704 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
00:55:08.0900 0x1704 upnphost - ok
00:55:08.0940 0x1704 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:55:08.0950 0x1704 usbaudio - ok
00:55:08.0970 0x1704 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:55:08.0980 0x1704 usbccgp - ok
00:55:09.0020 0x1704 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:55:09.0020 0x1704 usbcir - ok
00:55:09.0050 0x1704 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:55:09.0060 0x1704 usbehci - ok
00:55:09.0090 0x1704 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:55:09.0100 0x1704 usbhub - ok
00:55:09.0130 0x1704 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:55:09.0130 0x1704 usbohci - ok
00:55:09.0160 0x1704 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:55:09.0160 0x1704 usbprint - ok
00:55:09.0202 0x1704 [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:55:09.0202 0x1704 usbscan - ok
00:55:09.0232 0x1704 [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:55:09.0242 0x1704 USBSTOR - ok
00:55:09.0262 0x1704 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:55:09.0272 0x1704 usbuhci - ok
00:55:09.0312 0x1704 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
00:55:09.0312 0x1704 UxSms - ok
00:55:09.0332 0x1704 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc C:\Windows\system32\lsass.exe
00:55:09.0342 0x1704 VaultSvc - ok
00:55:09.0362 0x1704 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:55:09.0362 0x1704 vdrvroot - ok
00:55:09.0402 0x1704 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
00:55:09.0432 0x1704 vds - ok
00:55:09.0462 0x1704 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:55:09.0462 0x1704 vga - ok
00:55:09.0492 0x1704 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:55:09.0492 0x1704 VgaSave - ok
00:55:09.0522 0x1704 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:55:09.0522 0x1704 vhdmp - ok
00:55:09.0542 0x1704 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:55:09.0552 0x1704 viaagp - ok
00:55:09.0572 0x1704 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
00:55:09.0582 0x1704 ViaC7 - ok
00:55:09.0622 0x1704 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
00:55:09.0622 0x1704 viaide - ok
00:55:09.0652 0x1704 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:55:09.0662 0x1704 vmbus - ok
00:55:09.0682 0x1704 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:55:09.0692 0x1704 VMBusHID - ok
00:55:09.0722 0x1704 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:55:09.0722 0x1704 volmgr - ok
00:55:09.0762 0x1704 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:55:09.0772 0x1704 volmgrx - ok
00:55:09.0802 0x1704 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:55:09.0812 0x1704 volsnap - ok
00:55:09.0842 0x1704 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:55:09.0852 0x1704 vsmraid - ok
00:55:09.0922 0x1704 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
00:55:09.0962 0x1704 VSS - ok
00:55:09.0992 0x1704 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:55:10.0002 0x1704 vwifibus - ok
00:55:10.0042 0x1704 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
00:55:10.0052 0x1704 W32Time - ok
00:55:10.0092 0x1704 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:55:10.0102 0x1704 WacomPen - ok
00:55:10.0132 0x1704 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:55:10.0142 0x1704 WANARP - ok
00:55:10.0162 0x1704 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:55:10.0162 0x1704 Wanarpv6 - ok
00:55:10.0242 0x1704 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:55:10.0292 0x1704 WatAdminSvc - ok
00:55:10.0362 0x1704 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
00:55:10.0422 0x1704 wbengine - ok
00:55:10.0452 0x1704 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:55:10.0462 0x1704 WbioSrvc - ok
00:55:10.0512 0x1704 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:55:10.0522 0x1704 wcncsvc - ok
00:55:10.0552 0x1704 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:55:10.0562 0x1704 WcsPlugInService - ok
00:55:10.0572 0x1704 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:55:10.0582 0x1704 Wd - ok
00:55:10.0632 0x1704 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:55:10.0642 0x1704 Wdf01000 - ok
00:55:10.0692 0x1704 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:55:10.0702 0x1704 WdiServiceHost - ok
00:55:10.0722 0x1704 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:55:10.0732 0x1704 WdiSystemHost - ok
00:55:10.0782 0x1704 [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient C:\Windows\System32\webclnt.dll
00:55:10.0792 0x1704 WebClient - ok
00:55:10.0842 0x1704 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:55:10.0852 0x1704 Wecsvc - ok
00:55:10.0902 0x1704 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:55:10.0912 0x1704 wercplsupport - ok
00:55:10.0952 0x1704 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
00:55:10.0962 0x1704 WerSvc - ok
00:55:10.0982 0x1704 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:55:10.0982 0x1704 WfpLwf - ok
00:55:11.0012 0x1704 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:55:11.0012 0x1704 WIMMount - ok
00:55:11.0102 0x1704 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:55:11.0132 0x1704 WinDefend - ok
00:55:11.0182 0x1704 WinHttpAutoProxySvc - ok
00:55:11.0254 0x1704 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:55:11.0254 0x1704 Winmgmt - ok
00:55:11.0324 0x1704 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
00:55:11.0374 0x1704 WinRM - ok
00:55:11.0464 0x1704 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:55:11.0464 0x1704 WinUsb - ok
00:55:11.0544 0x1704 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:55:11.0564 0x1704 Wlansvc - ok
00:55:11.0594 0x1704 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:55:11.0604 0x1704 WmiAcpi - ok
00:55:11.0654 0x1704 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:55:11.0664 0x1704 wmiApSrv - ok
00:55:11.0734 0x1704 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:55:11.0784 0x1704 WMPNetworkSvc - ok
00:55:11.0814 0x1704 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:55:11.0814 0x1704 WPCSvc - ok
00:55:11.0844 0x1704 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:55:11.0854 0x1704 WPDBusEnum - ok
00:55:11.0874 0x1704 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:55:11.0884 0x1704 ws2ifsl - ok
00:55:11.0904 0x1704 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
00:55:11.0914 0x1704 wscsvc - ok
00:55:11.0934 0x1704 WSearch - ok
00:55:12.0054 0x1704 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
00:55:12.0134 0x1704 wuauserv - ok
00:55:12.0166 0x1704 [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:55:12.0176 0x1704 WudfPf - ok
00:55:12.0206 0x1704 [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:55:12.0216 0x1704 WUDFRd - ok
00:55:12.0246 0x1704 [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:55:12.0246 0x1704 wudfsvc - ok
00:55:12.0276 0x1704 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:55:12.0296 0x1704 WwanSvc - ok
00:55:12.0346 0x1704 [ 9A6D1584F6883D8C31CD54E9E02C2207, 8BEBA499EEC4C8DCDF533423A7C67CAC9A455D4148F573B912A652E093678AB5 ] zghsdiag C:\Windows\system32\DRIVERS\zghsdiag.sys
00:55:12.0356 0x1704 zghsdiag - ok
00:55:12.0386 0x1704 [ 6CABA3992E8D2939CAA6AAE0431BA7FB, 3FD577290082CB3EE3F239DA8490AC8B6175F9DC1DDB642C64D1BC6C6CAE531C ] zghsmdm C:\Windows\system32\DRIVERS\zghsmdm.sys
00:55:12.0386 0x1704 zghsmdm - ok
00:55:12.0416 0x1704 [ 67105D8BC8B6DB4562A52B091CC9B7B5, DFB790B0BC940A3990C6014DAFC601294EB0DA69FAC7FAC48381D01DEAC4534E ] zghsnmea C:\Windows\system32\DRIVERS\zghsnmea.sys
00:55:12.0426 0x1704 zghsnmea - ok
00:55:12.0496 0x1704 ================ Scan global ===============================
00:55:12.0536 0x1704 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
00:55:12.0556 0x1704 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
00:55:12.0586 0x1704 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
00:55:12.0616 0x1704 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
00:55:12.0656 0x1704 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
00:55:12.0666 0x1704 [ Global ] - ok
00:55:12.0666 0x1704 ================ Scan MBR ==================================
00:55:12.0706 0x1704 [ 20C15EF2111B8472BBFE5E65B7C949E6 ] \Device\Harddisk1\DR1
00:55:25.0366 0x1704 \Device\Harddisk1\DR1 - ok
00:55:25.0426 0x1704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:55:25.0666 0x1704 \Device\Harddisk0\DR0 - ok
00:55:25.0706 0x1704 [ 20C15EF2111B8472BBFE5E65B7C949E6 ] \Device\Harddisk1\DR1
00:55:25.0756 0x1704 \Device\Harddisk1\DR1 - ok
00:55:25.0766 0x1704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
00:55:25.0766 0x1704 \Device\Harddisk2\DR2 - ok
00:55:25.0766 0x1704 ================ Scan VBR ==================================
00:55:25.0786 0x1704 [ 449F2D276C35929C9F34AA2D3E04ED3A ] \Device\Harddisk1\DR1\Partition1
00:55:25.0786 0x1704 \Device\Harddisk1\DR1\Partition1 - ok
00:55:25.0786 0x1704 [ 481289DF6350BB2ED9A7B806614E22EF ] \Device\Harddisk0\DR0\Partition1
00:55:25.0796 0x1704 \Device\Harddisk0\DR0\Partition1 - ok
00:55:25.0806 0x1704 [ 2E1928A97E658D21039FBE85D48FB465 ] \Device\Harddisk0\DR0\Partition2
00:55:25.0806 0x1704 \Device\Harddisk0\DR0\Partition2 - ok
00:55:25.0816 0x1704 [ 60F0E3C108F174FA785698C6A10AA139 ] \Device\Harddisk0\DR0\Partition3
00:55:25.0816 0x1704 \Device\Harddisk0\DR0\Partition3 - ok
00:55:25.0836 0x1704 [ 449F2D276C35929C9F34AA2D3E04ED3A ] \Device\Harddisk1\DR1\Partition1
00:55:25.0836 0x1704 \Device\Harddisk1\DR1\Partition1 - ok
00:55:25.0846 0x1704 [ 3C4A795E6F9151C60444D19B031921A3 ] \Device\Harddisk2\DR2\Partition1
00:55:25.0846 0x1704 \Device\Harddisk2\DR2\Partition1 - ok
00:55:25.0916 0x1704 AV detected via SS2: AVG AntiVirus 2014, C:\Program Files\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
00:55:25.0926 0x1704 FW detected via SS2: Outpost Firewall Pro, C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe ( 7.10.3415.12204 ), 0x41010 ( enabled )
00:55:28.0936 0x1704 ============================================================
00:55:28.0936 0x1704 Scan finished
00:55:28.0936 0x1704 ============================================================
00:55:28.0956 0x0a5c Detected object count: 0
00:55:28.0956 0x0a5c Actual detected object count: 0

Two points to note:

1. tdsskiller needed upgrade - upgrade was used to scan.
2. My Profile which includes Desktop, all browser data, My Documents etc is in a folder on D: drive. Will this affect your procedure?

I received a browser errors when posting the scans:

Your message contains 111149 characters. The maximum number of allowed characters is 100000.
Your message contains 108769 characters. The maximum number of allowed characters is 100000.

This resulted in the need to split the post into three.
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby wannabeageek » February 10th, 2014, 10:34 pm

Hi no1so,

Please run the following:

Step 1.
FRST - Farbar Recovery Scanner Tool for Vista-W7 Image

Please download FRST.exe ... by Farbar. Save it to your desktop.
  1. Double-click to run it. When the tool opens click Yes to disclaimer.
  2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  3. Please copy/paste FRST.txt it to your reply.
    The first time the tool is run, it makes also another log... Addition.txt.
  4. Please copy/paste Addition.txt in your reply.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!


Please include in your next reply:
  1. Contents of FRST.txt
  2. Contents of Addition.txt
  3. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 11th, 2014, 1:20 pm

Logs as requested thank you:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by makem (administrator) on NEWLAPPY on 11-02-2014 10:46:47
Running from D:\My Profile\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(中国工商银行) C:\Windows\System32\hhukcert02.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Allway Sync\Bin\syncappw.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Firetrust Ltd) C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
() C:\Program Files\DigiGuide TV Guide\digiguide.exe
(Microsoft) C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [OutpostFeedBack] - C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [491272 2011-02-04] (Agnitum Ltd.)
HKLM\...\Run: [OutpostMonitor] - C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe [2898592 2011-02-04] (Agnitum Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-02-06] (Synaptics Incorporated)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [hhukcert02] - C:\Windows\system32\hhukcert02.exe [109400 2011-10-11] (中国工商银行)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20585120 2013-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-10-10] ()
HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2971882474-1144138496-3696702083-1001\...\MountPoints2: {b076a430-2c69-11e3-bcad-00a0d1536ebf} - I:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
Startup: C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
ShortcutTarget: DigiGuide TV Guide.lnk -> C:\Program Files\DigiGuide TV Guide\Client.exe (GipsyMedia Limited)
Startup: C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?f=1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?f=1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: ICBC Anti-Phishing class - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll
DPF: {3D14998A-4CFB-4FC8-A98D-A24F05E4ED88} https://mybank.icbc.com.cn/icbc/icbc_bhdc2vdv.cab
DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} https://mybank.icbc.com.cn/icbc/ICBCQPK_HH.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\makem\AppData\Roaming\Mozilla\Firefox\D:\My Profile\Firefox Profile
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @icbc.com.cn/npicbc_hh_usbkey2gchinese - C:\Program Files\ICBCEbankTools\ICBCEbankPlugin\npicbc_hh_usbkey2gchinese.dll (北京华虹电子系统有限责任公司)
FF Plugin: @icbc.com.cn/npicbc_infosec_certenroll - C:\Program Files\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_certenroll.dll ()
FF Plugin: @icbc.com.cn/npicbc_infosec_netsign - C:\Program Files\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_netsign.dll ( )
FF Plugin: @icbc/icbc_ms_npClCache,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll ()
FF Plugin: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll ( )
FF Plugin: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll ()
FF Plugin: @icbc/icbc_ms_npsubmit,Version=1.0.0.7 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll ( )
FF Plugin: @icbc/icbc_ms_npxxin,Version=1.0.0.8 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll ( )
FF Plugin: @icbc/npAssistComm,Version=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kingsfot.com/npkws - c:\program files\kingsoft\ijinshan_antivierus2013\npkws.dll No File
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-04]

========================== Services (Whitelisted) =================

S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2010-12-06] (Acronis)
R2 acssrv; C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe [2040144 2011-02-04] (Agnitum Ltd.)
S3 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-10-01] (Acronis)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [422536 2013-06-14] ()
S3 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S4 kxescore; "c:\program files\kingsoft\ijinshan_antivierus2013\kxescore.exe" /service kxescore [X]

==================== Drivers (Whitelisted) ====================

R1 afw; C:\Windows\System32\DRIVERS\afw.sys [34920 2010-04-20] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [328296 2010-09-27] (Agnitum Ltd.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32408 2011-07-07] (Google Inc)
R3 ASWFilt; C:\Windows\system32\Filt\ASWFilt.dll [72352 2011-02-02] (Agnitum Ltd.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 icbckeyflt2; C:\Windows\icbckeyflt.sys [35184 2012-11-16] (ICBC)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [85352 2014-02-02] (Kingsoft Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-27] ()
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [91016 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [181128 2012-08-27] (Renesas Electronics Corporation)
R1 SandBox; C:\Windows\system32\drivers\SandBox.sys [710824 2011-02-02] (Agnitum Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-01-06] (Duplex Secure Ltd.)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [113688 2011-09-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [113688 2011-09-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [113688 2011-09-13] (ZTE Incorporated)
U3 a319omhe; C:\Windows\system32\Drivers\a319omhe.sys [0 ] (Microsoft Corporation)
S3 HHVReader; system32\DRIVERS\HHVRdr.sys [X]
S2 kisknl; \??\C:\Windows\system32\drivers\kisknl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 10:46 - 2014-02-11 10:46 - 00000000 ____D () C:\FRST
2014-02-10 15:08 - 2014-02-10 15:08 - 00004608 ___SH () C:\Users\makem\Desktop\Thumbs.db
2014-02-10 00:50 - 2014-02-10 00:50 - 00001158 _____ () C:\Users\makem\Desktop\JRT.txt
2014-02-10 00:36 - 2014-02-10 00:36 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 00:23 - 2014-02-10 00:27 - 00000000 ____D () C:\AdwCleaner
2014-02-06 18:32 - 2014-02-06 18:32 - 00000000 ____D () C:\Users\makem\AppData\Local\GARMIN_Corp
2014-02-04 17:16 - 2014-02-04 17:16 - 00000000 ____D () C:\Program Files\kingsoft
2014-02-04 01:09 - 2014-02-04 01:09 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-04 00:06 - 2014-02-04 00:06 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Malwarebytes
2014-02-04 00:06 - 2014-02-04 00:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 16:54 - 2014-02-03 16:54 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-03 16:54 - 2014-02-03 16:54 - 00000000 ____D () C:\Program Files\Trend Micro
2014-02-03 14:27 - 2014-02-03 14:27 - 00007605 _____ () C:\Users\makem\AppData\Local\Resmon.ResmonCfg
2014-02-03 13:53 - 2014-02-03 13:53 - 00143888 _____ () C:\Windows\Minidump\020314-44819-01.dmp
2014-02-03 13:53 - 2014-02-03 13:53 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 13:16 - 2014-02-03 13:16 - 00000000 ____D () C:\Users\makem\AppData\Roaming\AVG2014
2014-02-03 13:15 - 2014-02-03 13:15 - 00000000 ___HD () C:\$AVG
2014-02-03 13:15 - 2014-02-03 13:15 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-03 13:11 - 2014-02-03 13:20 - 00000000 ____D () C:\Users\makem\AppData\Local\Avg2014
2014-02-03 01:16 - 2014-02-03 01:16 - 00319811 _____ () C:\Users\makem\AppData\Local\census.cache
2014-02-03 01:15 - 2014-02-03 01:15 - 00128601 _____ () C:\Users\makem\AppData\Local\ars.cache
2014-02-03 00:20 - 2014-02-03 00:20 - 00000036 _____ () C:\Users\makem\AppData\Local\housecall.guid.cache
2014-02-02 18:42 - 2014-02-02 18:47 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-02-02 18:21 - 2014-02-02 18:35 - 00085352 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-02-02 00:14 - 2014-02-02 00:14 - 00000000 ____D () C:\Windows\Sun
2014-02-02 00:13 - 2014-02-02 00:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-02 00:13 - 2014-02-02 00:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-02 00:13 - 2014-02-02 00:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-02 00:13 - 2014-02-02 00:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\ProgramData\Sun
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\Program Files\Java
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\2C0A
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0C0A
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0C04
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0816
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0804
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0424
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041F
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041E
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041D
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041B
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0419
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0416
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0415
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0414
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0413
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0412
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0411
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0410
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040E
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040D
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040C
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040B
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040A
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0409
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0408
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0407
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0406
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0405
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0404
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0401
2014-01-31 19:20 - 2014-01-31 19:20 - 00000000 ____D () C:\Program Files\Renesas Electronics
2014-01-31 14:08 - 2014-01-31 14:11 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2014-01-15 14:15 - 2014-02-02 18:54 - 00003601 _____ () C:\unintall.log
2014-01-15 14:08 - 2014-02-02 18:35 - 00129904 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv.sys
2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-01-15 13:42 - 2012-09-20 08:02 - 01425208 _____ (Logitech, Inc.) C:\Windows\system32\LogiLDA.DLL
2014-01-15 13:42 - 2009-07-21 08:24 - 00058888 _____ (LSI Corporation) C:\Windows\agrsmdel.exe
2014-01-15 13:42 - 2009-07-21 06:18 - 01161760 _____ (LSI Corporation) C:\Windows\system32\Drivers\AGRSM.sys
2014-01-15 13:42 - 2009-03-27 10:12 - 00013824 _____ (LSI Corporation) C:\Windows\system32\agrscoin.dll
2014-01-15 13:36 - 2014-02-04 17:35 - 00000030 _____ () C:\Users\makem\AppData\Roaming\fixcfg.ini
2014-01-15 13:31 - 2014-01-15 13:31 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-15 13:30 - 2014-01-15 13:30 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-01-15 13:28 - 2013-11-05 19:47 - 02888536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-01-15 13:28 - 2013-11-05 15:48 - 00681905 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-01-15 13:28 - 2013-11-04 19:26 - 00124632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-01-15 13:28 - 2013-11-04 11:11 - 02328792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-01-15 13:28 - 2013-10-28 17:29 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-01-15 13:28 - 2013-10-11 11:31 - 00919600 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-01-15 13:28 - 2013-10-09 20:12 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-01-15 13:28 - 2013-10-07 11:05 - 02547928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-01-15 13:28 - 2013-09-09 15:32 - 05681192 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-01-15 13:28 - 2013-04-24 17:16 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-01-15 13:28 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2014-01-15 13:28 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2014-01-15 13:28 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-01-15 13:28 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2014-01-15 13:28 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2014-01-15 13:28 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2014-01-15 13:28 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-01-15 13:28 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-01-15 13:28 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-01-15 13:28 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-01-15 13:28 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-01-15 13:28 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-01-15 13:28 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-01-15 13:28 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-01-15 13:28 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-01-15 13:28 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-01-15 13:28 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-01-15 13:28 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-01-15 13:28 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-01-15 13:27 - 2013-11-05 18:55 - 38385664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2014-01-15 13:27 - 2013-10-16 03:43 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-01-15 13:27 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-01-15 13:27 - 2013-10-09 20:14 - 13881088 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-01-15 13:27 - 2013-10-09 20:13 - 01677568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2014-01-15 13:27 - 2013-10-09 20:12 - 01935104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-01-15 13:27 - 2013-10-09 20:12 - 00859904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-01-15 13:27 - 2013-10-07 00:14 - 00426944 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2014-01-15 13:27 - 2013-10-07 00:14 - 00403392 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2014-01-15 13:27 - 2013-10-07 00:14 - 00346048 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2014-01-15 13:27 - 2013-09-10 04:02 - 06176944 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2014-01-15 13:27 - 2013-09-10 04:02 - 00272048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2014-01-15 13:27 - 2013-09-10 04:01 - 01489072 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2014-01-15 13:27 - 2013-09-10 04:01 - 00219312 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2014-01-15 13:27 - 2013-08-14 16:36 - 00873728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2014-01-15 13:27 - 2013-08-14 16:36 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-01-15 13:27 - 2013-08-14 16:35 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-01-15 13:27 - 2013-08-05 18:10 - 02395680 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-01-15 13:27 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2014-01-15 13:27 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2014-01-15 13:27 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2014-01-15 13:27 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2014-01-15 13:27 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2014-01-15 13:27 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-01-15 13:27 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2014-01-15 13:27 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2014-01-15 13:27 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-01-15 13:27 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-01-15 10:15 - 2013-11-27 01:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 10:15 - 2013-11-27 01:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 10:15 - 2013-11-27 01:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 10:15 - 2013-11-27 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 10:15 - 2013-11-27 01:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 10:15 - 2013-11-27 01:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 10:15 - 2013-11-26 10:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 20:05 - 2014-01-12 20:05 - 00000000 ____D () C:\Users\makem\AppData\Local\IsolatedStorage
2014-01-12 20:04 - 2014-01-12 20:04 - 00000000 ____D () C:\Users\makem\AppData\Local\Ancestry.com
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\Windows\RegisteredPackages
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\Program Files\Microsoft WSE
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\IExp1.tmp
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\IExp0.tmp
2014-01-12 20:02 - 2014-01-12 20:03 - 00000000 ____D () C:\Program Files\Family Tree Maker 2010
2014-01-12 20:02 - 2014-01-12 20:03 - 00000000 ____D () C:\Program Files\BCL Technologies

==================== One Month Modified Files and Folders =======

2014-02-11 10:47 - 2013-09-24 20:16 - 00099802 _____ () C:\Windows\system32\config\rules.rdb
2014-02-11 10:46 - 2014-02-11 10:46 - 00000000 ____D () C:\FRST
2014-02-11 10:45 - 2013-10-13 15:00 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 10:44 - 2009-07-14 04:34 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 10:44 - 2009-07-14 04:34 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 10:42 - 2013-09-24 21:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-11 10:39 - 2013-09-25 19:58 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Skype
2014-02-11 10:39 - 2013-09-24 17:51 - 01814743 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 10:38 - 2013-09-24 21:16 - 00000000 ____D () C:\Users\makem\AppData\Roaming\MailWasherPro
2014-02-11 10:37 - 2013-10-13 15:00 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 10:37 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 10:37 - 2009-07-14 04:39 - 00058748 _____ () C:\Windows\setupact.log
2014-02-11 00:48 - 2013-09-24 20:20 - 00523676 _____ () C:\Windows\system32\config\afw_db.conf
2014-02-11 00:48 - 2013-09-24 20:20 - 00003348 _____ () C:\Windows\system32\config\afw_hm.conf
2014-02-11 00:37 - 2013-09-29 21:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 00:25 - 2013-09-24 20:45 - 00000000 ____D () C:\Program Files\DigiGuide TV Guide
2014-02-10 15:08 - 2014-02-10 15:08 - 00004608 ___SH () C:\Users\makem\Desktop\Thumbs.db
2014-02-10 10:55 - 2013-09-24 20:15 - 00000000 ____D () C:\Windows\system32\Filt
2014-02-10 00:50 - 2014-02-10 00:50 - 00001158 _____ () C:\Users\makem\Desktop\JRT.txt
2014-02-10 00:36 - 2014-02-10 00:36 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 00:27 - 2014-02-10 00:23 - 00000000 ____D () C:\AdwCleaner
2014-02-09 00:31 - 2013-11-12 10:53 - 00000000 ____D () C:\Program Files\Garmin
2014-02-08 13:59 - 2013-11-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 20:53 - 2013-11-03 23:00 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Garmin
2014-02-06 19:36 - 2013-11-12 10:53 - 00000000 ____D () C:\ProgramData\Garmin
2014-02-06 18:32 - 2014-02-06 18:32 - 00000000 ____D () C:\Users\makem\AppData\Local\GARMIN_Corp
2014-02-06 18:32 - 2013-11-12 10:54 - 00000000 ____D () C:\Users\makem\AppData\Local\Garmin
2014-02-06 18:31 - 2013-10-04 10:14 - 00000000 ____D () C:\Program Files\DIFX
2014-02-05 22:37 - 2013-09-29 21:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 22:37 - 2013-09-29 21:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 14:49 - 2013-09-25 18:57 - 00258072 _____ () C:\Windows\PFRO.log
2014-02-04 22:28 - 2013-09-24 20:42 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-04 22:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-04 19:50 - 2013-10-27 16:53 - 00000600 _____ () C:\Users\makem\AppData\Local\PUTTY.RND
2014-02-04 18:13 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2014-02-04 17:35 - 2014-01-15 13:36 - 00000030 _____ () C:\Users\makem\AppData\Roaming\fixcfg.ini
2014-02-04 17:16 - 2014-02-04 17:16 - 00000000 ____D () C:\Program Files\kingsoft
2014-02-04 01:09 - 2014-02-04 01:09 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-04 00:32 - 2014-01-06 21:17 - 00000000 ____D () C:\Users\makem\AppData\Local\genienext
2014-02-04 00:06 - 2014-02-04 00:06 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Malwarebytes
2014-02-04 00:06 - 2014-02-04 00:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 19:47 - 2013-09-24 22:59 - 00000600 _____ () C:\Users\makem\AppData\Roaming\winscp.rnd
2014-02-03 19:40 - 2013-09-24 20:10 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-03 16:54 - 2014-02-03 16:54 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-03 16:54 - 2014-02-03 16:54 - 00000000 ____D () C:\Program Files\Trend Micro
2014-02-03 16:48 - 2009-07-14 04:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-03 16:48 - 2009-07-14 04:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-02-03 14:27 - 2014-02-03 14:27 - 00007605 _____ () C:\Users\makem\AppData\Local\Resmon.ResmonCfg
2014-02-03 13:53 - 2014-02-03 13:53 - 00143888 _____ () C:\Windows\Minidump\020314-44819-01.dmp
2014-02-03 13:53 - 2014-02-03 13:53 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 13:20 - 2014-02-03 13:11 - 00000000 ____D () C:\Users\makem\AppData\Local\Avg2014
2014-02-03 13:16 - 2014-02-03 13:16 - 00000000 ____D () C:\Users\makem\AppData\Roaming\AVG2014
2014-02-03 13:15 - 2014-02-03 13:15 - 00000000 ___HD () C:\$AVG
2014-02-03 13:15 - 2014-02-03 13:15 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-03 13:14 - 2013-09-24 21:57 - 00000000 ____D () C:\Program Files\AVG
2014-02-03 12:30 - 2009-07-14 04:33 - 00278216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-03 01:16 - 2014-02-03 01:16 - 00319811 _____ () C:\Users\makem\AppData\Local\census.cache
2014-02-03 01:15 - 2014-02-03 01:15 - 00128601 _____ () C:\Users\makem\AppData\Local\ars.cache
2014-02-03 00:20 - 2014-02-03 00:20 - 00000036 _____ () C:\Users\makem\AppData\Local\housecall.guid.cache
2014-02-02 22:57 - 2013-09-24 20:00 - 00061512 _____ () C:\Users\makem\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 22:08 - 2013-10-24 12:34 - 00007680 _____ () C:\Users\makem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 21:29 - 2013-11-08 15:59 - 00000000 ____D () C:\Program Files\Common Files\Macromedia
2014-02-02 21:26 - 2013-11-08 15:59 - 00000000 ____D () C:\Program Files\Macromedia
2014-02-02 18:54 - 2014-01-15 14:15 - 00003601 _____ () C:\unintall.log
2014-02-02 18:54 - 2013-10-04 10:46 - 00000000 ____D () C:\Users\makem\AppData\Local\liebao
2014-02-02 18:47 - 2014-02-02 18:42 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-02-02 18:35 - 2014-02-02 18:21 - 00085352 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-02-02 18:35 - 2014-01-15 14:08 - 00129904 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv.sys
2014-02-02 18:35 - 2013-10-04 10:46 - 00097232 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv64.sys
2014-02-02 00:14 - 2014-02-02 00:14 - 00000000 ____D () C:\Windows\Sun
2014-02-02 00:13 - 2014-02-02 00:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-02 00:13 - 2014-02-02 00:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-02 00:13 - 2014-02-02 00:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-02 00:13 - 2014-02-02 00:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\ProgramData\Sun
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\Program Files\Java
2014-02-02 00:13 - 2014-02-02 00:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-01 01:04 - 2013-09-24 22:59 - 00000000 ____D () C:\Program Files\WinSCP
2014-02-01 00:47 - 2013-10-04 09:44 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-02-01 00:32 - 2013-09-25 19:58 - 00000000 ___RD () C:\Program Files\Skype
2014-02-01 00:32 - 2013-09-25 19:58 - 00000000 ____D () C:\ProgramData\Skype
2014-02-01 00:28 - 2013-09-24 20:10 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-01 00:15 - 2013-09-24 19:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\2C0A
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0C0A
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0C04
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0816
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0804
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0424
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041F
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041E
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041D
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\041B
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0419
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0416
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0415
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0414
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0413
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0412
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0411
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0410
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040E
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040D
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040C
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040B
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\040A
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0409
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0408
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0407
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0406
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0405
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0404
2014-02-01 00:14 - 2014-02-01 00:14 - 00000000 ____D () C:\Windows\system32\0401
2014-02-01 00:12 - 2013-09-29 14:10 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-01-31 19:20 - 2014-01-31 19:20 - 00000000 ____D () C:\Program Files\Renesas Electronics
2014-01-31 14:11 - 2014-01-31 14:08 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-01-31 14:09 - 2013-09-24 20:42 - 00000376 _____ () C:\Windows\ODBC.INI
2014-01-29 14:03 - 2009-07-14 04:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-26 14:31 - 2013-10-24 20:52 - 00000000 ____D () C:\Users\makem\AppData\Local\QuickPar
2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2014-01-21 00:27 - 2013-09-25 18:51 - 00000000 ____D () C:\Users\makem\AppData\Local\Adobe
2014-01-18 16:19 - 2013-10-16 16:52 - 00000000 ____D () C:\Users\makem\AppData\Roaming\IrfanView
2014-01-18 16:10 - 2013-10-16 16:53 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-01-16 23:29 - 2013-09-25 21:02 - 00000000 ____D () C:\Program Files\Allway Sync
2014-01-15 14:43 - 2013-09-28 18:56 - 00000000 ____D () C:\Users\makem\AppData\Roaming\vlc
2014-01-15 14:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-01-15 14:06 - 2013-09-24 18:05 - 00804292 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-15 13:58 - 2009-07-14 02:04 - 00000499 _____ () C:\Windows\win.ini
2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-01-15 13:42 - 2013-10-04 10:14 - 00026158 _____ () C:\Windows\DPINST.LOG
2014-01-15 13:31 - 2014-01-15 13:31 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-15 13:30 - 2014-01-15 13:30 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-01-15 10:43 - 2013-09-25 18:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 10:40 - 2013-09-25 18:45 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 20:05 - 2014-01-12 20:05 - 00000000 ____D () C:\Users\makem\AppData\Local\IsolatedStorage
2014-01-12 20:04 - 2014-01-12 20:04 - 00000000 ____D () C:\Users\makem\AppData\Local\Ancestry.com
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\Windows\RegisteredPackages
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\Users\makem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\Program Files\Microsoft WSE
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\IExp1.tmp
2014-01-12 20:03 - 2014-01-12 20:03 - 00000000 ____D () C:\IExp0.tmp
2014-01-12 20:03 - 2014-01-12 20:02 - 00000000 ____D () C:\Program Files\Family Tree Maker 2010
2014-01-12 20:03 - 2014-01-12 20:02 - 00000000 ____D () C:\Program Files\BCL Technologies
2014-01-12 19:38 - 2013-09-24 21:16 - 00000000 ____D () C:\Program Files\FireTrust

Some content of TEMP:
====================
C:\Users\makem\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 20:43

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014 01
Ran by makem at 2014-02-11 10:48:09
Running from D:\My Profile\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Outpost Firewall Pro (Enabled - Up to date) {578B8A29-863D-0449-EF15-3926A73ACBD3}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Outpost Firewall Pro (Enabled) {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}

==================== Installed Programs ======================

Acronis True Image Home 2011 (Version: 14.0.6597 - Acronis)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
Allway Sync version 12.16.9 (Version: - Botkind Inc)
AVG 2014 (Version: 14.0.3697 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG PC Tuneup 2011 (Version: - AVG)
BHDC_LCD Ukey Client (Version: 1.12 - BHDC_LCD)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Canon IJ Network Scanner Selector EX (Version: - ‪Canon Inc.‬)
Canon IJ Network Tool (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (Version: - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (Version: 1.01 - Canon Inc.)
Canon My Image Garden (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (Version: 2.0.0 - Canon Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001 - Microsoft Corporation)
DigiGuide TV Guide (Version: - GipsyMedia Limited)
Elevated Installer (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Family Tree Maker 2010 (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (Version: 19.0.180 - Ancestry.com) Hidden
Garmin BaseCamp (Version: 4.2.5 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Geany 1.23.1 (Version: 1.23.1 - The Geany developer team)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (Version: - Ilan Shemes)
HiJackThis (Version: 1.0.0 - Trend Micro)
ICBC Infosec CertEnroll Plugins (Version: - )
ICBC Infosec NetSign Plugins (Version: - )
icbc_hh_usbkey2gchinese_plugin (Version: 1.0.0.6 - Industrial and Commercial Bank of China)
icbc_netbank_client_controls (Version: 2010.11.17.0 - ICBC)
ICBCEBankAssist (Version: 1.2.3.0 - Industrial and Commercial Bank of China)
ICBCEbankPlugins (Version: 1.0.2.0 - icbc)
ICBCSetupInput (Version: 1.0.029 - Industrial and Commercial Bank of China)
IrfanView (remove only) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Macromedia Dreamweaver 8 (Version: 8.0.0.2766 - )
Macromedia Extension Manager (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Extension Manager (Version: 1.7.277 - 公司名称)
MailWasher Pro (Version: - FireTrust Limited)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft AutoRoute 2010 (Version: 17.0.22.1400 - Microsoft Corporation)
Microsoft Money (Version: 11.0.120 - Microsoft)
Microsoft Money System Pack (Version: 11.0.120 - Microsoft)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Streets and Trips 2002 (Version: 9.00.16.2000 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 (Version: 3.0.5305.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (Version: 6.5.3 - Notepad++ Team)
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation)
Omron Health Management Software (Version: 1.60.0003 - Omron Healthcare)
OpenAL (Version: - )
Outpost Firewall Pro 7.1 (Version: 7.1 - Agnitum, Ltd.)
Paint Shop Pro 7 ESD (Version: 7.0.0.0000 - Jasc Software Inc)
QuickPar 0.9 (Version: 0.9 - Peter B. Clements)
Rapport (Version: 3.5.1304.46 - Trusteer) Hidden
Realtek High Definition Audio Driver (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 16.3.10.4 - Synaptics Incorporated)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0005 - Texas Instruments Inc.)
TightVNC (Version: 2.7.10.0 - GlavSoft LLC.)
TIPCI (Version: 2.00.0005 - Texas Instruments Inc.) Hidden
TOSHIBA Hardware Setup (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Software Modem (Version: 2.1.73 (SM2173ALD0C) - Agere Systems)
TOSHIBA Software Modem (Version: 2.2.97 - LSI Corporation)
TOSHIBA Value Added Package (Version: 1.2.40 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.40 - TOSHIBA Corporation) Hidden
Total Commander (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
Trusteer Endpoint Protection (Version: 3.5.1304.46 - Trusteer)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Logitech (HidUsb) HIDClass (08/31/2012 1.10.77.0) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - LSI (AgereSoftModem) Modem (07/21/2009 2.2.97) (Version: 07/21/2009 2.2.97 - LSI)
Windows Driver Package - TOSHIBA (FwLnk) System (07/07/2009 1.0.0.6) (Version: 07/07/2009 1.0.0.6 - TOSHIBA)
Windows Media Encoder 9 Series (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-位) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.1.7 (Version: 5.1.7 - Martin Prikryl)
ZTE Handset USB Driver (Version: - ZTE Corporation)
ZTE Handset USB Driver (Version: 5.2066.1.A11B02 - ZTE Corporation)
中国工商银行防钓鱼软件 (Version: 2.2.5 - 中国工商银行)

==================== Restore Points =========================

10-02-2014 21:19:02 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16A9E29A-CDA1-4409-827F-15DE0A6C18DC} - System32\Tasks\{2A6085E3-F71E-4D1E-B870-66A06B74F29F} => E:\Magic Carpet2\NETHERW.EXE
Task: {1AF307C0-F605-412A-9540-C2AEF4EC7E95} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {1D06CC21-EEEC-4D3B-A038-8113360BCF0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {25700BC6-46F4-4E2D-BE3F-69158B299834} - System32\Tasks\{4A7A2757-084B-41F6-A162-D3AB9D4C3894} => E:\Magic Carpet2\NETHERW.EXE
Task: {37E42642-FFD5-44D0-944E-677E42518BF4} - System32\Tasks\Start AllwaySync => C:\Program Files\Allway Sync\Bin\syncappw.exe [2013-10-10] ()
Task: {55626543-097B-4C59-B48C-80BFC3193131} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {6440203A-B8ED-40FB-AF28-309FCE940A50} - System32\Tasks\Open Outlook => C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2010-06-23] (Microsoft Corporation)
Task: {6AAA93ED-9F12-4C69-BA47-05D9FFA6B678} - System32\Tasks\{4F4566CD-2D52-4518-8017-88D03523A2C6} => E:\Magic Carpet2\NETHERW.EXE
Task: {74A58A72-57BC-4A2B-9C97-178C227AF4FD} - System32\Tasks\{2E1C4BD2-1F70-4EAC-B96D-92181D2143F2} => C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe [2005-09-27] (Macromedia, Inc.)
Task: {7DEFA022-B170-4C6E-8106-4A3BBF7F26F0} - System32\Tasks\{9A24D509-A6E0-460F-98D6-6D4D33A92A60} => E:\Magic Carpet2\NETHERW.EXE
Task: {7FE0CE83-BC25-4A1E-A37A-CAD86C619234} - System32\Tasks\{EC85E26F-96E3-4761-A82C-FBFF6EEF9E80} => E:\Magic Carpet2\NETHERW.EXE
Task: {9B5F2C12-1531-47B6-B3CE-B4EAC4E41BF4} - System32\Tasks\Close Outlook => D:\pi_syncro\CloseOL.bat [2013-07-29] ()
Task: {D7E84224-A634-4000-8E31-B2F6356D0070} - System32\Tasks\{CF4FB9F2-0B99-4ABC-A968-8F5F71E88A61} => C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe [2005-09-27] (Macromedia, Inc.)
Task: {E286CA1E-1813-4650-9568-626416017102} - System32\Tasks\{438BD585-6FC2-4FA0-A166-734DEEA3945E} => E:\Magic Carpet2\NETHERW.EXE
Task: {E4665D23-84BC-4F6C-8029-04571F7160E4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FEB9C923-1DC7-44A5-989E-5ED48B1972C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Allway Sync_{48049047AC30CCEFA42EF46968DBC5B2}.job => C:\Program Files\Allway Sync\Bin\syncappw.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2013-09-24 21:50 - 2014-02-03 12:38 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-11-28 11:30 - 2010-09-19 15:20 - 00148312 _____ () C:\Windows\System32\hhukey3k02.dll
2013-09-25 21:02 - 2013-10-10 11:48 - 00094416 _____ () C:\Program Files\Allway Sync\Bin\syncappw.exe
2013-09-25 21:02 - 2013-10-10 11:22 - 08214016 _____ () C:\Program Files\Allway Sync\Bin\syncapp.dll
2014-01-12 19:38 - 2010-05-28 13:57 - 00801976 _____ () C:\Program Files\FireTrust\MailWasher Pro\ContactsLib.dll
2014-01-12 19:38 - 2009-06-25 15:40 - 00977080 _____ () C:\Program Files\FireTrust\MailWasher Pro\MCORE.DLL
2014-01-12 19:38 - 2010-04-19 08:48 - 00277904 _____ () C:\Program Files\FireTrust\MailWasher Pro\sqlite3.dll
2014-01-12 19:38 - 2009-08-25 17:51 - 00155320 _____ () C:\Program Files\FireTrust\MailWasher Pro\MailPrefs.dll
2014-01-12 19:38 - 2008-09-12 17:39 - 00611936 _____ () C:\Program Files\FireTrust\MailWasher Pro\MailAnalysis.DLL
2013-09-24 20:45 - 2013-09-24 20:45 - 00390192 _____ () C:\Program Files\DigiGuide TV Guide\digiguide.exe
2013-09-24 20:45 - 2013-09-24 20:45 - 00713216 _____ () C:\Program Files\DigiGuide TV Guide\js32.dll
2013-09-24 20:45 - 2013-09-24 20:45 - 00312832 _____ () C:\Program Files\DigiGuide TV Guide\Network.dll
2013-09-24 20:45 - 2013-09-24 20:45 - 00872448 _____ () C:\Program Files\DigiGuide TV Guide\LIBEAY32.dll
2013-09-24 20:45 - 2013-09-24 20:45 - 00159744 _____ () C:\Program Files\DigiGuide TV Guide\SSLEAY32.dll
2013-11-16 15:07 - 2013-12-12 21:19 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: ICBCEBankAssist => "C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: kisknl
Description: kisknl
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kisknl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 01:04:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/11/2014 10:38:12 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/11/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: The kisknl service failed to start due to the following error:
%%2

Error: (02/10/2014 11:00:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/10/2014 10:59:12 PM) (Source: Service Control Manager) (User: )
Description: The kisknl service failed to start due to the following error:
%%2

Error: (02/10/2014 08:42:10 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/10/2014 08:41:11 PM) (Source: Service Control Manager) (User: )
Description: The kisknl service failed to start due to the following error:
%%2

Error: (02/10/2014 06:51:54 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/10/2014 06:51:03 PM) (Source: Service Control Manager) (User: )
Description: The kisknl service failed to start due to the following error:
%%2

Error: (02/10/2014 05:30:52 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/10/2014 05:30:00 PM) (Source: Service Control Manager) (User: )
Description: The kisknl service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/10/2014 01:04:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\LogiShrd\sp6_uninstall\tools\64\AddBrowsers.exe


CodeIntegrity Errors:
===================================
Date: 2013-10-04 11:01:30.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:01:30.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:01:28.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:01:28.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:00:33.325
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:00:33.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:00:09.046
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:00:09.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:00:08.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-04 11:00:08.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RtkAPO.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3070.05 MB
Available physical RAM: 1682.64 MB
Total Pagefile: 6136.34 MB
Available Pagefile: 4629.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:53.85 GB) (Free:19.01 GB) NTFS
Drive d: (Data) (Fixed) (Total:244.14 GB) (Free:71.22 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:9.48 GB) NTFS
Drive h: (LEXAR MEDIA) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
Drive x: (New_Volume) (Network) (Total:30.03 GB) (Free:29.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A7A526D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 1405D094)
Partition 1: (Active) - (Size=983 MB) - (Type=06)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 135C5BDE)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ESET log
C:\Program Files\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application
C:\Program Files\Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application
D:\Archive\CD_DVD Burning\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Archive\Communicate\FTP\winscp433setup.exe Win32/OpenCandy potentially unsafe application
D:\Archive\Drivers_manuals\android\UniversalAndroot-1.6.2-beta5.apk multiple threats
D:\Archive\Drivers_manuals\android\u_Root.apk multiple threats
D:\Archive\Music_Video_Audio\Audio\Format Factory\FFSetup270.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Archive\Operating Systems\Windows 7\Find Windows Product key of installed OS\produkey.zip Win32/PSWTool.ProductKey potentially unsafe application
D:\Archive\Utilities\coretemp_1236.exe a variant of Win32/InstallIQ.A potentially unwanted application

==================== End Of Log ============================

It was necessary to uninstall AVGFree 2014 as I could not find Resident Shield and disabling from sys tray did not deal with it therefore the scan hung.
I also needed to uninstal AVG Tuneup.

I would like to remove kisknl which appears to be a driver for hardware I do not have.

I do not appear to have any problem in the use of the computer which appears to be performing normally.
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby wannabeageek » February 12th, 2014, 1:02 am

Hello no1so,

Please post the entire ESET log as found here:
C:\Program Files\ESET\EsetOnlineScanner\log.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 12th, 2014, 1:37 pm

Sorry, full log ESET log after a second scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=994108245833b94b82de10ac36e33e55
# engine=17042
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-12 05:32:51
# local_time=2014-02-12 05:32:51 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 11932868 144692762 0 0
# scanned=210939
# found=5
# cleaned=0
# scan_time=15583
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\Program Files\Mobogenie\nengine.dll"
sh=C86F9E4C2947B866837F4CE9E2F5156D244FCA2E ft=1 fh=0833f1c10068505a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\Program Files\Mobogenie\UpdateMoboGenie.exe"
sh=442DBBDAA1BBF58064CCD926CEFB7807F49C8B82 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Archive\Music_Video_Audio\Audio\Format Factory\FFSetup270.zip"
sh=8B71E0289BEAB2F2CD5B2270FFA18DEF6CD56B48 ft=1 fh=d35c1ec804b96789 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Archive\Music_Video_Audio\Audio\Format Factory\FFSetup270\FFSetup270.exe"
sh=CCA5C9D40D7FC0BEB2D22B4FA86E8FD612BF536B ft=1 fh=1c752b12a835f045 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="D:\Archive\Utilities\coretemp_1236.exe"
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 14th, 2014, 8:17 am

Since my last post I have noticed that I can no longer log into Skype. May be a problem with jscript.dll maybe caused by MBAM according to Skype technicians.
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 14th, 2014, 8:02 pm

Cancel above - skype is ok now.
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm

Re: Rootkit warning - DgSafe.sys

Unread postby wannabeageek » February 15th, 2014, 11:03 am

Hi no1so,

I apologize for the late reply.

Multiple Antivirus Programs
It appears that you have run more than 1 Antivirus/Anti-Spyware program.
Agnitum
AVG
Commercial Bank of China Anti-phishing software
ijinshan_antivierus2013 = Kingsoft Anti-virus
kisknl = Kingsoft Anti-virus

Running - more than one - antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.
I strongly suggest you uninstall one of them. Which one, is your decision.
You mentioned kisknl in a previous post as being something you wanted to remove. We can do that but you need to decide which AV ( Anti-Virus) and AS (Anti-Spyware) you would like to keep.

After you decide which programs you need to keep we will start removing invalid entries.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit warning - DgSafe.sys

Unread postby no1so » February 15th, 2014, 11:38 am

I understand - it was Valentines day ;)

Kingsoft Antivirus was un-installed some while ago. I still get complaints that kisknl does not have hardware ie. it is a driver which does not have anything to drive.

I have Antignum which when installed asked if I installed AVG. When I say yes, it turns off the Antignum, antivirus and just perrforms as a firewall.

As for the Chinese Anti-phishing software, this is peculiar to ICBC bank that I use and must be present. It is not a general antivirus program but special for the banking. I could try removing it if I knew how but that may cause a banking software problem as it checks every time. Obviously in China it has to be very safe.

So, I need to live with, Antignum firewall, AVG antivirus and ICBC anti-phishing. These never cause a conflict.

Kingsoft has been removed previously and needs the driver kisknl removing but I am not sure how to do that.

Are you able to see that Kingsoft has been uninstalled?

Please tell me if you are satisfied with the position I state, If not I must remove a firewall and AVG which will leave me with anti-phising only.

EDIT: I have just checked Program Files and see a Kingsoft folder which contains only two ini files:

Activity_Pop.ini which is empty
ticket_cfg.ini which contains - [common] switch=0 [promotion] commonad=0

There is no entry now in the Add/Remove programs for Kingsoft so I have delete the folder in program files.

EDIT 2: I will uninstall ICBC antiphishing. as I now find it is in add/remove programs.
no1so
Regular Member
 
Posts: 16
Joined: February 2nd, 2014, 9:37 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware