Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91862 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Notebook not running right [Solved]


  • This topic is locked This topic is locked
31 replies to this topic

#1 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 12 January 2014 - 11:27 PM

OTL logfile created on: 1/12/2014 10:49:18 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SRE Lab\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 68.37% Memory free
15.60 Gb Paging File | 12.38 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 573.97 Gb Total Space | 355.98 Gb Free Space | 62.02% Space Free | Partition Type: NTFS
Drive D: | 21.91 Gb Total Space | 3.19 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
 
Computer Name: SRELAB-HP | User Name: SRE Lab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\SRE Lab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\SRE Lab\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\libglesv2.dll ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\libegl.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (vToolbarUpdater17.3.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CLKMSVC10_C6F09094) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe (CyberLink)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}
IE:64bit: - HKLM\..\SearchScopes\{727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{7AEF202B-80EF-45E0-A6F7-48EB97CA3957}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{CD2A1234-3A8D-4B8D-8F12-93C46896C555}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{7AEF202B-80EF-45E0-A6F7-48EB97CA3957}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{CD2A1234-3A8D-4B8D-8F12-93C46896C555}: "URL" = http://search.yahoo....psg&type=HPNTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/https://ww [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}
IE - HKCU\..\SearchScopes\{727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7AEF202B-80EF-45E0-A6F7-48EB97CA3957}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={2446510E-C5B8-42FD-91AF-89BEDCF4031D}&mid=4bc2095d2db547d3bf3ab578168607ec-d21eed6ec61c9bc33447ae47f874e241dbcc406b&lang=en&ds=sf011&pr=sa&d=2013-11-25 22:56:40&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CD2A1234-3A8D-4B8D-8F12-93C46896C555}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 03:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.2.113 [2014/01/12 21:33:11 | 000,000,000 | ---D | M]
 
[2013/08/02 14:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SRE Lab\AppData\Roaming\mozilla\Extensions
[2013/08/02 14:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg.com/search?cid={2446510E-C5B8-42FD-91AF-89BEDCF4031D}&mid=4bc2095d2db547d3bf3ab578168607ec-d21eed6ec61c9bc33447ae47f874e241dbcc406b&lang=en&ds=sf011&pr=sa&d=2013-11-25 22:56:40&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...archTerms}&o=1,
CHR - Extension: Skype Click to Call = C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1\
CHR - Extension: AVG SafeGuard = C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.2.113_0\
CHR - Extension: Google Wallet = C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2013/09/08 13:50:40 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.113\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.113\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [*LogMeInRescue_35770014] C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83B1974F-FA01-48E8-BCBA-ED025FD0DFA8}: DhcpNameServer = 10.4.40.11 10.4.40.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/12 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\OTL.exe
[2014/01/12 20:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/01/07 17:55:59 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/01/06 11:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/01/06 11:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/01/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\SRE Lab\Documents\My PSP Files
[2014/01/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\SRE Lab\AppData\Roaming\Corel
[2014/01/03 19:54:02 | 000,000,000 | ---D | C] -- C:\Users\SRE Lab\AppData\Local\ElevatedDiagnostics
[6 C:\Users\SRE Lab\Documents\*.tmp files -> C:\Users\SRE Lab\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/12 22:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 22:46:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\OTL.exe
[2014/01/12 22:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 20:02:12 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2014/01/12 19:31:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/11 23:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/08 16:31:53 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/08 16:31:53 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/07 18:03:15 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/07 18:03:15 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/07 18:03:15 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/07 17:58:33 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/07 17:17:53 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 11:59:36 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/17 21:23:44 | 000,000,722 | ---- | M] () -- C:\Users\SRE Lab\Desktop\IMG_0017 - Shortcut.lnk
[2013/12/17 21:23:37 | 000,000,722 | ---- | M] () -- C:\Users\SRE Lab\Desktop\IMG_0013 - Shortcut.lnk
[2013/12/15 16:31:00 | 006,464,705 | ---- | M] () -- C:\Users\SRE Lab\Documents\youdontsay.mov
[2013/12/15 16:30:00 | 000,068,955 | ---- | M] () -- C:\Users\SRE Lab\Documents\punymichael.jpg
[2013/12/15 16:20:05 | 000,386,549 | ---- | M] () -- C:\Users\SRE Lab\Documents\BUOnlineCourseApplication.pdf
[6 C:\Users\SRE Lab\Documents\*.tmp files -> C:\Users\SRE Lab\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/06 11:59:36 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/12/17 21:23:44 | 000,000,722 | ---- | C] () -- C:\Users\SRE Lab\Desktop\IMG_0017 - Shortcut.lnk
[2013/12/17 21:23:37 | 000,000,722 | ---- | C] () -- C:\Users\SRE Lab\Desktop\IMG_0013 - Shortcut.lnk
[2013/12/15 16:31:00 | 006,464,705 | ---- | C] () -- C:\Users\SRE Lab\Documents\youdontsay.mov
[2013/12/15 16:30:00 | 000,068,955 | ---- | C] () -- C:\Users\SRE Lab\Documents\punymichael.jpg
[2013/12/15 16:20:05 | 000,386,549 | ---- | C] () -- C:\Users\SRE Lab\Documents\BUOnlineCourseApplication.pdf
[2013/09/18 22:03:07 | 000,591,296 | ---- | C] () -- C:\Users\SRE Lab\image.jpeg
[2013/09/18 22:03:07 | 000,516,365 | ---- | C] () -- C:\Users\SRE Lab\imo.jpeg
[2013/09/08 13:48:13 | 000,730,320 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/08 13:27:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SRELAB-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/07 17:26:58 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/08/07 17:26:58 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/08/07 17:26:58 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/08/07 17:26:58 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/08/07 17:26:58 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/08/07 17:26:58 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/08/07 17:26:58 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/08/07 17:26:58 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/08/07 17:26:58 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/08/07 17:26:58 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/08/07 17:26:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/08/07 17:26:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/08/07 17:26:58 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/08/07 17:26:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/08/07 17:26:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/08/07 17:26:58 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/08/07 17:26:58 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/08/07 17:26:58 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/08/07 17:26:58 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/07/29 17:05:13 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2013/07/29 16:59:03 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/12/03 07:42:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/12/03 07:42:50 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/21 11:13:29 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Audacity
[2012/03/28 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\DigitalPersona
[2013/08/22 11:14:41 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Movdap
[2014/01/12 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Spotify
[2013/08/04 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Ulead Systems
[2013/07/20 15:56:32 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 20:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 14:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/20 00:37:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/07/20 00:33:51 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/20 00:37:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/20 00:33:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/20 00:37:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/20 00:33:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/20 00:37:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/20 00:33:51 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 20:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 20:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2014/01/07 18:00:02 | 000,107,658 | ---- | M] () MD5=C0F5F0AE025CB708FD1810D72973F2EC -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: EXPLORER.ZIP  >
[2009/06/03 22:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2013/03/03 22:49:09 | 000,672,928 | ---- | M] (Microsoft Corporation) MD5=050A612C1CE0C7095CAD64EA32C570DB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[2013/11/27 12:58:15 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/27 12:58:15 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/07/31 04:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20617_none_1843b546cdda6584\iexplore.exe
[2013/07/24 20:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20613_none_183fb41ecdde0028\iexplore.exe
[2009/07/13 19:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2013/09/18 11:34:51 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/09/18 11:34:52 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/10/12 15:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 03:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/07/24 22:00:18 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=536B5973A34DDAA6E16AC8248B726BD0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20613_none_0deb09cc997d3e2d\iexplore.exe
[2013/07/24 20:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16502_none_17bfe6f5b4b92b16\iexplore.exe
[2013/03/01 23:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
[2010/11/20 07:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/10/12 01:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/07/31 08:22:10 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A818D637533302BA58C685F332388FC0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16506_none_0d6f3dcb8054ce77\iexplore.exe
[2013/07/31 04:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16506_none_17c3e81db4b59072\iexplore.exe
[2013/03/01 23:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_0f7d1cf63e66de3e\iexplore.exe
[2013/07/16 15:25:20 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=AFF2C99AD2C599108B6BD9E77C24B463 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_0d0dec99809dccc9\iexplore.exe
[2013/03/03 23:42:51 | 000,696,464 | ---- | M] (Microsoft Corporation) MD5=B1B17B56E0F9AE84A1F75E757217154E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_0fee1af15797670c\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/11/27 12:58:15 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/11/27 12:58:15 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/09/22 17:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 01:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 18:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/07/31 07:01:01 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=E1D016741AA03A959586A7818595BF46 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20617_none_0def0af49979a389\iexplore.exe
[2013/09/22 19:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2013/07/16 15:25:22 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_176296ebb4fe8ec4\iexplore.exe
[2009/07/13 19:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2013/09/22 19:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2013/07/24 21:58:46 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=FA5B33E7BB143BCE846C303B528E8D62 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16502_none_0d6b3ca38058691b\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2013/07/16 15:25:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/07/16 15:25:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/09/18 11:34:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/09/18 11:34:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 20:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 15:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/20 00:37:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/07/20 00:37:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 07:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 07:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 20:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 20:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 20:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2014/01/07 17:58:33 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/07 17:58:35 | 4083,007,487 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2013/02/05 23:56:16 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is CA5D-3C54
 Directory of C:\
07/13/2009  11:08 PM    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [..]
07/13/2009  11:08 PM    <JUNCTION>     Documents [..]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [..]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [..]
07/13/2009  11:08 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  11:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [..]
07/13/2009  11:08 PM    <JUNCTION>     Documents [..]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [..]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [..]
07/13/2009  11:08 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     Cookies [..]
07/13/2009  11:08 PM    <JUNCTION>     Local Settings [..]
07/13/2009  11:08 PM    <JUNCTION>     My Documents [..]
07/13/2009  11:08 PM    <JUNCTION>     NetHood [..]
07/13/2009  11:08 PM    <JUNCTION>     PrintHood [..]
07/13/2009  11:08 PM    <JUNCTION>     Recent [..]
07/13/2009  11:08 PM    <JUNCTION>     SendTo [..]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [..]
07/13/2009  11:08 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     History [..]
07/13/2009  11:08 PM    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [..]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [..]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\SRE Lab
03/28/2012  10:35 AM    <JUNCTION>     Application Data [C:\Users\SRE Lab\AppData\Roaming]
03/28/2012  10:35 AM    <JUNCTION>     Cookies [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Cookies]
03/28/2012  10:35 AM    <JUNCTION>     Local Settings [C:\Users\SRE Lab\AppData\Local]
03/28/2012  10:35 AM    <JUNCTION>     My Documents [C:\Users\SRE Lab\Documents]
03/28/2012  10:35 AM    <JUNCTION>     NetHood [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/28/2012  10:35 AM    <JUNCTION>     PrintHood [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/28/2012  10:35 AM    <JUNCTION>     Recent [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Recent]
03/28/2012  10:35 AM    <JUNCTION>     SendTo [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\SendTo]
03/28/2012  10:35 AM    <JUNCTION>     Start Menu [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Start Menu]
03/28/2012  10:35 AM    <JUNCTION>     Templates [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\SRE Lab\AppData\Local
03/28/2012  10:35 AM    <JUNCTION>     Application Data [C:\Users\SRE Lab\AppData\Local]
03/28/2012  10:35 AM    <JUNCTION>     History [C:\Users\SRE Lab\AppData\Local\Microsoft\Windows\History]
03/28/2012  10:35 AM    <JUNCTION>     Temporary Internet Files [C:\Users\SRE Lab\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\SRE Lab\Documents
03/28/2012  10:35 AM    <JUNCTION>     My Music [C:\Users\SRE Lab\Music]
03/28/2012  10:35 AM    <JUNCTION>     My Pictures [C:\Users\SRE Lab\Pictures]
03/28/2012  10:35 AM    <JUNCTION>     My Videos [C:\Users\SRE Lab\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/16/2010  03:18 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
09/16/2010  03:18 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/16/2010  03:18 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/16/2010  03:18 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/16/2010  03:18 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
09/16/2010  03:18 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/16/2010  03:18 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/16/2010  03:18 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              62 Dir(s)  381,695,504,384 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/17 08:41:58 | 000,000,221 | -HS- | M] () -- C:\Users\SRE Lab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/08/21 17:41:32 | 000,975,858 | ---- | M] () -- C:\Users\SRE Lab\Desktop\AdwCleaner.exe
[2013/08/20 13:14:51 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\SRE Lab\Desktop\aswMBR.exe
[2013/11/25 22:30:20 | 000,979,928 | ---- | M] (CyberLink) -- C:\Users\SRE Lab\Desktop\CyberLink_YouCam_Downloader.exe
[2013/08/18 23:12:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\SRE Lab\Desktop\HiJackThis.exe
[2013/08/22 11:01:45 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\SRE Lab\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/21 18:09:14 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Users\SRE Lab\Desktop\mbar-1.06.1.1005.exe
[2014/01/12 22:46:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\OTL.exe
[2013/08/20 11:49:30 | 000,891,115 | ---- | M] () -- C:\Users\SRE Lab\Desktop\SecurityCheck.exe
[2013/08/29 11:52:17 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\TFC.exe
[2013/08/02 14:18:00 | 001,239,536 | ---- | M] (Microsoft Corporation) -- C:\Users\SRE Lab\Desktop\wlsetup-web(1).exe
[2013/08/02 14:11:30 | 001,239,536 | ---- | M] (Microsoft Corporation) -- C:\Users\SRE Lab\Desktop\wlsetup-web.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2013/10/21 22:47:55 | 000,000,098 | ---- | M] ()(C:\Users\SRE Lab\Desktop\? Faint Reflections - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Faint Reflections - YouTube.url
[2013/10/21 22:47:55 | 000,000,098 | ---- | C] ()(C:\Users\SRE Lab\Desktop\? Faint Reflections - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Faint Reflections - YouTube.url
[2013/08/12 11:48:45 | 000,000,068 | ---- | M] ()(C:\Users\SRE Lab\Desktop\? Filter dance summer intensive - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Filter dance summer intensive - YouTube.url
[2013/08/12 11:48:45 | 000,000,068 | ---- | C] ()(C:\Users\SRE Lab\Desktop\? Filter dance summer intensive - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Filter dance summer intensive - YouTube.url
 
< End of report >
 
<No extras.txt file created>
 

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 January 2014 - 10:48 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Could you elaborate on what is going on with your system that makes you think it may be infected?   :)
-------------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 14 January 2014 - 01:15 PM

McAfee Virusscan keeps being turned off; update won't work either. Can't change browser page to Google. All media players uninstalled.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by SRE Lab at 12:48:39 on 2014-01-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7990.5757 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mfevtps.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\spotify.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\lmi_rescue.exe
C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\lmi_rescue.exe
C:\Program Files\McAfee.com\Agent\mcupdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Spotify Web Helper] "C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [113_850994793524] "C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat"
uRunOnce: [*LogMeInRescue_479370226] "C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0005.tmp\lmi_rescue.exe" -runonce reboot
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{83B1974F-FA01-48E8-BCBA-ED025FD0DFA8} : DHCPNameServer = 10.4.40.11 10.4.40.17
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}\055616368647275656 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}\2456C605F607 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}\3636D667F57657563747 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}\9333930284F6573756 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}\A4D41414027596D26496 : DHCPNameServer = 10.2.0.1
TCP: Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}\A65637573727569676E637 : DHCPNameServer = 192.168.150.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 340216]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-16 203264]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-7-19 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-7-19 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-7-19 241456]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-5 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-7-19 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-7-19 182752]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-16 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-7-19 70112]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2013-11-25 40896]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-7-19 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-7-19 515968]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/16 01:59:19;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-16 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-7-19 201304]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-8-9 245760]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-7-19 196440]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-7-19 106552]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-17 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-16 232992]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-17 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-16 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-01-07 23:55:59 -------- d-sh--w- C:\found.000
2014-01-06 17:59:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll
2014-01-06 17:59:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll
2014-01-06 17:59:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-06 17:59:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-06 17:59:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-06 17:59:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-06 17:59:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-04 01:54:02 -------- d-----w- C:\Users\SRE Lab\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2013-12-12 19:22:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-12 19:22:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 12:49:04.07 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 3/28/2012 11:35:22 AM
System Uptime: 1/7/2014 8:48:37 PM (160 hours ago)
.
Motherboard: Hewlett-Packard |  | 144B
Processor: Intel® Core™ i5 CPU       M 460  @ 2.53GHz | CPU | 2534/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 574 GiB total, 355.363 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 3.193 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP87: 1/12/2014 10:54:17 PM - OTL Restore Point - 1/12/2014 10:54:16 PM
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audacity 2.0.3
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
CyberLink DVD Suite
CyberLink YouCam 5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DeviceIO
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
Google Chrome
Google Update Helper
Heroes of Hellas 2 - Olympia
HL-2270DW
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Movies and TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP SimplePass Identity Protection
HP Software Framework
HP Wireless Assistant
Hulu Desktop
ICA
IDT Audio
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
iTunes
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 x64 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Maker
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
Photo Common
Photo Gallery
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PSPPContent
PSPPRO_DCRAW
PureHD
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Setup
Share
Share64
Shared C Run-time for x64
Skype Click to Call
Skype™ 6.11
Spotify
Synaptics Pointing Device Driver
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
Validity Sensors DDK
VIO
Virtual Families
Virtual Villagers - The Secret City
VSClassic
VSPro
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/13/2014 10:13:14 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
1/11/2014 10:02:08 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
 
12:53:20.0536 0x0af4  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
12:53:30.0781 0x0af4  ============================================================
12:53:30.0781 0x0af4  Current date / time: 2014/01/14 12:53:30.0781
12:53:30.0781 0x0af4  SystemInfo:
12:53:30.0781 0x0af4  
12:53:30.0781 0x0af4  OS Version: 6.1.7601 ServicePack: 1.0
12:53:30.0781 0x0af4  Product type: Workstation
12:53:30.0781 0x0af4  ComputerName: SRELAB-HP
12:53:30.0782 0x0af4  UserName: SRE Lab
12:53:30.0782 0x0af4  Windows directory: C:\Windows
12:53:30.0782 0x0af4  System windows directory: C:\Windows
12:53:30.0782 0x0af4  Running under WOW64
12:53:30.0782 0x0af4  Processor architecture: Intel x64
12:53:30.0782 0x0af4  Number of processors: 4
12:53:30.0782 0x0af4  Page size: 0x1000
12:53:30.0782 0x0af4  Boot type: Normal boot
12:53:30.0782 0x0af4  ============================================================
12:53:31.0241 0x0af4  KLMD registered as C:\Windows\system32\drivers\45706941.sys
12:53:31.0387 0x0af4  System UUID: {9FEE2BF9-454C-9960-6021-7B2BB7845C4C}
12:53:32.0273 0x0af4  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:32.0281 0x0af4  ============================================================
12:53:32.0281 0x0af4  \Device\Harddisk0\DR0:
12:53:32.0281 0x0af4  MBR partitions:
12:53:32.0281 0x0af4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:53:32.0281 0x0af4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x47BF0800
12:53:32.0281 0x0af4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47C54800, BlocksNum 0x2BCF800
12:53:32.0281 0x0af4  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
12:53:32.0281 0x0af4  ============================================================
12:53:32.0323 0x0af4  C: <-> \Device\Harddisk0\DR0\Partition2
12:53:32.0364 0x0af4  D: <-> \Device\Harddisk0\DR0\Partition3
12:53:32.0364 0x0af4  ============================================================
12:53:32.0364 0x0af4  Initialize success
12:53:32.0364 0x0af4  ============================================================
12:53:35.0226 0x23bc  ============================================================
12:53:35.0226 0x23bc  Scan started
12:53:35.0226 0x23bc  Mode: Manual; 
12:53:35.0226 0x23bc  ============================================================
12:53:35.0226 0x23bc  KSN ping started
12:53:37.0757 0x23bc  KSN ping finished: true
12:53:38.0951 0x23bc  ================ Scan system memory ========================
12:53:38.0951 0x23bc  System memory - ok
12:53:38.0953 0x23bc  ================ Scan services =============================
12:53:39.0180 0x23bc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:53:39.0189 0x23bc  1394ohci - ok
12:53:39.0247 0x23bc  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
12:53:39.0249 0x23bc  Accelerometer - ok
12:53:39.0301 0x23bc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:53:39.0307 0x23bc  ACPI - ok
12:53:39.0340 0x23bc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:53:39.0342 0x23bc  AcpiPmi - ok
12:53:39.0435 0x23bc  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:53:39.0437 0x23bc  AdobeARMservice - ok
12:53:39.0617 0x23bc  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:39.0627 0x23bc  AdobeFlashPlayerUpdateSvc - ok
12:53:39.0693 0x23bc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:53:39.0703 0x23bc  adp94xx - ok
12:53:39.0733 0x23bc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:53:39.0739 0x23bc  adpahci - ok
12:53:39.0784 0x23bc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:53:39.0787 0x23bc  adpu320 - ok
12:53:39.0824 0x23bc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:53:39.0826 0x23bc  AeLookupSvc - ok
12:53:39.0915 0x23bc  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
12:53:39.0917 0x23bc  AESTFilters - ok
12:53:39.0969 0x23bc  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
12:53:39.0982 0x23bc  AFD - ok
12:53:40.0041 0x23bc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:53:40.0043 0x23bc  agp440 - ok
12:53:40.0085 0x23bc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:53:40.0087 0x23bc  ALG - ok
12:53:40.0129 0x23bc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:53:40.0130 0x23bc  aliide - ok
12:53:40.0170 0x23bc  [ 48619A29F9C9C3CFEB66718DD03D8057, 64F2CD082253E664698868AEE544184E096EFF091E3CB97FB99C599B41A785BF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:53:40.0174 0x23bc  AMD External Events Utility - ok
12:53:40.0197 0x23bc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:53:40.0198 0x23bc  amdide - ok
12:53:40.0241 0x23bc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:53:40.0243 0x23bc  AmdK8 - ok
12:53:40.0679 0x23bc  [ 06BF0785DE714637EBA9BB1084B28626, 34AA395DA7F68000C72861C65C4571FCCAEBFB6D95383E3CEBB3B156B2E8AB8C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:53:40.0917 0x23bc  amdkmdag - ok
12:53:40.0967 0x23bc  [ 2DEC3274589FF6889AB05ADCEEB0F642, 575505F49834318CA7C49F4AE9E5AFA339D351EA7753A8D9D27152E88AC03ADD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:53:40.0972 0x23bc  amdkmdap - ok
12:53:41.0000 0x23bc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:53:41.0002 0x23bc  AmdPPM - ok
12:53:41.0038 0x23bc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:53:41.0041 0x23bc  amdsata - ok
12:53:41.0086 0x23bc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:53:41.0089 0x23bc  amdsbs - ok
12:53:41.0116 0x23bc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:53:41.0118 0x23bc  amdxata - ok
12:53:41.0160 0x23bc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:53:41.0162 0x23bc  AppID - ok
12:53:41.0204 0x23bc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:53:41.0205 0x23bc  AppIDSvc - ok
12:53:41.0245 0x23bc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:53:41.0248 0x23bc  Appinfo - ok
12:53:41.0301 0x23bc  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:53:41.0303 0x23bc  Apple Mobile Device - ok
12:53:41.0347 0x23bc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:53:41.0350 0x23bc  arc - ok
12:53:41.0373 0x23bc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:53:41.0375 0x23bc  arcsas - ok
12:53:41.0414 0x23bc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:41.0416 0x23bc  AsyncMac - ok
12:53:41.0480 0x23bc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:53:41.0481 0x23bc  atapi - ok
12:53:41.0545 0x23bc  [ 2D648572BA9A610952FCAFBA1E119C2D, 4CD7E7D3C878DEF8CC18A925EAB1E0E8E8893BE99DA1E1F78FE9AD12EF1C48BC ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
12:53:41.0548 0x23bc  AtiHdmiService - ok
12:53:41.0604 0x23bc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:53:41.0616 0x23bc  AudioEndpointBuilder - ok
12:53:41.0635 0x23bc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:53:41.0647 0x23bc  AudioSrv - ok
12:53:41.0687 0x23bc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:53:41.0690 0x23bc  AxInstSV - ok
12:53:41.0731 0x23bc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:53:41.0739 0x23bc  b06bdrv - ok
12:53:41.0788 0x23bc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:53:41.0793 0x23bc  b57nd60a - ok
12:53:41.0951 0x23bc  [ 0E7A9264576B40638A3FBC804DE1FF76, D307179E6FA5D39E03175F37D297E4D0DA86CF0FC6EFA6CFCFAA0E8713489BC5 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
12:53:42.0005 0x23bc  BCM43XX - ok
12:53:42.0037 0x23bc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:53:42.0039 0x23bc  BDESVC - ok
12:53:42.0069 0x23bc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:53:42.0070 0x23bc  Beep - ok
12:53:42.0137 0x23bc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:53:42.0152 0x23bc  BFE - ok
12:53:42.0205 0x23bc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:53:42.0222 0x23bc  BITS - ok
12:53:42.0256 0x23bc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:53:42.0258 0x23bc  blbdrive - ok
12:53:42.0302 0x23bc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:53:42.0310 0x23bc  Bonjour Service - ok
12:53:42.0340 0x23bc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:53:42.0342 0x23bc  bowser - ok
12:53:42.0387 0x23bc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:53:42.0388 0x23bc  BrFiltLo - ok
12:53:42.0407 0x23bc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:53:42.0408 0x23bc  BrFiltUp - ok
12:53:42.0465 0x23bc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:53:42.0468 0x23bc  Browser - ok
12:53:42.0507 0x23bc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:53:42.0515 0x23bc  Brserid - ok
12:53:42.0557 0x23bc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:53:42.0559 0x23bc  BrSerWdm - ok
12:53:42.0612 0x23bc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:53:42.0614 0x23bc  BrUsbMdm - ok
12:53:42.0638 0x23bc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:53:42.0639 0x23bc  BrUsbSer - ok
12:53:42.0681 0x23bc  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:53:42.0686 0x23bc  BrYNSvc - ok
12:53:42.0719 0x23bc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:53:42.0721 0x23bc  BTHMODEM - ok
12:53:42.0772 0x23bc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:53:42.0773 0x23bc  bthserv - ok
12:53:42.0796 0x23bc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:53:42.0798 0x23bc  cdfs - ok
12:53:42.0838 0x23bc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:53:42.0842 0x23bc  cdrom - ok
12:53:42.0881 0x23bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:53:42.0884 0x23bc  CertPropSvc - ok
12:53:42.0927 0x23bc  [ D2B3252AD4EB499C935A56467997AA3C, BC65242406A7449E88969265AC67D35F7842C70D5483CBCFF7786F00C3EF896D ] cfwids          C:\Windows\system32\drivers\cfwids.sys
12:53:42.0930 0x23bc  cfwids - ok
12:53:42.0995 0x23bc  [ EA3333DB9AB03106EEC0D6D9D487ED01, 4102A1D212221800CD83DCAFAF54BA55140AAB4A490F3779624F1EE832B04441 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
12:53:43.0002 0x23bc  CinemaNow Service - ok
12:53:43.0038 0x23bc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:53:43.0040 0x23bc  circlass - ok
12:53:43.0076 0x23bc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:53:43.0084 0x23bc  CLFS - ok
12:53:43.0214 0x23bc  [ DEDE5EC7DC09D840D5D74E06FF4DE127, 3F292B370A5D539C381712679D0A08D649C9952E0B7892CF708ADD52815E2467 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
12:53:43.0227 0x23bc  CLKMSVC10_C6F09094 - ok
12:53:43.0293 0x23bc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:43.0295 0x23bc  clr_optimization_v2.0.50727_32 - ok
12:53:43.0342 0x23bc  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:53:43.0344 0x23bc  clr_optimization_v2.0.50727_64 - ok
12:53:43.0423 0x23bc  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:43.0428 0x23bc  clr_optimization_v4.0.30319_32 - ok
12:53:43.0499 0x23bc  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:53:43.0505 0x23bc  clr_optimization_v4.0.30319_64 - ok
12:53:43.0554 0x23bc  [ 4ACAB07CC8AE9B4BEFB4BA1A0879A584, D6F615302E9D697117B865A2EA0B4EF799751405B40736EC053E9C6FBEE8215C ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
12:53:43.0556 0x23bc  clwvd - ok
12:53:43.0576 0x23bc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:53:43.0577 0x23bc  CmBatt - ok
12:53:43.0608 0x23bc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:53:43.0609 0x23bc  cmdide - ok
12:53:43.0649 0x23bc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:53:43.0657 0x23bc  CNG - ok
12:53:43.0702 0x23bc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:53:43.0703 0x23bc  Compbatt - ok
12:53:43.0738 0x23bc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:53:43.0739 0x23bc  CompositeBus - ok
12:53:43.0749 0x23bc  COMSysApp - ok
12:53:43.0769 0x23bc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:53:43.0770 0x23bc  crcdisk - ok
12:53:43.0806 0x23bc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:53:43.0810 0x23bc  CryptSvc - ok
12:53:43.0862 0x23bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:53:43.0872 0x23bc  DcomLaunch - ok
12:53:43.0908 0x23bc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:53:43.0914 0x23bc  defragsvc - ok
12:53:43.0955 0x23bc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:53:43.0957 0x23bc  DfsC - ok
12:53:44.0008 0x23bc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:53:44.0017 0x23bc  Dhcp - ok
12:53:44.0037 0x23bc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:53:44.0039 0x23bc  discache - ok
12:53:44.0086 0x23bc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:53:44.0088 0x23bc  Disk - ok
12:53:44.0135 0x23bc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:53:44.0139 0x23bc  Dnscache - ok
12:53:44.0179 0x23bc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:53:44.0184 0x23bc  dot3svc - ok
12:53:44.0245 0x23bc  [ 3E6B2753A09D46958F5D0DF8E1B650CA, 7FB90692D434B0C83D97B9899DCEE8A58A20D8E73EB702AEB88AE8909630F2CF ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
12:53:44.0253 0x23bc  DpHost - ok
12:53:44.0285 0x23bc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:53:44.0289 0x23bc  DPS - ok
12:53:44.0326 0x23bc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:53:44.0327 0x23bc  drmkaud - ok
12:53:44.0387 0x23bc  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:53:44.0406 0x23bc  DXGKrnl - ok
12:53:44.0451 0x23bc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:53:44.0455 0x23bc  EapHost - ok
12:53:44.0690 0x23bc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:53:44.0796 0x23bc  ebdrv - ok
12:53:44.0835 0x23bc  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
12:53:44.0837 0x23bc  EFS - ok
12:53:44.0901 0x23bc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:53:44.0914 0x23bc  ehRecvr - ok
12:53:44.0944 0x23bc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:53:44.0947 0x23bc  ehSched - ok
12:53:44.0989 0x23bc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:53:44.0998 0x23bc  elxstor - ok
12:53:45.0023 0x23bc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:53:45.0024 0x23bc  ErrDev - ok
12:53:45.0090 0x23bc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:53:45.0098 0x23bc  EventSystem - ok
12:53:45.0139 0x23bc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:53:45.0143 0x23bc  exfat - ok
12:53:45.0162 0x23bc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:53:45.0166 0x23bc  fastfat - ok
12:53:45.0219 0x23bc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:53:45.0231 0x23bc  Fax - ok
12:53:45.0270 0x23bc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:53:45.0271 0x23bc  fdc - ok
12:53:45.0309 0x23bc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:53:45.0310 0x23bc  fdPHost - ok
12:53:45.0327 0x23bc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:53:45.0329 0x23bc  FDResPub - ok
12:53:45.0347 0x23bc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:53:45.0349 0x23bc  FileInfo - ok
12:53:45.0416 0x23bc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:53:45.0418 0x23bc  Filetrace - ok
12:53:45.0448 0x23bc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:45.0449 0x23bc  flpydisk - ok
12:53:45.0506 0x23bc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:53:45.0512 0x23bc  FltMgr - ok
12:53:45.0567 0x23bc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:53:45.0594 0x23bc  FontCache - ok
12:53:45.0644 0x23bc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:53:45.0645 0x23bc  FontCache3.0.0.0 - ok
12:53:45.0679 0x23bc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:53:45.0680 0x23bc  FsDepends - ok
12:53:45.0704 0x23bc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:53:45.0705 0x23bc  Fs_Rec - ok
12:53:45.0747 0x23bc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:53:45.0752 0x23bc  fvevol - ok
12:53:45.0779 0x23bc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:53:45.0781 0x23bc  gagp30kx - ok
12:53:45.0850 0x23bc  [ CE16683CFD11FE70BDE435DDA5EA1FCA, 43D850361F2B5C9389F7FABC3C62BD1517349C03834F436579DD01CFD09919F4 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
12:53:45.0855 0x23bc  GameConsoleService - ok
12:53:45.0883 0x23bc  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:53:45.0884 0x23bc  GEARAspiWDM - ok
12:53:45.0926 0x23bc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:53:45.0940 0x23bc  gpsvc - ok
12:53:45.0995 0x23bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:53:45.0998 0x23bc  gupdate - ok
12:53:46.0005 0x23bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:53:46.0008 0x23bc  gupdatem - ok
12:53:46.0030 0x23bc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:53:46.0032 0x23bc  hcw85cir - ok
12:53:46.0081 0x23bc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:53:46.0087 0x23bc  HdAudAddService - ok
12:53:46.0106 0x23bc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:53:46.0109 0x23bc  HDAudBus - ok
12:53:46.0137 0x23bc  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
12:53:46.0139 0x23bc  HECIx64 - ok
12:53:46.0167 0x23bc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:53:46.0168 0x23bc  HidBatt - ok
12:53:46.0204 0x23bc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:53:46.0206 0x23bc  HidBth - ok
12:53:46.0225 0x23bc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:53:46.0227 0x23bc  HidIr - ok
12:53:46.0261 0x23bc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:53:46.0263 0x23bc  hidserv - ok
12:53:46.0296 0x23bc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:53:46.0298 0x23bc  HidUsb - ok
12:53:46.0350 0x23bc  [ A894FB2CAE6A29F5D9C8EDA47B074623, F39014379B6F546CF3D3F56A343A7173B600A350715638040AE93E03EAB81CAC ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
12:53:46.0354 0x23bc  HipShieldK - ok
12:53:46.0394 0x23bc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:53:46.0397 0x23bc  hkmsvc - ok
12:53:46.0427 0x23bc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:53:46.0432 0x23bc  HomeGroupListener - ok
12:53:46.0487 0x23bc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:53:46.0492 0x23bc  HomeGroupProvider - ok
12:53:46.0574 0x23bc  [ 3A09322A8AA8B0C79036686A0EBE7B4C, A110ECBBD9A0EDAA134B95F9FB3428F33F7629480ABCF36F58891837EE1B04C0 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
12:53:46.0579 0x23bc  HP Wireless Assistant Service - ok
12:53:46.0673 0x23bc  [ 881F74074963CDAD8C475D09DC3A0BB6, 946DE15BD45A76FF6386CE37CE3ADDDF242CF49A17753C914F9FA91A8C84FC02 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:53:46.0676 0x23bc  HPDrvMntSvc.exe - ok
12:53:46.0741 0x23bc  [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
12:53:46.0743 0x23bc  hpdskflt - ok
12:53:46.0784 0x23bc  [ FE51B163A618B1CBF015485D21C1BC68, 16C85BAC5F6E97451DD781CE96DE10E6BF7B2A33001379FB63A08848B22B5CCD ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:53:46.0795 0x23bc  hpqwmiex - ok
12:53:46.0881 0x23bc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:53:46.0885 0x23bc  HpSAMD - ok
12:53:46.0928 0x23bc  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv           C:\Windows\system32\Hpservice.exe
12:53:46.0930 0x23bc  hpsrv - ok
12:53:47.0065 0x23bc  [ 5AA89E152634954E15E9DB265C6A8557, 62ECC2B15AB920AD76FE3B8069F599C8354125BEECAF89B3475C37940760157F ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
12:53:47.0066 0x23bc  HPWMISVC - ok
12:53:47.0115 0x23bc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:53:47.0129 0x23bc  HTTP - ok
12:53:47.0160 0x23bc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:53:47.0161 0x23bc  hwpolicy - ok
12:53:47.0205 0x23bc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:53:47.0207 0x23bc  i8042prt - ok
12:53:47.0249 0x23bc  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:53:47.0259 0x23bc  iaStor - ok
12:53:47.0296 0x23bc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:53:47.0303 0x23bc  iaStorV - ok
12:53:47.0362 0x23bc  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:53:47.0377 0x23bc  idsvc - ok
12:53:47.0404 0x23bc  IEEtwCollectorService - ok
12:53:47.0762 0x23bc  [ 1BE8D9CA4F2363B8E8015621878E0043, 695B5F88A6F6943156D033DAA86188F50308AD71FCF26CF0AEDF7E23F774FB56 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:53:48.0109 0x23bc  igfx - ok
12:53:48.0147 0x23bc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:53:48.0149 0x23bc  iirsp - ok
12:53:48.0192 0x23bc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:53:48.0207 0x23bc  IKEEXT - ok
12:53:48.0242 0x23bc  [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
12:53:48.0245 0x23bc  Impcd - ok
12:53:48.0275 0x23bc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:53:48.0277 0x23bc  intelide - ok
12:53:48.0631 0x23bc  [ 1BE8D9CA4F2363B8E8015621878E0043, 695B5F88A6F6943156D033DAA86188F50308AD71FCF26CF0AEDF7E23F774FB56 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
12:53:48.0941 0x23bc  intelkmd - ok
12:53:48.0984 0x23bc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:53:48.0986 0x23bc  intelppm - ok
12:53:49.0011 0x23bc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:53:49.0014 0x23bc  IPBusEnum - ok
12:53:49.0037 0x23bc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:49.0039 0x23bc  IpFilterDriver - ok
12:53:49.0086 0x23bc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:53:49.0096 0x23bc  iphlpsvc - ok
12:53:49.0124 0x23bc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:53:49.0127 0x23bc  IPMIDRV - ok
12:53:49.0147 0x23bc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:53:49.0149 0x23bc  IPNAT - ok
12:53:49.0200 0x23bc  [ 0FF335D687C85097725A53458160E81E, BF8BB3C8AF1822BEB5FF5F8008614B982F277D862B16B6516CA91F73D336E9D4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:53:49.0211 0x23bc  iPod Service - ok
12:53:49.0256 0x23bc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:53:49.0258 0x23bc  IRENUM - ok
12:53:49.0277 0x23bc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:53:49.0278 0x23bc  isapnp - ok
12:53:49.0309 0x23bc  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:53:49.0314 0x23bc  iScsiPrt - ok
12:53:49.0344 0x23bc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:53:49.0346 0x23bc  kbdclass - ok
12:53:49.0374 0x23bc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:53:49.0376 0x23bc  kbdhid - ok
12:53:49.0390 0x23bc  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
12:53:49.0393 0x23bc  KeyIso - ok
12:53:49.0423 0x23bc  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:53:49.0426 0x23bc  KSecDD - ok
12:53:49.0444 0x23bc  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:53:49.0447 0x23bc  KSecPkg - ok
12:53:49.0487 0x23bc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:53:49.0489 0x23bc  ksthunk - ok
12:53:49.0528 0x23bc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:53:49.0538 0x23bc  KtmRm - ok
12:53:49.0583 0x23bc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:53:49.0589 0x23bc  LanmanServer - ok
12:53:49.0609 0x23bc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:53:49.0613 0x23bc  LanmanWorkstation - ok
12:53:49.0659 0x23bc  [ 07B1888209C54B675FFCCBDE9F06D2C6, F80DA304CEFC062D4E604C0A7A2B60361161F259FBE8E94332F6BAD640630D23 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:53:49.0660 0x23bc  LightScribeService - ok
12:53:49.0700 0x23bc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:53:49.0702 0x23bc  lltdio - ok
12:53:49.0738 0x23bc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:53:49.0745 0x23bc  lltdsvc - ok
12:53:49.0757 0x23bc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:53:49.0759 0x23bc  lmhosts - ok
12:53:49.0878 0x23bc  [ 6D515466AB8BFE61184092B635AE6EB4, 86CEF8700AF4D848DCF5DF217A7588C04F7F0BCEEB10B971E7C0368D8F8E1FAC ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:53:49.0884 0x23bc  LMS - ok
12:53:49.0921 0x23bc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:53:49.0924 0x23bc  LSI_FC - ok
12:53:49.0949 0x23bc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:53:49.0952 0x23bc  LSI_SAS - ok
12:53:49.0970 0x23bc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:53:49.0972 0x23bc  LSI_SAS2 - ok
12:53:50.0007 0x23bc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:53:50.0010 0x23bc  LSI_SCSI - ok
12:53:50.0028 0x23bc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:53:50.0031 0x23bc  luafv - ok
12:53:50.0116 0x23bc  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:53:50.0121 0x23bc  McMPFSvc - ok
12:53:50.0130 0x23bc  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:53:50.0134 0x23bc  mcmscsvc - ok
12:53:50.0145 0x23bc  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:53:50.0151 0x23bc  McNaiAnn - ok
12:53:54.0006 0x23bc  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:53:54.0010 0x23bc  McNASvc - ok
12:53:54.0051 0x23bc  [ 5D57D4B57CCC07450F97C4E929D0483F, AD3FF338ED5BC48FA7BC7D469D8FAD93DE31E5C3A1C841689D1E1A2F5C8E8857 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
12:53:54.0059 0x23bc  McODS - ok
12:53:54.0069 0x23bc  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:53:54.0073 0x23bc  McProxy - ok
12:53:54.0125 0x23bc  [ 21F81090A00932C5E96700EDF2977582, 5687F4BF22BCA348020E46169A9677C9691DFB2656E481D38ABFA3C172A5993F ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:53:54.0130 0x23bc  McShield - ok
12:53:54.0160 0x23bc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:53:54.0163 0x23bc  Mcx2Svc - ok
12:53:54.0204 0x23bc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:53:54.0206 0x23bc  megasas - ok
12:53:54.0292 0x23bc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:53:54.0302 0x23bc  MegaSR - ok
12:53:54.0360 0x23bc  [ B1720E97FABBDF7D30B36DAF19C3DEE8, 93F82FDA8FFB801B823792F3BFAB587ECB1AECC06AE76B2007631A910F827C94 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
12:53:54.0364 0x23bc  mfeapfk - ok
12:53:54.0419 0x23bc  [ 113F1534B80D65DFDCA660F19967A3B7, F63D297E128DFD7A3FF3C6446334671B41492EFFE67D7EF56B30D0F1696656BD ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
12:53:54.0425 0x23bc  mfeavfk - ok
12:53:54.0456 0x23bc  mfeavfk01 - ok
12:53:54.0553 0x23bc  [ 8036004F016125C907FC9351141F95AA, 10DE20FCB2D33E25E443C10EED4551CBAE9C16CD6D08B69BF91868A2F27DAF53 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
12:53:54.0571 0x23bc  mfecore - ok
12:53:54.0594 0x23bc  [ C4F521310E40327BBC8E8E71DA344F48, C04C7CF39577010926A1C6EE589876EF40A59CA64FD1825544CED011DCFC844A ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:53:54.0650 0x23bc  mfefire - ok
12:53:54.0693 0x23bc  [ CECC9841D036EE008091825272D91331, 0D1576EB2EE99B62D35AB87CDDCD8BAC12AAC7E53DB9E0B46B99442C9831F8E0 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
12:53:54.0702 0x23bc  mfefirek - ok
12:53:54.0765 0x23bc  [ EF0F85EDBDF6C0AB467E88E0CEE2B346, 2A7322D58DADF093D4BEBDE6DD6B85EEC70FC5F40CA786774200B917D5BE0CEA ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
12:53:54.0778 0x23bc  mfehidk - ok
12:53:54.0859 0x23bc  [ 73A92690FF5CFFE5A741912311AA1A6C, 52B6DACF023A704785D2F346F61D5896DF1E06C1ED37540741227333C4BE921A ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
12:53:54.0866 0x23bc  mfencbdc - ok
12:53:54.0911 0x23bc  [ CB987596EE0964958AFA677360B6174B, 2852B8DC0F160ED6B2EE310FEC1BB19B93D619688C25C6296F7214959996FA6B ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
12:53:54.0913 0x23bc  mfencrk - ok
12:53:54.0948 0x23bc  [ 6E3A46BF6CBB80450CC24F80FE03ED5A, 2B2DA9D5BDF6F0082BECFF48E19A5DC633458E7B47651E275A20645BBFAFBEFE ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
12:53:54.0951 0x23bc  mferkdet - ok
12:53:54.0979 0x23bc  [ 341BFCAA3A55C08E8C9ECB1654ACA905, C81D87320192730EC6BDA932EEAC300793070FDF4FB7D1B9EE083F47A357690C ] mfevtp          C:\Windows\system32\mfevtps.exe
12:53:54.0984 0x23bc  mfevtp - ok
12:53:55.0008 0x23bc  [ 2802D09F1B6ED502237539563F3C4992, C95C7C4880FB8435C828C85599035F00500BD85B363E0842B4719792125CB9FE ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
12:53:55.0014 0x23bc  mfewfpk - ok
12:53:55.0061 0x23bc  Microsoft SharePoint Workspace Audit Service - ok
12:53:55.0091 0x23bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:53:55.0094 0x23bc  MMCSS - ok
12:53:55.0124 0x23bc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:53:55.0126 0x23bc  Modem - ok
12:53:55.0149 0x23bc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:53:55.0151 0x23bc  monitor - ok
12:53:55.0168 0x23bc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:53:55.0170 0x23bc  mouclass - ok
12:53:55.0184 0x23bc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:53:55.0186 0x23bc  mouhid - ok
12:53:55.0212 0x23bc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:53:55.0214 0x23bc  mountmgr - ok
12:53:55.0239 0x23bc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:53:55.0242 0x23bc  mpio - ok
12:53:55.0273 0x23bc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:53:55.0275 0x23bc  mpsdrv - ok
12:53:55.0320 0x23bc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:53:55.0335 0x23bc  MpsSvc - ok
12:53:55.0360 0x23bc  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:53:55.0363 0x23bc  MRxDAV - ok
12:53:55.0390 0x23bc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:55.0393 0x23bc  mrxsmb - ok
12:53:55.0419 0x23bc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:55.0425 0x23bc  mrxsmb10 - ok
12:53:55.0440 0x23bc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:55.0443 0x23bc  mrxsmb20 - ok
12:53:55.0465 0x23bc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:53:55.0466 0x23bc  msahci - ok
12:53:55.0491 0x23bc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:53:55.0495 0x23bc  msdsm - ok
12:53:55.0516 0x23bc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:53:55.0521 0x23bc  MSDTC - ok
12:53:55.0562 0x23bc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:53:55.0563 0x23bc  Msfs - ok
12:53:55.0574 0x23bc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:53:55.0575 0x23bc  mshidkmdf - ok
12:53:55.0607 0x23bc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:53:55.0608 0x23bc  msisadrv - ok
12:53:55.0651 0x23bc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:53:55.0655 0x23bc  MSiSCSI - ok
12:53:55.0659 0x23bc  msiserver - ok
12:53:55.0715 0x23bc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:53:55.0717 0x23bc  MSKSSRV - ok
12:53:55.0741 0x23bc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:55.0742 0x23bc  MSPCLOCK - ok
12:53:55.0756 0x23bc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:53:55.0757 0x23bc  MSPQM - ok
12:53:55.0801 0x23bc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:53:55.0808 0x23bc  MsRPC - ok
12:53:55.0838 0x23bc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:53:55.0839 0x23bc  mssmbios - ok
12:53:55.0870 0x23bc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:53:55.0871 0x23bc  MSTEE - ok
12:53:55.0890 0x23bc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:53:55.0891 0x23bc  MTConfig - ok
12:53:55.0913 0x23bc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:53:55.0915 0x23bc  Mup - ok
12:53:55.0956 0x23bc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:53:55.0965 0x23bc  napagent - ok
12:53:56.0005 0x23bc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:53:56.0011 0x23bc  NativeWifiP - ok
12:53:56.0071 0x23bc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:53:56.0089 0x23bc  NDIS - ok
12:53:56.0133 0x23bc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:53:56.0135 0x23bc  NdisCap - ok
12:53:56.0159 0x23bc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:56.0160 0x23bc  NdisTapi - ok
12:53:56.0197 0x23bc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:56.0199 0x23bc  Ndisuio - ok
12:53:56.0228 0x23bc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:56.0231 0x23bc  NdisWan - ok
12:53:56.0252 0x23bc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:53:56.0256 0x23bc  NDProxy - ok
12:53:56.0304 0x23bc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:53:56.0306 0x23bc  NetBIOS - ok
12:53:56.0337 0x23bc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:53:56.0345 0x23bc  NetBT - ok
12:53:56.0357 0x23bc  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
12:53:56.0359 0x23bc  Netlogon - ok
12:53:56.0410 0x23bc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:53:56.0417 0x23bc  Netman - ok
12:53:56.0434 0x23bc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:53:56.0443 0x23bc  netprofm - ok
12:53:56.0474 0x23bc  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:56.0481 0x23bc  NetTcpPortSharing - ok
12:53:56.0699 0x23bc  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
12:53:56.0916 0x23bc  netw5v64 - ok
12:53:56.0958 0x23bc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:53:56.0960 0x23bc  nfrd960 - ok
12:53:57.0002 0x23bc  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:53:57.0010 0x23bc  NlaSvc - ok
12:53:57.0035 0x23bc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:53:57.0037 0x23bc  Npfs - ok
12:53:57.0069 0x23bc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:53:57.0071 0x23bc  nsi - ok
12:53:57.0089 0x23bc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:53:57.0091 0x23bc  nsiproxy - ok
12:53:57.0163 0x23bc  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:53:57.0197 0x23bc  Ntfs - ok
12:53:57.0224 0x23bc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:53:57.0225 0x23bc  Null - ok
12:53:57.0275 0x23bc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:53:57.0278 0x23bc  nvraid - ok
12:53:57.0299 0x23bc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:53:57.0302 0x23bc  nvstor - ok
12:53:57.0324 0x23bc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:53:57.0327 0x23bc  nv_agp - ok
12:53:57.0354 0x23bc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:53:57.0357 0x23bc  ohci1394 - ok
12:53:57.0428 0x23bc  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:57.0432 0x23bc  ose64 - ok
12:53:57.0698 0x23bc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:53:57.0786 0x23bc  osppsvc - ok
12:53:57.0828 0x23bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:53:57.0835 0x23bc  p2pimsvc - ok
12:53:57.0864 0x23bc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:53:57.0874 0x23bc  p2psvc - ok
12:53:57.0902 0x23bc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:53:57.0904 0x23bc  Parport - ok
12:53:57.0935 0x23bc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:53:57.0937 0x23bc  partmgr - ok
12:53:57.0971 0x23bc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:53:57.0977 0x23bc  PcaSvc - ok
12:53:58.0011 0x23bc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:53:58.0015 0x23bc  pci - ok
12:53:58.0036 0x23bc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:53:58.0037 0x23bc  pciide - ok
12:53:58.0068 0x23bc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:53:58.0073 0x23bc  pcmcia - ok
12:53:58.0109 0x23bc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:53:58.0111 0x23bc  pcw - ok
12:53:58.0142 0x23bc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:53:58.0154 0x23bc  PEAUTH - ok
12:53:58.0222 0x23bc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:53:58.0224 0x23bc  PerfHost - ok
12:53:58.0305 0x23bc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:53:58.0332 0x23bc  pla - ok
12:53:58.0371 0x23bc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:53:58.0380 0x23bc  PlugPlay - ok
12:53:58.0401 0x23bc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:53:58.0403 0x23bc  PNRPAutoReg - ok
12:53:58.0429 0x23bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:53:58.0436 0x23bc  PNRPsvc - ok
12:53:58.0470 0x23bc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:53:58.0480 0x23bc  PolicyAgent - ok
12:53:58.0513 0x23bc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:53:58.0517 0x23bc  Power - ok
12:53:58.0559 0x23bc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:53:58.0562 0x23bc  PptpMiniport - ok
12:53:58.0590 0x23bc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:53:58.0592 0x23bc  Processor - ok
12:53:58.0635 0x23bc  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:53:58.0640 0x23bc  ProfSvc - ok
12:53:58.0658 0x23bc  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:53:58.0660 0x23bc  ProtectedStorage - ok
12:53:58.0704 0x23bc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:53:58.0708 0x23bc  Psched - ok
12:53:58.0774 0x23bc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:53:58.0800 0x23bc  ql2300 - ok
12:53:58.0833 0x23bc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:53:58.0837 0x23bc  ql40xx - ok
12:53:58.0879 0x23bc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:53:58.0884 0x23bc  QWAVE - ok
12:53:58.0909 0x23bc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:53:58.0910 0x23bc  QWAVEdrv - ok
12:53:58.0920 0x23bc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:53:58.0922 0x23bc  RasAcd - ok
12:53:58.0948 0x23bc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:53:58.0950 0x23bc  RasAgileVpn - ok
12:53:58.0987 0x23bc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:53:58.0990 0x23bc  RasAuto - ok
12:53:59.0032 0x23bc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:59.0036 0x23bc  Rasl2tp - ok
12:53:59.0106 0x23bc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:53:59.0113 0x23bc  RasMan - ok
12:53:59.0189 0x23bc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:59.0191 0x23bc  RasPppoe - ok
12:53:59.0208 0x23bc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:53:59.0211 0x23bc  RasSstp - ok
12:53:59.0244 0x23bc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:53:59.0250 0x23bc  rdbss - ok
12:53:59.0270 0x23bc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:53:59.0271 0x23bc  rdpbus - ok
12:53:59.0295 0x23bc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:59.0296 0x23bc  RDPCDD - ok
12:53:59.0402 0x23bc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:53:59.0403 0x23bc  RDPENCDD - ok
12:53:59.0431 0x23bc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:53:59.0432 0x23bc  RDPREFMP - ok
12:53:59.0488 0x23bc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:53:59.0489 0x23bc  RdpVideoMiniport - ok
12:53:59.0519 0x23bc  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:53:59.0524 0x23bc  RDPWD - ok
12:53:59.0562 0x23bc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:53:59.0566 0x23bc  rdyboost - ok
12:53:59.0597 0x23bc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:53:59.0600 0x23bc  RemoteAccess - ok
12:53:59.0636 0x23bc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:53:59.0640 0x23bc  RemoteRegistry - ok
12:53:59.0663 0x23bc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:53:59.0666 0x23bc  RpcEptMapper - ok
12:53:59.0692 0x23bc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:53:59.0693 0x23bc  RpcLocator - ok
12:53:59.0730 0x23bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:53:59.0740 0x23bc  RpcSs - ok
12:53:59.0777 0x23bc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:53:59.0779 0x23bc  rspndr - ok
12:53:59.0813 0x23bc  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:53:59.0818 0x23bc  RSUSBSTOR - ok
12:53:59.0855 0x23bc  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:53:59.0864 0x23bc  RTL8167 - ok
12:53:59.0881 0x23bc  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
12:53:59.0883 0x23bc  SamSs - ok
12:53:59.0928 0x23bc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:53:59.0930 0x23bc  sbp2port - ok
12:53:59.0966 0x23bc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:53:59.0971 0x23bc  SCardSvr - ok
12:54:00.0002 0x23bc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:54:00.0004 0x23bc  scfilter - ok
12:54:00.0063 0x23bc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:54:00.0085 0x23bc  Schedule - ok
12:54:00.0116 0x23bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:54:00.0119 0x23bc  SCPolicySvc - ok
12:54:00.0164 0x23bc  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
12:54:00.0167 0x23bc  sdbus - ok
12:54:00.0197 0x23bc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:54:00.0201 0x23bc  SDRSVC - ok
12:54:00.0233 0x23bc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:54:00.0235 0x23bc  secdrv - ok
12:54:00.0265 0x23bc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:54:00.0267 0x23bc  seclogon - ok
12:54:00.0301 0x23bc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:54:00.0303 0x23bc  SENS - ok
12:54:00.0347 0x23bc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:54:00.0350 0x23bc  SensrSvc - ok
12:54:00.0409 0x23bc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:54:00.0411 0x23bc  Serenum - ok
12:54:00.0442 0x23bc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:54:00.0445 0x23bc  Serial - ok
12:54:00.0477 0x23bc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:54:00.0479 0x23bc  sermouse - ok
12:54:00.0513 0x23bc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:54:00.0517 0x23bc  SessionEnv - ok
12:54:00.0544 0x23bc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:54:00.0546 0x23bc  sffdisk - ok
12:54:00.0557 0x23bc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:54:00.0558 0x23bc  sffp_mmc - ok
12:54:00.0564 0x23bc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:54:00.0566 0x23bc  sffp_sd - ok
12:54:00.0609 0x23bc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:54:00.0610 0x23bc  sfloppy - ok
12:54:00.0657 0x23bc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:54:00.0665 0x23bc  SharedAccess - ok
12:54:00.0694 0x23bc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:54:00.0702 0x23bc  ShellHWDetection - ok
12:54:00.0762 0x23bc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:54:00.0764 0x23bc  SiSRaid2 - ok
12:54:00.0789 0x23bc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:54:00.0791 0x23bc  SiSRaid4 - ok
12:54:01.0005 0x23bc  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:54:01.0060 0x23bc  Skype C2C Service - ok
12:54:01.0150 0x23bc  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:54:01.0157 0x23bc  SkypeUpdate - ok
12:54:01.0205 0x23bc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:54:01.0208 0x23bc  Smb - ok
12:54:01.0255 0x23bc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:54:01.0257 0x23bc  SNMPTRAP - ok
12:54:01.0277 0x23bc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:54:01.0279 0x23bc  spldr - ok
12:54:01.0327 0x23bc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:54:01.0338 0x23bc  Spooler - ok
12:54:01.0464 0x23bc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:54:01.0526 0x23bc  sppsvc - ok
12:54:01.0558 0x23bc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:54:01.0561 0x23bc  sppuinotify - ok
12:54:01.0598 0x23bc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:54:01.0606 0x23bc  srv - ok
12:54:01.0627 0x23bc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:54:01.0635 0x23bc  srv2 - ok
12:54:01.0695 0x23bc  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:54:01.0701 0x23bc  SrvHsfHDA - ok
12:54:01.0773 0x23bc  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:54:01.0799 0x23bc  SrvHsfV92 - ok
12:54:01.0832 0x23bc  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:54:01.0848 0x23bc  SrvHsfWinac - ok
12:54:01.0881 0x23bc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:54:01.0884 0x23bc  srvnet - ok
12:54:01.0914 0x23bc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:54:01.0919 0x23bc  SSDPSRV - ok
12:54:01.0937 0x23bc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:54:01.0941 0x23bc  SstpSvc - ok
12:54:02.0023 0x23bc  [ 463E33B1EA7AF1E6EB87B66B831DB41A, E76654F8E301829C0F27775A5673A3BA929FE4FA6C1C214A98C2915C5EC189A4 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
12:54:02.0034 0x23bc  STacSV - ok
12:54:02.0065 0x23bc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:54:02.0066 0x23bc  stexstor - ok
12:54:02.0118 0x23bc  [ 4304B75094E106FB5423A290C95841E5, 55670F1DBC9B25A5E31FBEB3CB3C97E2B11CCD6359DA89FF1310C1BBCEC66A80 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:54:02.0127 0x23bc  STHDA - ok
12:54:02.0195 0x23bc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:54:02.0207 0x23bc  stisvc - ok
12:54:02.0251 0x23bc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:54:02.0253 0x23bc  swenum - ok
12:54:02.0295 0x23bc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:54:02.0307 0x23bc  swprv - ok
12:54:02.0370 0x23bc  [ AC3CC98B1BDB6540021D3FFB105AC2B9, 671146CC16139AECE0BCCC44983807E045A930E262F64461D0D882A0A0B77E4F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:54:02.0377 0x23bc  SynTP - ok
12:54:02.0454 0x23bc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:54:02.0492 0x23bc  SysMain - ok
12:54:02.0522 0x23bc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:54:02.0527 0x23bc  TabletInputService - ok
12:54:02.0556 0x23bc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:54:02.0563 0x23bc  TapiSrv - ok
12:54:02.0589 0x23bc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:54:02.0593 0x23bc  TBS - ok
12:54:02.0680 0x23bc  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:54:02.0716 0x23bc  Tcpip - ok
12:54:02.0802 0x23bc  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:54:02.0834 0x23bc  TCPIP6 - ok
12:54:02.0872 0x23bc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:54:02.0874 0x23bc  tcpipreg - ok
12:54:02.0918 0x23bc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:54:02.0920 0x23bc  TDPIPE - ok
12:54:02.0951 0x23bc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:54:02.0952 0x23bc  TDTCP - ok
12:54:02.0987 0x23bc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:54:02.0991 0x23bc  tdx - ok
12:54:03.0014 0x23bc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:54:03.0016 0x23bc  TermDD - ok
12:54:03.0052 0x23bc  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
12:54:03.0064 0x23bc  TermService - ok
12:54:03.0082 0x23bc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:54:03.0085 0x23bc  Themes - ok
12:54:03.0104 0x23bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:54:03.0108 0x23bc  THREADORDER - ok
12:54:03.0130 0x23bc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:54:03.0134 0x23bc  TrkWks - ok
12:54:03.0188 0x23bc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:54:03.0196 0x23bc  TrustedInstaller - ok
12:54:03.0227 0x23bc  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:03.0229 0x23bc  tssecsrv - ok
12:54:03.0275 0x23bc  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:54:03.0278 0x23bc  TsUsbFlt - ok
12:54:03.0342 0x23bc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:54:03.0345 0x23bc  tunnel - ok
12:54:03.0376 0x23bc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:54:03.0378 0x23bc  uagp35 - ok
12:54:03.0411 0x23bc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:54:03.0419 0x23bc  udfs - ok
12:54:03.0453 0x23bc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:54:03.0456 0x23bc  UI0Detect - ok
12:54:03.0481 0x23bc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:54:03.0483 0x23bc  uliagpkx - ok
12:54:03.0511 0x23bc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:54:03.0513 0x23bc  umbus - ok
12:54:03.0541 0x23bc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:54:03.0542 0x23bc  UmPass - ok
12:54:03.0661 0x23bc  [ 0FADD949576A164B4E51E716F46B6C33, 34B33EC767FFCF58647090F5293DD1942BA9CDC5AB9976528DE3793EF327D48E ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:54:03.0704 0x23bc  UNS - ok
12:54:03.0742 0x23bc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:54:03.0749 0x23bc  upnphost - ok
12:54:03.0789 0x23bc  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:54:03.0791 0x23bc  USBAAPL64 - ok
12:54:03.0824 0x23bc  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:03.0827 0x23bc  usbccgp - ok
12:54:03.0864 0x23bc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:54:03.0867 0x23bc  usbcir - ok
12:54:03.0890 0x23bc  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:54:03.0892 0x23bc  usbehci - ok
12:54:03.0937 0x23bc  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:54:03.0944 0x23bc  usbhub - ok
12:54:03.0968 0x23bc  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:54:03.0969 0x23bc  usbohci - ok
12:54:04.0009 0x23bc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:54:04.0010 0x23bc  usbprint - ok
12:54:04.0031 0x23bc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:04.0034 0x23bc  USBSTOR - ok
12:54:04.0057 0x23bc  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:54:04.0059 0x23bc  usbuhci - ok
12:54:04.0132 0x23bc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:54:04.0137 0x23bc  usbvideo - ok
12:54:04.0169 0x23bc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:54:04.0172 0x23bc  UxSms - ok
12:54:04.0236 0x23bc  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
12:54:04.0238 0x23bc  VaultSvc - ok
12:54:04.0350 0x23bc  [ 2662F24C7AEE2A32CEBDEC907A5366F1, B6A59DE0AA0E58F239D54DFEC902D1E5E8BAA19642EF1114101787A00272903D ] vcsFPService    C:\Windows\system32\vcsFPService.exe
12:54:04.0388 0x23bc  vcsFPService - ok
12:54:04.0403 0x23bc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:54:04.0406 0x23bc  vdrvroot - ok
12:54:04.0443 0x23bc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:54:04.0454 0x23bc  vds - ok
12:54:04.0484 0x23bc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:04.0486 0x23bc  vga - ok
12:54:04.0497 0x23bc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:54:04.0498 0x23bc  VgaSave - ok
12:54:04.0536 0x23bc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:54:04.0541 0x23bc  vhdmp - ok
12:54:04.0567 0x23bc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:54:04.0569 0x23bc  viaide - ok
12:54:04.0595 0x23bc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:54:04.0597 0x23bc  volmgr - ok
12:54:04.0641 0x23bc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:54:04.0650 0x23bc  volmgrx - ok
12:54:04.0690 0x23bc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:54:04.0697 0x23bc  volsnap - ok
12:54:04.0740 0x23bc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:54:04.0744 0x23bc  vsmraid - ok
12:54:04.0814 0x23bc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:54:04.0844 0x23bc  VSS - ok
12:54:04.0860 0x23bc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:54:04.0862 0x23bc  vwifibus - ok
12:54:04.0911 0x23bc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:54:04.0915 0x23bc  vwififlt - ok
12:54:04.0956 0x23bc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:54:04.0965 0x23bc  W32Time - ok
12:54:05.0001 0x23bc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:54:05.0002 0x23bc  WacomPen - ok
12:54:05.0044 0x23bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:54:05.0047 0x23bc  WANARP - ok
12:54:05.0054 0x23bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:54:05.0057 0x23bc  Wanarpv6 - ok
12:54:05.0132 0x23bc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:54:05.0159 0x23bc  WatAdminSvc - ok
12:54:05.0220 0x23bc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:54:05.0247 0x23bc  wbengine - ok
12:54:05.0287 0x23bc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:54:05.0292 0x23bc  WbioSrvc - ok
12:54:05.0330 0x23bc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:54:05.0338 0x23bc  wcncsvc - ok
12:54:05.0372 0x23bc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:54:05.0374 0x23bc  WcsPlugInService - ok
12:54:05.0393 0x23bc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:54:05.0394 0x23bc  Wd - ok
12:54:05.0439 0x23bc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:54:05.0456 0x23bc  Wdf01000 - ok
12:54:05.0497 0x23bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:54:05.0503 0x23bc  WdiServiceHost - ok
12:54:05.0514 0x23bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:54:05.0521 0x23bc  WdiSystemHost - ok
12:54:05.0555 0x23bc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:54:05.0561 0x23bc  WebClient - ok
12:54:05.0592 0x23bc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:54:05.0599 0x23bc  Wecsvc - ok
12:54:05.0618 0x23bc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:54:05.0622 0x23bc  wercplsupport - ok
12:54:05.0651 0x23bc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:54:05.0654 0x23bc  WerSvc - ok
12:54:05.0686 0x23bc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:54:05.0688 0x23bc  WfpLwf - ok
12:54:05.0702 0x23bc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:54:05.0703 0x23bc  WIMMount - ok
12:54:05.0722 0x23bc  WinDefend - ok
12:54:05.0742 0x23bc  WinHttpAutoProxySvc - ok
12:54:05.0799 0x23bc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:54:05.0811 0x23bc  Winmgmt - ok
12:54:05.0906 0x23bc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:54:05.0949 0x23bc  WinRM - ok
12:54:06.0007 0x23bc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
12:54:06.0009 0x23bc  WinUSB - ok
12:54:06.0063 0x23bc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:54:06.0080 0x23bc  Wlansvc - ok
12:54:06.0216 0x23bc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:54:06.0263 0x23bc  wlidsvc - ok
12:54:06.0293 0x23bc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:54:06.0294 0x23bc  WmiAcpi - ok
12:54:06.0326 0x23bc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:54:06.0330 0x23bc  wmiApSrv - ok
12:54:06.0357 0x23bc  WMPNetworkSvc - ok
12:54:06.0393 0x23bc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:54:06.0396 0x23bc  WPCSvc - ok
12:54:06.0421 0x23bc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:54:06.0424 0x23bc  WPDBusEnum - ok
12:54:06.0450 0x23bc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:54:06.0451 0x23bc  ws2ifsl - ok
12:54:06.0478 0x23bc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
12:54:06.0481 0x23bc  wscsvc - ok
12:54:06.0487 0x23bc  WSearch - ok
12:54:06.0587 0x23bc  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:54:06.0630 0x23bc  wuauserv - ok
12:54:06.0667 0x23bc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:54:06.0670 0x23bc  WudfPf - ok
12:54:06.0700 0x23bc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:54:06.0705 0x23bc  WUDFRd - ok
12:54:06.0730 0x23bc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:54:06.0733 0x23bc  wudfsvc - ok
12:54:06.0767 0x23bc  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:54:06.0774 0x23bc  WwanSvc - ok
12:54:06.0827 0x23bc  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
12:54:06.0836 0x23bc  yukonw7 - ok
12:54:06.0866 0x23bc  ================ Scan global ===============================
12:54:06.0923 0x23bc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:54:06.0957 0x23bc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:54:06.0969 0x23bc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:54:06.0998 0x23bc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:54:07.0035 0x23bc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:54:07.0042 0x23bc  [ Global ] - ok
12:54:07.0043 0x23bc  ================ Scan MBR ==================================
12:54:07.0054 0x23bc  [ FD4FA460B86E4F6187EBF9B45DFB2BCE ] \Device\Harddisk0\DR0
12:54:07.0234 0x23bc  \Device\Harddisk0\DR0 - ok
12:54:07.0235 0x23bc  ================ Scan VBR ==================================
12:54:07.0238 0x23bc  [ 46DF8215526B422CCF8D3869452F9EEC ] \Device\Harddisk0\DR0\Partition1
12:54:07.0240 0x23bc  \Device\Harddisk0\DR0\Partition1 - ok
12:54:07.0255 0x23bc  [ 7E5E27D5089321956415FC5A0DF5023D ] \Device\Harddisk0\DR0\Partition2
12:54:07.0257 0x23bc  \Device\Harddisk0\DR0\Partition2 - ok
12:54:07.0284 0x23bc  [ 0FE291D1C00110D676B463998F244223 ] \Device\Harddisk0\DR0\Partition3
12:54:07.0286 0x23bc  \Device\Harddisk0\DR0\Partition3 - ok
12:54:07.0305 0x23bc  [ B785E81AF2EC27C7A3E7ED8BAC702A92 ] \Device\Harddisk0\DR0\Partition4
12:54:07.0306 0x23bc  \Device\Harddisk0\DR0\Partition4 - ok
12:54:07.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:08.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:09.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:10.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:11.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:12.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:13.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:14.0307 0x23bc  Waiting for KSN requests completion. In queue: 251
12:54:15.0455 0x23bc  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 11.6.0.0 ), 0x52000 ( disabled : updated )
12:54:15.0457 0x23bc  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 11.6.0.0 ), 0x51010 ( enabled )
12:54:18.0057 0x23bc  ============================================================
12:54:18.0057 0x23bc  Scan finished
12:54:18.0057 0x23bc  ============================================================
12:54:18.0080 0x18c8  Detected object count: 0
12:54:18.0080 0x18c8  Actual detected object count: 0
12:56:56.0623 0x20d0  Deinitialize success
 
# AdwCleaner v3.017 - Report created 14/01/2014 at 13:05:41
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SRE Lab - SRELAB-HP
# Running from : C:\Users\SRE Lab\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\SRELAB~1\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files (x86)\Movdap
Folder Found C:\Users\SRE Lab\AppData\Roaming\Movdap
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.72
 
[ File : C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5269 octets] - [21/08/2013 17:43:31]
AdwCleaner[R1].txt - [4777 octets] - [14/01/2014 13:00:03]
AdwCleaner[R2].txt - [4541 octets] - [14/01/2014 13:05:41]
AdwCleaner[S0].txt - [5146 octets] - [21/08/2013 17:48:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4661 octets] ##########
 


#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 January 2014 - 01:29 PM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#5 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 15 January 2014 - 09:53 PM

ComboFix 14-01-04.03 - SRE Lab 01/15/2014   8:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7990.4926 [GMT -6:00]
Running from: c:\users\SRE Lab\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
 * Created a new restore point
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SRE Lab\Documents\~WRD2244.tmp
c:\users\SRE Lab\Documents\~WRL0748.tmp
c:\users\SRE Lab\Documents\~WRL1325.tmp
c:\users\SRE Lab\Documents\~WRL2279.tmp
c:\users\SRE Lab\Documents\~WRL2496.tmp
c:\users\SRE Lab\Documents\~WRL3385.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-15 to 2014-01-15  )))))))))))))))))))))))))))))))
.
.
2014-01-15 14:56 . 2014-01-15 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 23:55 . 2014-01-07 23:55 -------- d-----w- C:\found.000
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-06 17:59 . 2014-01-06 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-06 17:59 . 2014-01-06 17:59 -------- d-----w- c:\program files (x86)\QuickTime
2014-01-06 02:02 . 2014-01-06 02:02 -------- d-----w- c:\users\SRE Lab\AppData\Roaming\Corel
2014-01-04 01:54 . 2014-01-04 01:54 -------- d-----w- c:\users\SRE Lab\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 19:22 . 2013-11-22 05:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 19:22 . 2013-11-22 05:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-05 21:09 . 2013-11-08 00:18 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-12-05 21:08 . 2013-11-08 00:17 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-05 21:08 . 2013-11-08 00:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-11-30 21:55 . 2013-11-08 00:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-11-27 18:58 . 2013-11-27 18:58 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 18:58 . 2013-11-27 18:58 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 18:58 . 2013-11-27 18:58 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 18:58 . 2013-11-27 18:58 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 18:58 . 2013-11-27 18:58 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 18:58 . 2013-11-27 18:58 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 18:58 . 2013-11-27 18:58 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 18:58 . 2013-11-27 18:58 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 18:58 . 2013-11-27 18:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 18:58 . 2013-11-27 18:58 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 18:58 . 2013-11-27 18:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 18:58 . 2013-11-27 18:58 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 18:58 . 2013-11-27 18:58 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 18:58 . 2013-11-27 18:58 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 18:58 . 2013-11-27 18:58 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 18:58 . 2013-11-27 18:58 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 18:58 . 2013-11-27 18:58 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 18:58 . 2013-11-27 18:58 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 18:58 . 2013-11-27 18:58 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 18:58 . 2013-11-27 18:58 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 18:58 . 2013-11-27 18:58 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 18:58 . 2013-11-27 18:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 18:58 . 2013-11-27 18:58 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 18:58 . 2013-11-27 18:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 18:58 . 2013-11-27 18:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 18:58 . 2013-11-27 18:58 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 18:58 . 2013-11-27 18:58 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 18:58 . 2013-11-27 18:58 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 18:58 . 2013-11-27 18:58 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 18:58 . 2013-11-27 18:58 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 18:58 . 2013-11-27 18:58 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 18:58 . 2013-11-27 18:58 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 18:58 . 2013-11-27 18:58 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 18:58 . 2013-11-27 18:58 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 18:58 . 2013-11-27 18:58 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 18:58 . 2013-11-27 18:58 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 18:58 . 2013-11-27 18:58 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 18:58 . 2013-11-27 18:58 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 18:58 . 2013-11-27 18:58 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 18:58 . 2013-11-27 18:58 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 18:58 . 2013-11-27 18:58 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 18:58 . 2013-11-27 18:58 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 18:58 . 2013-11-27 18:58 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 18:58 . 2013-11-27 18:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 18:58 . 2013-11-27 18:58 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 18:58 . 2013-11-27 18:58 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 18:58 . 2013-11-27 18:58 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 18:58 . 2013-11-27 18:58 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 18:58 . 2013-11-27 18:58 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 18:58 . 2013-11-27 18:58 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 18:58 . 2013-11-27 18:58 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 18:58 . 2013-11-27 18:58 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 18:58 . 2013-11-27 18:58 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 18:58 . 2013-11-27 18:58 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 18:58 . 2013-11-27 18:58 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 18:58 . 2013-11-27 18:58 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 18:58 . 2013-11-27 18:58 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 18:58 . 2013-11-27 18:58 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 18:58 . 2013-11-27 18:58 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 16:02 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 16:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 16:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 16:02 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 16:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 16:01 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 16:02 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 16:02 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 16:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 16:02 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 16:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 16:02 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 16:02 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 16:02 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 16:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 16:02 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 16:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 16:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 16:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 16:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 16:01 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 16:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 16:02 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 16:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 18:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 18:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-18 17:41 . 2013-11-18 17:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-16 06:05 . 2013-11-16 06:05 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-16 06:05 . 2013-11-16 06:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-11-16 06:05 . 2013-11-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-11-12 02:23 . 2013-12-11 18:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 18:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 18:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 18:32 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 18:32 3155968 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-06 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2013-05-31 267224]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/16 01:59;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49452278
*Deregistered* - 49452278
*Deregistered* - avgtp
*Deregistered* - CLKMDRV10_C6F09094
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-07 23:17 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22 19:22]
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 19:19]
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 19:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-01-15  08:59:34
ComboFix-quarantined-files.txt  2014-01-15 14:59
.
Pre-Run: 382,118,760,448 bytes free
Post-Run: 382,221,967,360 bytes free
.
- - End Of File - - 0635FB7398D6EC49752D37C33C003430


#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 January 2014 - 06:12 PM

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new log and let me know how your system is running.   :)


Posted Image
 
 

#7 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 16 January 2014 - 10:35 PM

Ran adwcleaner as directed but now waiting on Startup Repair after reboot. Not looking good.



#8 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 16 January 2014 - 10:50 PM

Okay back up. (Thank you, Lord!).

 

# AdwCleaner v3.017 - Report created 16/01/2014 at 22:11:12
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SRE Lab - SRELAB-HP
# Running from : C:\Users\SRE Lab\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Movdap
Folder Deleted : C:\Users\SRE Lab\AppData\Roaming\Movdap
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5269 octets] - [21/08/2013 17:43:31]
AdwCleaner[R1].txt - [4777 octets] - [14/01/2014 13:00:03]
AdwCleaner[R2].txt - [4837 octets] - [14/01/2014 13:05:41]
AdwCleaner[R3].txt - [4832 octets] - [16/01/2014 22:09:40]
AdwCleaner[S0].txt - [5146 octets] - [21/08/2013 17:48:03]
AdwCleaner[S1].txt - [4675 octets] - [16/01/2014 22:11:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4735 octets] ##########


#9 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 16 January 2014 - 11:19 PM

Mcafee's virusscan keeps being turned off, with an appropriate warning from Mcafee. You can turn it back on, but something turns it back off again.



#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 January 2014 - 12:51 PM

Interesting.....run a new scan with OTL and post the new OTL.txt  :)


Posted Image
 
 

    Advertisements

Register to Remove


#11 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 18 January 2014 - 04:33 PM

Also getting a Windows notice in the toolbar about the system's performance not being that great.

 

OTL logfile created on: 1/18/2014 4:02:49 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SRE Lab\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 64.83% Memory free
15.60 Gb Paging File | 12.23 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 573.97 Gb Total Space | 356.60 Gb Free Space | 62.13% Space Free | Partition Type: NTFS
Drive D: | 21.91 Gb Total Space | 3.19 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
 
Computer Name: SRELAB-HP | User Name: SRE Lab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0007.tmp\lmi_rescue.exe (LogMeIn, Inc.)
PRC - C:\Users\SRE Lab\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
PRC - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ()
PRC - C:\Users\SRE Lab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\libglesv2.dll ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ()
MOD - C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CLKMSVC10_C6F09094) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe (CyberLink)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}
IE:64bit: - HKLM\..\SearchScopes\{727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{7AEF202B-80EF-45E0-A6F7-48EB97CA3957}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{CD2A1234-3A8D-4B8D-8F12-93C46896C555}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{7AEF202B-80EF-45E0-A6F7-48EB97CA3957}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{CD2A1234-3A8D-4B8D-8F12-93C46896C555}: "URL" = http://search.yahoo....psg&type=HPNTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{727E7E3A-8776-4AA3-A8AA-9F3BB13834CC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7AEF202B-80EF-45E0-A6F7-48EB97CA3957}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{CD2A1234-3A8D-4B8D-8F12-93C46896C555}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/09/16 03:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.1
 
[2013/08/02 14:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SRE Lab\AppData\Roaming\mozilla\Extensions
[2013/08/02 14:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - Extension: Skype Click to Call = C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1\
CHR - Extension: Google Wallet = C:\Users\SRE Lab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2014/01/15 08:57:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll File not found
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" File not found
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\SRE Lab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [*LogMeInRescue_1255852146] C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0007.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O4 - HKCU..\RunOnce: [116_2337862793524] C:\Users\SRE Lab\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp_r.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83B1974F-FA01-48E8-BCBA-ED025FD0DFA8}: DhcpNameServer = 10.4.40.11 10.4.40.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD09DC9-BBB7-4ECF-B449-DE3B7FCEDD22}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll File not found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/16 23:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/01/16 23:05:22 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/15 08:59:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/15 08:19:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/15 08:19:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/15 08:19:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/15 08:19:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/15 08:18:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/15 08:17:54 | 005,160,001 | R--- | C] (Swearware) -- C:\Users\SRE Lab\Desktop\ComboFix.exe
[2014/01/14 22:38:27 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/14 22:38:27 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 22:38:25 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 12:30:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\SRE Lab\Desktop\dds.com
[2014/01/12 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\OTL.exe
[2014/01/07 17:55:59 | 000,000,000 | ---D | C] -- C:\found.000
[2014/01/06 11:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/01/06 11:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/01/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\SRE Lab\Documents\My PSP Files
[2014/01/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\SRE Lab\AppData\Roaming\Corel
[2014/01/03 19:54:02 | 000,000,000 | ---D | C] -- C:\Users\SRE Lab\AppData\Local\ElevatedDiagnostics
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/18 15:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/18 15:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/18 14:54:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/16 23:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/16 23:08:25 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2014/01/16 23:07:18 | 000,799,372 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/16 23:07:18 | 000,664,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/16 23:07:18 | 000,122,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/16 23:06:51 | 000,774,560 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/16 22:59:07 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 22:59:07 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 22:53:56 | 000,448,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 22:52:31 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/15 21:50:55 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/15 08:57:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/15 08:17:58 | 005,160,001 | R--- | M] (Swearware) -- C:\Users\SRE Lab\Desktop\ComboFix.exe
[2014/01/14 12:57:43 | 001,236,282 | ---- | M] () -- C:\Users\SRE Lab\Desktop\AdwCleaner.exe
[2014/01/14 12:53:10 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SRE Lab\Desktop\TDSSKiller.exe
[2014/01/14 12:30:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\SRE Lab\Desktop\dds.com
[2014/01/12 22:46:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\OTL.exe
[2014/01/06 11:59:36 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/15 08:19:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/15 08:19:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/15 08:19:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/15 08:19:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/15 08:19:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/14 12:57:40 | 001,236,282 | ---- | C] () -- C:\Users\SRE Lab\Desktop\AdwCleaner.exe
[2014/01/06 11:59:36 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/09/18 22:03:07 | 000,591,296 | ---- | C] () -- C:\Users\SRE Lab\image.jpeg
[2013/09/18 22:03:07 | 000,516,365 | ---- | C] () -- C:\Users\SRE Lab\imo.jpeg
[2013/09/08 13:48:13 | 000,774,560 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/08 13:27:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SRELAB-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/07 17:26:58 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/08/07 17:26:58 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/08/07 17:26:58 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/08/07 17:26:58 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/08/07 17:26:58 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/08/07 17:26:58 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/08/07 17:26:58 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/08/07 17:26:58 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/08/07 17:26:58 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/08/07 17:26:58 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/08/07 17:26:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/08/07 17:26:58 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/08/07 17:26:58 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/08/07 17:26:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/08/07 17:26:58 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/08/07 17:26:58 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/08/07 17:26:58 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/08/07 17:26:58 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/08/07 17:26:58 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/07/29 17:05:13 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2013/07/29 16:59:03 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/12/03 07:42:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/12/03 07:42:50 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/21 11:13:29 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Audacity
[2012/03/28 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\DigitalPersona
[2014/01/18 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Spotify
[2013/08/04 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\Ulead Systems
[2013/07/20 15:56:32 | 000,000,000 | ---D | M] -- C:\Users\SRE Lab\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 20:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 14:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/20 00:37:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/07/20 00:33:51 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/20 00:37:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/20 00:33:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/20 00:37:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/20 00:33:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/20 00:37:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/20 00:33:51 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
[2009/07/13 20:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 20:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2014/01/16 22:56:39 | 000,184,686 | ---- | M] () MD5=759BB5C385C3C28C2610902A73E62B24 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: EXPLORER.ZIP  >
[2009/06/03 22:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2013/03/03 22:49:09 | 000,672,928 | ---- | M] (Microsoft Corporation) MD5=050A612C1CE0C7095CAD64EA32C570DB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[2013/11/27 12:58:15 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/27 12:58:15 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/07/31 04:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20617_none_1843b546cdda6584\iexplore.exe
[2013/07/24 20:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20613_none_183fb41ecdde0028\iexplore.exe
[2009/07/13 19:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2013/09/18 11:34:51 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/09/18 11:34:52 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/10/12 15:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 03:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/07/24 22:00:18 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=536B5973A34DDAA6E16AC8248B726BD0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20613_none_0deb09cc997d3e2d\iexplore.exe
[2013/07/24 20:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16502_none_17bfe6f5b4b92b16\iexplore.exe
[2013/03/01 23:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
[2010/11/20 07:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/10/12 01:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/07/31 08:22:10 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A818D637533302BA58C685F332388FC0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16506_none_0d6f3dcb8054ce77\iexplore.exe
[2013/07/31 04:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16506_none_17c3e81db4b59072\iexplore.exe
[2013/03/01 23:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_0f7d1cf63e66de3e\iexplore.exe
[2013/07/16 15:25:20 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=AFF2C99AD2C599108B6BD9E77C24B463 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_0d0dec99809dccc9\iexplore.exe
[2013/03/03 23:42:51 | 000,696,464 | ---- | M] (Microsoft Corporation) MD5=B1B17B56E0F9AE84A1F75E757217154E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_0fee1af15797670c\iexplore.exe
[2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/11/27 12:58:15 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/11/27 12:58:15 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\erdnt\cache86\iexplore.exe
[2013/11/27 12:58:15 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/09/22 17:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 01:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 18:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/07/31 07:01:01 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=E1D016741AA03A959586A7818595BF46 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20617_none_0def0af49979a389\iexplore.exe
[2013/09/22 19:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2013/07/16 15:25:22 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_176296ebb4fe8ec4\iexplore.exe
[2009/07/13 19:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2013/09/22 19:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2013/07/24 21:58:46 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=FA5B33E7BB143BCE846C303B528E8D62 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16502_none_0d6b3ca38058691b\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/27 12:58:15 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2013/07/16 15:25:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/07/16 15:25:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/09/18 11:34:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/09/18 11:34:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 00:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 20:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 15:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/20 00:37:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/20 00:37:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2009/07/13 20:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
[2010/11/20 07:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 07:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 20:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 20:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2014/01/15 08:59:34 | 000,021,827 | ---- | M] () -- C:\ComboFix.txt
[2014/01/16 22:52:31 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 22:53:19 | 4083,007,487 | -HS- | M] () -- C:\pagefile.sys
[2014/01/14 12:52:29 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_14.01.2014_12.52.24_log.txt
[2014/01/14 12:56:56 | 000,204,990 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_14.01.2014_12.53.20_log.txt
 
< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2013/02/05 23:56:16 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is CA5D-3C54
 Directory of C:\
07/13/2009  11:08 PM    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [..]
07/13/2009  11:08 PM    <JUNCTION>     Documents [..]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [..]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [..]
07/13/2009  11:08 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  11:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [..]
07/13/2009  11:08 PM    <JUNCTION>     Documents [..]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [..]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [..]
07/13/2009  11:08 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     Local Settings [..]
07/13/2009  11:08 PM    <JUNCTION>     My Documents [..]
07/13/2009  11:08 PM    <JUNCTION>     NetHood [..]
07/13/2009  11:08 PM    <JUNCTION>     PrintHood [..]
07/13/2009  11:08 PM    <JUNCTION>     Recent [..]
07/13/2009  11:08 PM    <JUNCTION>     SendTo [..]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [..]
07/13/2009  11:08 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  11:08 PM    <JUNCTION>     Application Data [..]
07/13/2009  11:08 PM    <JUNCTION>     History [..]
07/13/2009  11:08 PM    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [..]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [..]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\SRE Lab
03/28/2012  10:35 AM    <JUNCTION>     Application Data [C:\Users\SRE Lab\AppData\Roaming]
03/28/2012  10:35 AM    <JUNCTION>     Cookies [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Cookies]
03/28/2012  10:35 AM    <JUNCTION>     Local Settings [C:\Users\SRE Lab\AppData\Local]
03/28/2012  10:35 AM    <JUNCTION>     My Documents [C:\Users\SRE Lab\Documents]
03/28/2012  10:35 AM    <JUNCTION>     NetHood [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/28/2012  10:35 AM    <JUNCTION>     PrintHood [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/28/2012  10:35 AM    <JUNCTION>     Recent [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Recent]
03/28/2012  10:35 AM    <JUNCTION>     SendTo [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\SendTo]
03/28/2012  10:35 AM    <JUNCTION>     Start Menu [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Start Menu]
03/28/2012  10:35 AM    <JUNCTION>     Templates [C:\Users\SRE Lab\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\SRE Lab\AppData\Local
03/28/2012  10:35 AM    <JUNCTION>     Application Data [C:\Users\SRE Lab\AppData\Local]
03/28/2012  10:35 AM    <JUNCTION>     History [C:\Users\SRE Lab\AppData\Local\Microsoft\Windows\History]
03/28/2012  10:35 AM    <JUNCTION>     Temporary Internet Files [C:\Users\SRE Lab\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\SRE Lab\Documents
03/28/2012  10:35 AM    <JUNCTION>     My Music [C:\Users\SRE Lab\Music]
03/28/2012  10:35 AM    <JUNCTION>     My Pictures [C:\Users\SRE Lab\Pictures]
03/28/2012  10:35 AM    <JUNCTION>     My Videos [C:\Users\SRE Lab\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/16/2010  03:18 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/16/2010  03:18 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/16/2010  03:18 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/16/2010  03:18 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
09/16/2010  03:18 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/16/2010  03:18 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/16/2010  03:18 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              59 Dir(s)  382,788,034,560 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/17 08:41:58 | 000,000,221 | -HS- | M] () -- C:\Users\SRE Lab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/01/14 12:57:43 | 001,236,282 | ---- | M] () -- C:\Users\SRE Lab\Desktop\AdwCleaner.exe
[2014/01/15 08:17:58 | 005,160,001 | R--- | M] (Swearware) -- C:\Users\SRE Lab\Desktop\ComboFix.exe
[2013/11/25 22:30:20 | 000,979,928 | ---- | M] (CyberLink) -- C:\Users\SRE Lab\Desktop\CyberLink_YouCam_Downloader.exe
[2014/01/12 22:46:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SRE Lab\Desktop\OTL.exe
[2014/01/14 12:53:10 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SRE Lab\Desktop\TDSSKiller.exe
[2013/08/02 14:18:00 | 001,239,536 | ---- | M] (Microsoft Corporation) -- C:\Users\SRE Lab\Desktop\wlsetup-web(1).exe
[2013/08/02 14:11:30 | 001,239,536 | ---- | M] (Microsoft Corporation) -- C:\Users\SRE Lab\Desktop\wlsetup-web.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2013/10/21 22:47:55 | 000,000,098 | ---- | M] ()(C:\Users\SRE Lab\Desktop\? Faint Reflections - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Faint Reflections - YouTube.url
[2013/10/21 22:47:55 | 000,000,098 | ---- | C] ()(C:\Users\SRE Lab\Desktop\? Faint Reflections - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Faint Reflections - YouTube.url
[2013/08/12 11:48:45 | 000,000,068 | ---- | M] ()(C:\Users\SRE Lab\Desktop\? Filter dance summer intensive - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Filter dance summer intensive - YouTube.url
[2013/08/12 11:48:45 | 000,000,068 | ---- | C] ()(C:\Users\SRE Lab\Desktop\? Filter dance summer intensive - YouTube.url) -- C:\Users\SRE Lab\Desktop\▶ Filter dance summer intensive - YouTube.url
 
< End of report >


#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 January 2014 - 09:51 AM

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


Posted Image
 
 

#13 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 20 January 2014 - 07:23 PM

No malware found.

Maybe I should just uninstall and reinstall McAfee?



#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 January 2014 - 06:42 AM

That is always an option.  Give that a try and see if that fixes you up.  :)  Let me know how that goes.  


Posted Image
 
 

#15 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 21 January 2014 - 12:57 PM

Uninstalled McAfee but can't install it again. Something is interfering with the installer.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users