Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows 7 infected with something [Solved]


  • This topic is locked This topic is locked
32 replies to this topic

#1 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 28 January 2014 - 11:55 AM

Hi everyone, first off I would like to thank everyone for any help I can get, this has been a bit of a stubborn removal for me.  I have even reformatted, and reinstalled windows but strangely, its still infected. any help, again is really appreciated. :)


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 30 January 2014 - 09:10 PM

Hi leafaninottawa,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================


I have even reformatted, and reinstalled windows but strangely, its still infected.

Not sure how you can still be infected if you did a re-install, but follow the steps below, post the logs requested and give a description of what symptoms you are experiencing and we'll get to work to try and sort it out.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 31 January 2014 - 04:27 PM

TY for your assistance, I could not access the site to download security check, is there another link I could get it from?



#4 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 31 January 2014 - 05:03 PM

here is the aswMBR log.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-31 17:29:25
-----------------------------
17:29:25.341    OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:25.341    Number of processors: 2 586 0x1706
17:29:25.356    ComputerName: STEVE-PC  UserName: Easyhome
17:29:26.482    Initialize success
17:45:17.239    AVAST engine defs: 14013101
17:45:45.215    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:45:45.222    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
17:45:45.403    Disk 0 MBR read successfully
17:45:45.411    Disk 0 MBR scan
17:45:45.426    Disk 0 Windows 7 default MBR code
17:45:45.443    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       244869 MB offset 2048
17:45:45.474    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       232068 MB offset 501493760
17:45:45.616    Disk 0 scanning C:\Windows\system32\drivers
17:46:05.967    Service scanning
17:46:37.122    Modules scanning
17:46:37.146    Disk 0 trace - called modules:
17:46:37.217    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:46:37.231    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058ed060]
17:46:37.244    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bf8050]
17:46:38.014    AVAST engine scan C:\Windows
17:46:44.167    AVAST engine scan C:\Windows\system32
17:52:10.678    AVAST engine scan C:\Windows\system32\drivers
17:52:31.606    AVAST engine scan C:\Users\Easyhome
17:59:19.855    AVAST engine scan C:\ProgramData
18:01:31.612    Scan finished successfully
18:02:42.200    Disk 0 MBR has been saved successfully to "C:\Users\Easyhome\Desktop\MBR.dat"
18:02:42.208    The log file has been saved successfully to "C:\Users\Easyhome\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   555bytes   45 downloads

Edited by leafaninottawa, 31 January 2014 - 05:05 PM.


#5 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 31 January 2014 - 05:31 PM

OTL logfile created on: 31/01/2014 6:07:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Easyhome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.72% Memory free
7.99 Gb Paging File | 5.47 Gb Available in Paging File | 68.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.13 Gb Total Space | 170.91 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
Drive E: | 226.63 Gb Total Space | 31.28 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
 
Computer Name: STEVE-PC | User Name: Easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Easyhome\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe (Anvisoft)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (.Net Main) -- C:\Windows\SysNative\idle-Threads.exe ()
SRV:64bit: - (.Net Security) -- C:\Windows\SysNative\latch-Threads.exe ()
SRV:64bit: - (.Net Crypt) -- C:\Windows\SysNative\mutex-Threads.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (AnviCsbSvc) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe (Anvisoft)
SRV - (VaultSvc) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (SamSs) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (ProtectedStorage) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (Netlogon) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (KeyIso) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (EFS) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (asdsrv) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (usbvox) -- C:\Windows\SysNative\Drivers\usbvox64.sys ()
DRV:64bit: - (scssifilter) -- C:\Windows\SysNative\drivers\scssifilter64.sys (Microsoft Corporation)
DRV:64bit: - (usbmp3) -- C:\Windows\SysNative\Drivers\usbmp364.sys ()
DRV:64bit: - (usbwav) -- C:\Windows\SysNative\Drivers\usbwav64.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (asdrs) -- C:\Windows\SysNative\drivers\asdrs.sys (Anvisoft)
DRV:64bit: - (asdrm) -- C:\Windows\SysNative\drivers\asdrm.sys (Anvisoft)
DRV:64bit: - (asdws) -- C:\Windows\SysNative\drivers\asdws.sys ()
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\drivers\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\drivers\o2mdx64.sys (O2Micro )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
IE - HKCU\..\SearchScopes,DefaultScope = {A653A084-C13D-4DD2-A04B-87215BCE6F00}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enCA566
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A653A084-C13D-4DD2-A04B-87215BCE6F00}: "URL" = http://search.zoneal...Id=&ver=&&r=151
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Easyhome\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
[2013/12/14 08:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.ca/
CHR - Extension: Google Docs = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/12/25 09:35:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Facebook Update]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{578895BC-C9D1-48F0-A42C-C021DA8806F9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEBCE5E1-F9F2-456C-ADCC-ACF0B81EAF13}: DhcpNameServer = 216.218.29.11 207.219.69.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.l3acm - l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: VIDC.X264 - x264vfw64.dll (x264vfw project)
Drivers32:64bit: VIDC.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/31 17:23:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Easyhome\Desktop\OTL.exe
[2014/01/31 17:23:45 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Easyhome\Desktop\aswMBR.exe
[2014/01/30 15:12:48 | 000,000,000 | R--D | C] -- C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2014/01/16 07:54:42 | 000,000,000 | ---D | C] -- C:\Users\Easyhome\AppData\Local\ElevatedDiagnostics
[2014/01/16 05:40:34 | 000,000,000 | ---D | C] -- C:\Users\Easyhome\AppData\Local\Diagnostics
[2014/01/10 14:18:25 | 000,000,000 | ---D | C] -- C:\Users\Easyhome\Desktop\backups
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/31 18:10:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 18:04:59 | 000,000,555 | ---- | M] () -- C:\Users\Easyhome\Desktop\MBR.zip
[2014/01/31 18:02:42 | 000,000,512 | ---- | M] () -- C:\Users\Easyhome\Desktop\MBR.dat
[2014/01/31 17:24:50 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Easyhome\Desktop\aswMBR.exe
[2014/01/31 17:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Easyhome\Desktop\OTL.exe
[2014/01/31 17:22:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 17:11:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000UA.job
[2014/01/31 04:42:34 | 002,626,514 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2014/01/31 04:42:34 | 000,000,124 | RH-- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2014/01/31 02:21:47 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 02:21:47 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 02:02:42 | 000,009,529 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2014/01/30 20:11:05 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000Core.job
[2014/01/30 15:12:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/30 15:12:18 | 3217,272,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/29 08:41:54 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/28 14:23:57 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/28 14:23:57 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/28 14:23:57 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2014/01/31 18:04:59 | 000,000,555 | ---- | C] () -- C:\Users\Easyhome\Desktop\MBR.zip
[2014/01/31 18:02:42 | 000,000,512 | ---- | C] () -- C:\Users\Easyhome\Desktop\MBR.dat
[2014/01/28 14:31:03 | 002,227,226 | ---- | C] () -- C:\Users\Easyhome\Desktop\100_0917.JPG
[2014/01/28 14:31:03 | 002,065,003 | ---- | C] () -- C:\Users\Easyhome\Desktop\100_0916.JPG
[2014/01/28 14:29:44 | 200,488,374 | ---- | C] () -- C:\Users\Easyhome\Desktop\100_0919.MOV
[2013/12/23 15:15:30 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
[2013/12/23 15:15:30 | 000,000,800 | ---- | C] () -- C:\Windows\unins000.dat
[2013/12/16 23:06:50 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/12/16 23:06:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/12/16 23:06:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/12/16 23:06:48 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/12/16 23:06:47 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/12/14 10:23:25 | 000,660,257 | ---- | C] () -- C:\Users\Easyhome\AppData\Local\census.cache
[2013/12/14 10:22:54 | 000,079,137 | ---- | C] () -- C:\Users\Easyhome\AppData\Local\ars.cache
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/12/14 09:59:20 | 000,009,529 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/12/14 09:44:46 | 000,000,036 | ---- | C] () -- C:\Users\Easyhome\AppData\Local\housecall.guid.cache
[2013/12/13 17:31:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/13 17:31:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/13 17:31:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/13 17:31:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/13 17:31:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/21 20:52:44 | 000,001,639 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012/02/21 20:05:36 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/02/21 20:05:34 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 03:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:47:52 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:47:08 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/25 22:26:42 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\Anvisoft
[2013/12/14 08:49:01 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\Check Point Software Technologies LTD
[2013/12/21 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\DAEMON Tools Lite
[2013/12/23 17:46:38 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\MPC-HC
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 04:35:48 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/07/13 20:48:04 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2012/02/21 20:52:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2012/02/21 20:52:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 22:41:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2012/02/21 20:52:06 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2012/02/21 21:17:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2012/02/21 20:52:06 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/21 21:14:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2012/02/21 20:52:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/21 20:52:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2012/02/21 21:17:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2012/02/21 21:14:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/02/21 21:17:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2012/02/21 21:14:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 22:56:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2012/02/21 21:17:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2012/02/21 20:52:06 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012/02/21 21:14:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 04:35:28 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 04:35:28 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 04:35:50 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 04:35:50 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2013/03/03 23:49:09 | 000,672,928 | ---- | M] (Microsoft Corporation) MD5=050A612C1CE0C7095CAD64EA32C570DB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[2013/12/15 07:02:13 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=140325733F0DFB82A6A600CE301478EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_0d599df380650659\iexplore.exe
[2009/07/13 22:43:32 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/02/21 20:47:28 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2013/12/15 07:02:13 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_17ae4845b4c5c854\iexplore.exe
[2013/03/02 00:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/12/17 09:22:35 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/12/17 09:22:35 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_167d6dbc1e46cfdd\iexplore.exe
[2013/12/17 09:22:36 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/12/17 09:22:36 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\erdnt\cache86\iexplore.exe
[2013/12/17 09:22:36 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[2012/02/21 20:47:28 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2013/03/02 00:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_0f7d1cf63e66de3e\iexplore.exe
[2013/03/04 00:42:51 | 000,696,464 | ---- | M] (Microsoft Corporation) MD5=B1B17B56E0F9AE84A1F75E757217154E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_0fee1af15797670c\iexplore.exe
[2012/02/21 20:47:28 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2012/02/21 20:47:28 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2009/07/13 22:58:58 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/12/15 07:02:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/12/15 07:02:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 04:35:30 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 04:35:52 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/07/13 19:40:38 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:19:46 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 22:19:46 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 22:19:46 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 04:35:48 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 04:35:48 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 03:54:04 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 03:54:04 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 19:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 19:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 04:35:34 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/07/13 20:34:42 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 04:35:54 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/07/13 20:44:22 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 04:35:34 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/07/13 20:34:42 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 04:35:54 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/07/13 20:44:22 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 19:16:16 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 19:16:16 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2011/01/17 21:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 21:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 04:35:48 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/07/13 20:41:32 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 22:52:48 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/02/21 21:17:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\winlogon.exe
[2012/02/21 21:17:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 04:35:48 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 04:35:48 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 20:41:42 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:41:42 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/12/13 19:31:51 | 000,009,635 | -H-- | M] () -- C:\BackupSys.log
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2013/12/25 09:43:06 | 000,025,671 | ---- | M] () -- C:\ComboFix.txt
[2014/01/30 15:12:18 | 3217,272,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 15:12:23 | 4289,699,840 | -HS- | M] () -- C:\pagefile.sys
[2012/02/21 21:08:24 | 000,004,956 | RHS- | M] () -- C:\Patch.rev
[2012/02/21 20:43:30 | 3409,490,696 | RHS- | M] () -- C:\pcRestore.sys
[2009/10/28 21:03:16 | 000,000,194 | RHS- | M] () -- C:\Preload.rev
 
< %systemroot%\Fonts\*.com >
[2009/07/14 04:32:38 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:32:38 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:32:38 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:32:38 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/07/14 01:36:42 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2002/04/05 21:57:26 | 000,237,568 | ---- | M] () -- C:\Windows\Matrix Code Emulator.scr
[2009/07/10 16:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 03:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Gateway
 Volume Serial Number is B6AA-FDA9
 Directory of C:\
13/12/2013  07:30 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
13/12/2013  07:30 PM    <JUNCTION>     Application Data [C:\ProgramData]
13/12/2013  07:30 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
13/12/2013  07:30 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
13/12/2013  07:30 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
13/12/2013  07:30 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/12/2013  07:30 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
13/12/2013  07:30 PM    <SYMLINKD>     All Users [C:\ProgramData]
13/12/2013  07:30 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
13/12/2013  07:30 PM    <JUNCTION>     Application Data [C:\ProgramData]
13/12/2013  07:30 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
13/12/2013  07:30 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
13/12/2013  07:30 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
13/12/2013  07:30 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/12/2013  07:30 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
13/12/2013  07:30 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
13/12/2013  07:30 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
13/12/2013  07:30 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
13/12/2013  07:30 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/12/2013  07:30 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/12/2013  07:30 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
13/12/2013  07:30 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
13/12/2013  07:30 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
13/12/2013  07:30 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
13/12/2013  07:30 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
13/12/2013  07:30 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
13/12/2013  07:30 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
13/12/2013  07:30 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
13/12/2013  07:30 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
13/12/2013  07:30 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Easyhome
13/12/2013  07:30 PM    <JUNCTION>     Application Data [C:\Users\Easyhome\AppData\Roaming]
13/12/2013  07:30 PM    <JUNCTION>     Cookies [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Cookies]
13/12/2013  07:30 PM    <JUNCTION>     Local Settings [C:\Users\Easyhome\AppData\Local]
13/12/2013  07:30 PM    <JUNCTION>     My Documents [C:\Users\Easyhome\Documents]
13/12/2013  07:30 PM    <JUNCTION>     NetHood [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/12/2013  07:30 PM    <JUNCTION>     PrintHood [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/12/2013  07:30 PM    <JUNCTION>     Recent [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Recent]
13/12/2013  07:30 PM    <JUNCTION>     SendTo [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\SendTo]
13/12/2013  07:30 PM    <JUNCTION>     Start Menu [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Start Menu]
13/12/2013  07:30 PM    <JUNCTION>     Templates [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Easyhome\AppData\Local
13/12/2013  07:30 PM    <JUNCTION>     Application Data [C:\Users\Easyhome\AppData\Local]
13/12/2013  07:30 PM    <JUNCTION>     History [C:\Users\Easyhome\AppData\Local\Microsoft\Windows\History]
13/12/2013  07:30 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Easyhome\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Easyhome\Documents
13/12/2013  07:30 PM    <JUNCTION>     My Music [C:\Users\Easyhome\Music]
13/12/2013  07:30 PM    <JUNCTION>     My Pictures [C:\Users\Easyhome\Pictures]
13/12/2013  07:30 PM    <JUNCTION>     My Videos [C:\Users\Easyhome\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
13/12/2013  07:30 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
13/12/2013  07:30 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
13/12/2013  07:30 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s)  183,475,822,592 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
[2014/01/06 19:45:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\bak
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/12/15 07:44:01 | 000,000,221 | -HS- | M] () -- C:\Users\Easyhome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/01/31 17:24:50 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Easyhome\Desktop\aswMBR.exe
[2013/12/25 22:21:22 | 015,627,064 | ---- | M] (Anvisoft) -- C:\Users\Easyhome\Desktop\csbsetup.exe
[2013/12/13 17:24:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Easyhome\Desktop\HijackThis.exe
[2014/01/31 17:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Easyhome\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 22:21:28 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 23:08:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV - [2013/12/14 10:06:10 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 23:00:02 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 22:44:38 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/02/21 20:49:56 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 23:12:22 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 23:06:24 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 22:51:08 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 23:10:14 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 22:37:06 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 23:22:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 23:08:12 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 23:12:40 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 22:56:58 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 22:21:20 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/02/21 20:49:08 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV - [2013/12/14 10:06:10 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 23:10:10 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV - [2013/12/14 10:06:10 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 22:48:32 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 22:54:46 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 22:47:26 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 23:07:34 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500325AS
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 239.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 227.00GB
Starting Offset: 256764805120
Hidden sectors: 0
 
 
< End of report >


#6 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 31 January 2014 - 05:32 PM

OTL Extras logfile created on: 31/01/2014 6:07:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Easyhome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.72% Memory free
7.99 Gb Paging File | 5.47 Gb Available in Paging File | 68.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.13 Gb Total Space | 170.91 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
Drive E: | 226.63 Gb Total Space | 31.28 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
 
Computer Name: STEVE-PC | User Name: Easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D737381-E983-4FD9-B2B1-9C334E8A9C42}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1793A384-50CE-480D-B122-2AEFB494900C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{517AFB6F-54CE-4D70-9464-4767823B8471}" = rport=139 | protocol=6 | dir=out | app=system | 
"{626E78CD-B26F-435A-853B-306C97F8D7D2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{62A7CF4B-6C38-4513-93FC-78CD8866CCED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6360CF6A-480E-4BF1-9452-26752D44AE98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66515A91-97BF-43EE-8F93-A61CA156599D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8865EEBC-A7EA-43DB-8042-3DB8C8E739AE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8CE1BE07-A830-4695-A141-DCFAA431F02D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8E7B2B03-E928-4BFD-A215-D8B6D5EA731C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F67AEE5-240F-4B8C-9278-FA30C6B43563}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9C05F147-CD03-4C33-AA64-F83D40621753}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A28866BB-7D94-4FAE-A5C2-1065364A5CDC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A34F0611-44FF-4FEC-BCC7-F83AB19818FA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B7A89DFC-1B74-482A-AD84-8114F7FD8E90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9D85275-8CD6-4018-8589-4E7D3F11C67C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D3D264B6-A416-4DD3-AA80-E5878EBCB16F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D8D68DEA-3C05-4CC4-B3C8-D4F1171C49BA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D95DABF4-CB3F-45B8-B360-A004CDFAF282}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC337E71-144F-4113-80C5-4FF920D23FF9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F790862A-A3B1-41C8-A8CA-CE6B3A3C1767}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD7D7280-CD10-4E4B-AE0A-A08AC9460FEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE30C1BF-DA03-4C12-A73E-C2B06BF722E0}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B17065-58E3-4EB9-A343-7177A2995B93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FC05D4B-8AB3-4DC4-ADA4-C6B3364B2892}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3C7BDBAE-9368-4EFD-8B54-AFAF77DEBC77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3CD9FB26-C2BE-49E6-85C4-E8CAFD9F43D1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4C18DA1C-326E-4EC6-8846-5350641C9C80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{649E3564-AE79-4E12-B262-87B3E6F23FFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6B126AC7-F49C-423E-B8CA-54722F7FF885}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6DD2100B-59CF-4B2A-BC64-3D07468F1F1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74DA300C-7947-446D-9936-1A056FD2439B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7684A38D-4C1B-4FD2-B127-A6D9C0E8E445}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7A03E78A-A814-4B64-951E-744E1940B6F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7D893536-83DB-49D6-ACCB-7592889163A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8290E1C7-6EAC-48E3-87E0-0F157E52CAB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8DEF16F1-3EA1-4AED-80E2-074244AEE359}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{9132FFF8-5EE7-4A56-8ADF-503DF2111A1E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{96410458-3BA3-4304-A24B-CFD2A2F569DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A109CDC1-DA76-4A48-8C53-34D408D34910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A271F11E-8D3B-4C57-8B6F-500CA3C3A2CF}" = protocol=6 | dir=out | app=system | 
"{B0C4BE9A-4D51-4B6B-8086-A18C125CC95B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B498B8C0-0DB5-46BA-A5DF-42B9B339A44A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BB1D95F9-3CF4-4774-812A-B51B96A966C7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{BC8CBCDA-8C18-4A40-BDA9-2F7DF807849D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C17CB9A3-7761-4849-A6C4-6D933AE98E71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C17D54C2-824A-40F8-9EC7-87AA50B3D46E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5C13C86-89DB-457A-A27B-C101F15962EB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C93A68F4-8732-49B4-BD3B-405A14AC423B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D19D5E06-BFC5-4E37-8DE9-63F13A192C27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D2DF206E-151F-4B70-B2B3-9B85CE3237D6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D5EDE048-D6DF-4722-A3E2-D99FC89CD6C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8AEFA35-2FD2-4EEF-B9F4-02D797FDD25F}" = dir=in | app=c:\users\easyhome\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{E9B2D02F-5C93-4706-8377-B94E0E9F504D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCB7FA65-337C-48E6-AB24-E01FD2D9CE58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C552757-172E-4C18-AA3E-3DFAC5A15DAA}" = O2Micro Flash Memory Card Reader Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Anvi Smart Defender" = Anvi Smart Defender 1.9.3
"Cloud System Booster" = Cloud System Booster
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.1.5
"Marvell Miniport Driver" = Marvell Miniport Driver
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30/01/2014 6:14:23 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 30/01/2014 6:16:55 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
 live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
 files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 31/01/2014 2:56:38 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 31/01/2014 2:57:17 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
 live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
 files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 22/01/2014 12:18:11 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22/01/2014 3:11:23 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25/01/2014 2:55:14 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25/01/2014 2:55:53 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 25/01/2014 2:56:03 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25/01/2014 4:38:45 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28/01/2014 1:29:16 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28/01/2014 3:33:25 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 30/01/2014 4:13:01 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 30/01/2014 4:13:14 PM | Computer Name = Steve-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >


#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 January 2014 - 08:35 PM

Hi leafaninottawa,

In future replies please copy and paste all logs requested into one reply. I appreciate your cooperation.

=========================
 

I could not access the site to download security check, is there another link I could get it from?


http://www.bleepingc.../securitycheck/

=========================

You logs look pretty good. Can you tell me what symptoms you are having that lead you to believe your infected.

Also, you logs show you have run ComboFix in the past. Was that in relation to this issue?

Locate the log if it is still present and post in your next reply.
C:\ComboFix.txt

In your next post please provide the following:

  • checkup.txt
  • Answers to my questions.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#8 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 02 February 2014 - 09:28 AM

my symptoms are high CPU most of the time, and the fan runs sometimes for long periods of time at a higher than normal rpm.... as well I have come across a few processes in the Task manager more specifically, idle-threads.exe, latch-Threads.exe, and a while ago, I had mutex-Threads.exe, and semaphore-Threads.exe

 

here is the checkup log.

  Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
ZoneAlarm Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 22  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Anvisoft Anvi Smart Defender ASDSrv.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
And the combofix log, I couldnt find an older one, so I just ran the scan again

ComboFix 13-12-24.02 - Easyhome 02/02/2014   0:05.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4091.1805 [GMT -5:00]
Running from: c:\users\Easyhome\Downloads\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Corporation\Microsoft® Windows® Operating System
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.Net Semaphore
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-02 to 2014-02-02  )))))))))))))))))))))))))))))))
.
.
2014-02-02 05:20 . 2014-02-02 05:20 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2014-02-02 05:15 . 2014-02-02 05:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-02 05:15 . 2014-02-02 05:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-02 05:10 . 2014-02-02 05:16 -------- d-----w- c:\programdata\Microsoft Corporation
2014-01-16 12:54 . 2014-01-16 12:54 -------- d-----w- c:\users\Easyhome\AppData\Local\ElevatedDiagnostics
2014-01-16 10:40 . 2014-01-16 10:40 -------- d-----w- c:\users\Easyhome\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 20:15 . 2013-12-23 20:15 640957 ----a-w- c:\windows\unins000.exe
2013-12-22 04:05 . 2013-12-22 04:05 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-17 23:36 . 2013-12-17 23:36 597104 ---h--r- c:\windows\system32\ProgramlicenseRequired.exe
2013-12-17 17:14 . 2012-02-22 03:35 126976 ------w- c:\windows\system32\Interop.SHDocVw.dll
2013-12-17 17:13 . 2012-02-22 03:35 18928 ------r- c:\windows\system32\drivers\scssifilter64.sys
2013-12-17 14:22 . 2013-12-17 14:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 14:22 . 2013-12-17 14:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-17 14:22 . 2013-12-17 14:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-17 14:22 . 2013-12-17 14:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-12-17 14:22 . 2013-12-17 14:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-17 14:22 . 2013-12-17 14:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-17 14:22 . 2013-12-17 14:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-12-17 14:22 . 2013-12-17 14:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-12-17 14:22 . 2013-12-17 14:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-17 14:22 . 2013-12-17 14:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-17 14:22 . 2013-12-17 14:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-17 14:22 . 2013-12-17 14:22 441856 ----a-w- c:\windows\system32\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-12-17 14:22 . 2013-12-17 14:22 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-17 14:22 . 2013-12-17 14:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-12-17 14:22 . 2013-12-17 14:22 235008 ----a-w- c:\windows\system32\url.dll
2013-12-17 14:22 . 2013-12-17 14:22 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-12-17 14:22 . 2013-12-17 14:22 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-17 14:22 . 2013-12-17 14:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-17 14:22 . 2013-12-17 14:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-12-17 14:22 . 2013-12-17 14:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-17 14:22 . 2013-12-17 14:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-12-17 14:22 . 2013-12-17 14:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-12-17 14:22 . 2013-12-17 14:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-17 14:22 . 2013-12-17 14:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-02-22 03:59 405504 --sha-r- c:\windows\System32\vshadow.exe
2012-02-22 03:59 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2012-02-22 03:59 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CloudSystemBooster"="c:\program files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" [2013-12-24 527544]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2012-02-22 600688]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-10-21 1636536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 .Net Crypt;Microsoft.NET Framework SecurityCrypt x2.0c;c:\windows\system32\mutex-Threads.exe;c:\windows\SYSNATIVE\mutex-Threads.exe [x]
R2 .Net Security;Microsoft.NET Framework KernelSecurity x2.0c;c:\windows\system32\latch-Threads.exe;c:\windows\SYSNATIVE\latch-Threads.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 scssifilter;scssifilter;c:\windows\system32\Drivers\scssifilter64.sys;c:\windows\SYSNATIVE\Drivers\scssifilter64.sys [x]
S0 usbmp3;usbmp3;c:\windows\system32\Drivers\usbmp364.sys;c:\windows\SYSNATIVE\Drivers\usbmp364.sys [x]
S0 usbvox;usbvox;c:\windows\system32\Drivers\usbvox64.sys;c:\windows\SYSNATIVE\Drivers\usbvox64.sys [x]
S0 usbwav;usbwav;c:\windows\system32\Drivers\usbwav64.sys;c:\windows\SYSNATIVE\Drivers\usbwav64.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 .Net Main;Microsoft.NET Framework Kernel x2.0c;c:\windows\system32\idle-Threads.exe;c:\windows\SYSNATIVE\idle-Threads.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 13:38 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000Core.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000UA.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-29 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-02-22 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-22 823840]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21983
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.entru.com/?s=21983
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Facebook Update - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
   47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
   2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,f4,bc,f4,a5,12,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2014-02-02  00:27:34 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-02 05:27
ComboFix2.txt  2013-12-25 14:43
ComboFix3.txt  2013-12-13 22:45
.
Pre-Run: 183,102,918,656 bytes free
Post-Run: 183,025,299,456 bytes free
.
- - End Of File - - C542112C62BF4ABFB1105FBE96296CA7
A36C5E4F47E84449FF07ED3517B43A31
 


#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 February 2014 - 11:19 PM

Hi leafaninottawa,

I was just asking for you to locate the log, I didn't mean for you to run a new scan with Combofix. Please don't run any tools unless requested to do so.

 

=========================

I can't find clear evidence that these files are malware related. They appear to be part of Microsoft .Net Framework.
c:\windows\system32\mutex-Threads.exe
c:\windows\system32\latch-Threads.exe
c:\windows\system32\idle-Threads.exe


=========================

bullseye_zpse9eaf36e.gif TDSSKiller

Please download TDSSKiller.zip - Extract it to your desktop

  • TDSSKiller.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

=========================

In your next post please provide the following:

  • TDSSKiller log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 03 February 2014 - 09:27 AM

here is the TDSSKiller log

 

10:23:36.0961 0x0e28  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:23:41.0485 0x0e28  ============================================================
10:23:41.0485 0x0e28  Current date / time: 2014/02/03 10:23:41.0485
10:23:41.0485 0x0e28  SystemInfo:
10:23:41.0485 0x0e28  
10:23:41.0485 0x0e28  OS Version: 6.1.7601 ServicePack: 1.0
10:23:41.0485 0x0e28  Product type: Workstation
10:23:41.0485 0x0e28  ComputerName: STEVE-PC
10:23:41.0485 0x0e28  UserName: Easyhome
10:23:41.0485 0x0e28  Windows directory: C:\Windows
10:23:41.0485 0x0e28  System windows directory: C:\Windows
10:23:41.0485 0x0e28  Running under WOW64
10:23:41.0485 0x0e28  Processor architecture: Intel x64
10:23:41.0485 0x0e28  Number of processors: 2
10:23:41.0485 0x0e28  Page size: 0x1000
10:23:41.0485 0x0e28  Boot type: Normal boot
10:23:41.0485 0x0e28  ============================================================
10:23:42.0390 0x0e28  KLMD registered as C:\Windows\system32\drivers\74962734.sys
10:23:42.0670 0x0e28  System UUID: {C8A5CD92-24B6-5CDF-CA85-672695F060E2}
10:23:43.0607 0x0e28  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:23:43.0607 0x0e28  Drive \Device\Harddisk1\DR1 - Size: 0x1E2400000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:23:43.0639 0x0e28  ============================================================
10:23:43.0639 0x0e28  \Device\Harddisk0\DR0:
10:23:43.0639 0x0e28  MBR partitions:
10:23:43.0639 0x0e28  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DE42800
10:23:43.0639 0x0e28  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DE43000, BlocksNum 0x1C542000
10:23:43.0639 0x0e28  \Device\Harddisk1\DR1:
10:23:43.0639 0x0e28  MBR partitions:
10:23:43.0639 0x0e28  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0xF10BC2
10:23:43.0639 0x0e28  ============================================================
10:23:43.0685 0x0e28  C: <-> \Device\Harddisk0\DR0\Partition1
10:23:43.0763 0x0e28  E: <-> \Device\Harddisk0\DR0\Partition2
10:23:43.0763 0x0e28  ============================================================
10:23:43.0763 0x0e28  Initialize success
10:23:43.0763 0x0e28  ============================================================
10:23:46.0603 0x1194  ============================================================
10:23:46.0603 0x1194  Scan started
10:23:46.0603 0x1194  Mode: Manual; 
10:23:46.0603 0x1194  ============================================================
10:23:46.0603 0x1194  KSN ping started
10:23:49.0582 0x1194  KSN ping finished: true
10:23:53.0061 0x1194  ================ Scan system memory ========================
10:23:53.0061 0x1194  System memory - ok
10:23:53.0061 0x1194  ================ Scan services =============================
10:23:53.0623 0x1194  [ 7F88561ACFD4C57FC2B67BC637AFAF50, 0B8E7159F6C966A06079BAEF1D34C54BA3DABBBAB2D8224D570FE0AEE59674C3 ] .Net Crypt      C:\Windows\system32\mutex-Threads.exe
10:23:53.0685 0x1194  Suspicious file ( NoAccess ): C:\Windows\system32\mutex-Threads.exe. md5: 7F88561ACFD4C57FC2B67BC637AFAF50, sha256: 0B8E7159F6C966A06079BAEF1D34C54BA3DABBBAB2D8224D570FE0AEE59674C3
10:23:53.0716 0x1194  .Net Crypt - detected LockedFile.Multi.Generic ( 1 )
10:23:56.0821 0x1194  Detect skipped due to KSN trusted
10:23:56.0821 0x1194  .Net Crypt - ok
10:23:57.0289 0x1194  [ 22049A7E612D84B0DDAD53ECC80E983E, C5B5C17D8A516968C9F6BBC886CF1D421BA6A6241D68E1F2C5F22A4EB3011E4C ] .Net Main       C:\Windows\system32\idle-Threads.exe
10:23:57.0289 0x1194  Suspicious file ( NoAccess ): C:\Windows\system32\idle-Threads.exe. md5: 22049A7E612D84B0DDAD53ECC80E983E, sha256: C5B5C17D8A516968C9F6BBC886CF1D421BA6A6241D68E1F2C5F22A4EB3011E4C
10:23:57.0304 0x1194  .Net Main - detected LockedFile.Multi.Generic ( 1 )
10:24:00.0471 0x1194  Detect skipped due to KSN trusted
10:24:00.0471 0x1194  .Net Main - ok
10:24:00.0923 0x1194  [ C0882FA78ADFB7CFF958797316532CEB, AC59657FC758A3F1BD454FC52F77EA0A590D2F0B147254531D9653EDC72AAD59 ] .Net Security   C:\Windows\system32\latch-Threads.exe
10:24:00.0923 0x1194  Suspicious file ( NoAccess ): C:\Windows\system32\latch-Threads.exe. md5: C0882FA78ADFB7CFF958797316532CEB, sha256: AC59657FC758A3F1BD454FC52F77EA0A590D2F0B147254531D9653EDC72AAD59
10:24:00.0939 0x1194  .Net Security - detected LockedFile.Multi.Generic ( 1 )
10:24:04.0121 0x1194  Detect skipped due to KSN trusted
10:24:04.0137 0x1194  .Net Security - ok
10:24:04.0277 0x1194  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:24:04.0324 0x1194  1394ohci - ok
10:24:04.0387 0x1194  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:24:04.0418 0x1194  ACPI - ok
10:24:04.0449 0x1194  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:24:04.0449 0x1194  AcpiPmi - ok
10:24:04.0527 0x1194  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:24:04.0574 0x1194  adp94xx - ok
10:24:04.0589 0x1194  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:24:04.0605 0x1194  adpahci - ok
10:24:04.0652 0x1194  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:24:04.0699 0x1194  adpu320 - ok
10:24:04.0745 0x1194  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:24:04.0745 0x1194  AeLookupSvc - ok
10:24:04.0839 0x1194  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
10:24:04.0901 0x1194  AFD - ok
10:24:04.0948 0x1194  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:24:04.0948 0x1194  agp440 - ok
10:24:04.0995 0x1194  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:24:05.0011 0x1194  ALG - ok
10:24:05.0057 0x1194  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:24:05.0073 0x1194  aliide - ok
10:24:05.0104 0x1194  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:24:05.0120 0x1194  amdide - ok
10:24:05.0151 0x1194  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:24:05.0167 0x1194  AmdK8 - ok
10:24:05.0182 0x1194  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:24:05.0198 0x1194  AmdPPM - ok
10:24:05.0229 0x1194  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:24:05.0245 0x1194  amdsata - ok
10:24:05.0307 0x1194  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:24:05.0354 0x1194  amdsbs - ok
10:24:05.0401 0x1194  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:24:05.0416 0x1194  amdxata - ok
10:24:05.0510 0x1194  [ E6E693E595996E1D92773C0DC52A54BF, 29757FB82B4C1D74769C16AA59C6CC0C63C4BD41118FE416145F7941AC804FFD ] AnviCsbSvc      C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
10:24:05.0603 0x1194  AnviCsbSvc - ok
10:24:05.0650 0x1194  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
10:24:05.0681 0x1194  AppID - ok
10:24:05.0728 0x1194  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:24:05.0759 0x1194  AppIDSvc - ok
10:24:05.0775 0x1194  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
10:24:05.0791 0x1194  Appinfo - ok
10:24:05.0900 0x1194  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:24:05.0993 0x1194  Apple Mobile Device - ok
10:24:06.0025 0x1194  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:24:06.0040 0x1194  arc - ok
10:24:06.0103 0x1194  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:24:06.0118 0x1194  arcsas - ok
10:24:06.0181 0x1194  [ 44837F1CB5BD166A7BD8869F9E86E907, 59AB25E5A48DAD4110E1823FC60FEA40792F6BFB5800096D7FB62DE0A8A4F0F4 ] asdrm           C:\Windows\system32\DRIVERS\asdrm.sys
10:24:06.0212 0x1194  asdrm - ok
10:24:06.0243 0x1194  [ 88390FE440DCC3F10556AE41F4EDFCA1, 7F433FA283DBFD16A11721951DEAEB921516680217A41CA0806641DDED1D3656 ] asdrs           C:\Windows\system32\DRIVERS\asdrs.sys
10:24:06.0259 0x1194  asdrs - ok
10:24:06.0352 0x1194  [ 87DC760739935C73915D0CD7EC3C237C, ADF8266AFEF465FB338E9AD7C0E813CE4DC28673385B366EF8584896C9046A34 ] asdsrv          C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
10:24:06.0524 0x1194  asdsrv - ok
10:24:06.0555 0x1194  [ 2D6D1BCBE6B7D0688681CE71C4A4C828, 86959EC12A328D78CB87FF7573CD0CEEA21AF22E924334643ABB1EEE3F828DEF ] asdws           C:\Windows\system32\DRIVERS\asdws.sys
10:24:06.0571 0x1194  asdws - ok
10:24:06.0586 0x1194  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:24:06.0602 0x1194  AsyncMac - ok
10:24:06.0664 0x1194  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:24:06.0680 0x1194  atapi - ok
10:24:06.0773 0x1194  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:24:06.0820 0x1194  AudioEndpointBuilder - ok
10:24:06.0836 0x1194  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:24:06.0851 0x1194  AudioSrv - ok
10:24:06.0945 0x1194  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:24:06.0961 0x1194  AxInstSV - ok
10:24:07.0023 0x1194  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:24:07.0070 0x1194  b06bdrv - ok
10:24:07.0101 0x1194  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:24:07.0132 0x1194  b57nd60a - ok
10:24:07.0226 0x1194  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:24:07.0366 0x1194  BCM43XX - ok
10:24:07.0397 0x1194  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:24:07.0397 0x1194  BDESVC - ok
10:24:07.0429 0x1194  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:24:07.0444 0x1194  Beep - ok
10:24:07.0507 0x1194  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:24:07.0553 0x1194  BFE - ok
10:24:07.0631 0x1194  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
10:24:07.0694 0x1194  BITS - ok
10:24:07.0709 0x1194  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:24:07.0725 0x1194  blbdrive - ok
10:24:07.0834 0x1194  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:24:07.0881 0x1194  Bonjour Service - ok
10:24:07.0928 0x1194  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:24:07.0943 0x1194  bowser - ok
10:24:07.0975 0x1194  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:24:07.0990 0x1194  BrFiltLo - ok
10:24:08.0006 0x1194  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:24:08.0021 0x1194  BrFiltUp - ok
10:24:08.0068 0x1194  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:24:08.0099 0x1194  BridgeMP - ok
10:24:08.0146 0x1194  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:24:08.0177 0x1194  Browser - ok
10:24:08.0209 0x1194  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:24:08.0240 0x1194  Brserid - ok
10:24:08.0271 0x1194  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:24:08.0271 0x1194  BrSerWdm - ok
10:24:08.0302 0x1194  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:24:08.0302 0x1194  BrUsbMdm - ok
10:24:08.0333 0x1194  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:24:08.0333 0x1194  BrUsbSer - ok
10:24:08.0349 0x1194  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:24:08.0365 0x1194  BTHMODEM - ok
10:24:08.0443 0x1194  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:24:08.0458 0x1194  bthserv - ok
10:24:08.0458 0x1194  catchme - ok
10:24:08.0505 0x1194  [ D1787E11C6A0078DDEAF8CF3EE2AB293, 15362A48EFF3DDD6C6D9B333CB7F5FE835B60A256B29467AD749DCFAC6C761D3 ] CAXHWAZL        C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:24:08.0536 0x1194  CAXHWAZL - ok
10:24:08.0567 0x1194  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:24:08.0567 0x1194  cdfs - ok
10:24:08.0614 0x1194  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:24:08.0630 0x1194  cdrom - ok
10:24:08.0677 0x1194  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:24:08.0708 0x1194  CertPropSvc - ok
10:24:08.0770 0x1194  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:24:08.0770 0x1194  circlass - ok
10:24:08.0833 0x1194  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
10:24:08.0864 0x1194  CLFS - ok
10:24:08.0942 0x1194  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:08.0989 0x1194  clr_optimization_v2.0.50727_32 - ok
10:24:09.0051 0x1194  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:24:09.0082 0x1194  clr_optimization_v2.0.50727_64 - ok
10:24:09.0176 0x1194  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:24:09.0207 0x1194  clr_optimization_v4.0.30319_32 - ok
10:24:09.0254 0x1194  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:24:09.0269 0x1194  clr_optimization_v4.0.30319_64 - ok
10:24:09.0301 0x1194  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:24:09.0316 0x1194  CmBatt - ok
10:24:09.0347 0x1194  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:24:09.0363 0x1194  cmdide - ok
10:24:09.0410 0x1194  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
10:24:09.0441 0x1194  CNG - ok
10:24:09.0550 0x1194  [ 0D23C3312838EEA1ED55D5F135BCA613, 2A73A2B45A6A1B72F4957EA041C1137AA8C05CF6D3B4B44D6FA4EAD07C2888C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:24:09.0597 0x1194  CnxtHdAudService - ok
10:24:09.0628 0x1194  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:24:09.0644 0x1194  Compbatt - ok
10:24:09.0691 0x1194  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:24:09.0706 0x1194  CompositeBus - ok
10:24:09.0722 0x1194  COMSysApp - ok
10:24:09.0753 0x1194  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:24:09.0769 0x1194  crcdisk - ok
10:24:09.0847 0x1194  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:24:09.0878 0x1194  CryptSvc - ok
10:24:09.0956 0x1194  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:24:09.0987 0x1194  DcomLaunch - ok
10:24:10.0018 0x1194  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:24:10.0049 0x1194  defragsvc - ok
10:24:10.0096 0x1194  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:24:10.0127 0x1194  DfsC - ok
10:24:10.0174 0x1194  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:24:10.0205 0x1194  Dhcp - ok
10:24:10.0237 0x1194  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:24:10.0252 0x1194  discache - ok
10:24:10.0283 0x1194  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:24:10.0299 0x1194  Disk - ok
10:24:10.0346 0x1194  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:24:10.0377 0x1194  Dnscache - ok
10:24:10.0424 0x1194  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:24:10.0439 0x1194  dot3svc - ok
10:24:10.0486 0x1194  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:24:10.0486 0x1194  DPS - ok
10:24:10.0549 0x1194  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:24:10.0564 0x1194  drmkaud - ok
10:24:10.0627 0x1194  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:24:10.0673 0x1194  dtsoftbus01 - ok
10:24:10.0720 0x1194  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:24:10.0783 0x1194  DXGKrnl - ok
10:24:10.0829 0x1194  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:24:10.0861 0x1194  EapHost - ok
10:24:11.0032 0x1194  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:24:11.0204 0x1194  ebdrv - ok
10:24:11.0235 0x1194  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
10:24:11.0251 0x1194  EFS - ok
10:24:11.0344 0x1194  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:24:11.0438 0x1194  ehRecvr - ok
10:24:11.0469 0x1194  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:24:11.0485 0x1194  ehSched - ok
10:24:11.0531 0x1194  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:24:11.0563 0x1194  elxstor - ok
10:24:11.0672 0x1194  [ FB67AA8AC61B9365ADD546139A21BED6, DDE2053071ED1F7E634FF1A74DB0ACC7D0D19B0AD0CF37DE989FA91B93C76452 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
10:24:11.0719 0x1194  ePowerSvc - ok
10:24:11.0765 0x1194  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:24:11.0765 0x1194  ErrDev - ok
10:24:11.0843 0x1194  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:24:11.0937 0x1194  EventSystem - ok
10:24:11.0953 0x1194  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:24:11.0968 0x1194  exfat - ok
10:24:11.0999 0x1194  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:24:12.0015 0x1194  fastfat - ok
10:24:12.0093 0x1194  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:24:12.0140 0x1194  Fax - ok
10:24:12.0171 0x1194  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:24:12.0187 0x1194  fdc - ok
10:24:12.0218 0x1194  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:24:12.0233 0x1194  fdPHost - ok
10:24:12.0265 0x1194  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:24:12.0280 0x1194  FDResPub - ok
10:24:12.0311 0x1194  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:24:12.0311 0x1194  FileInfo - ok
10:24:12.0343 0x1194  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:24:12.0343 0x1194  Filetrace - ok
10:24:12.0358 0x1194  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:24:12.0374 0x1194  flpydisk - ok
10:24:12.0436 0x1194  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:24:12.0467 0x1194  FltMgr - ok
10:24:12.0577 0x1194  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
10:24:12.0655 0x1194  FontCache - ok
10:24:12.0701 0x1194  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:24:12.0733 0x1194  FontCache3.0.0.0 - ok
10:24:12.0764 0x1194  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:24:12.0779 0x1194  FsDepends - ok
10:24:12.0826 0x1194  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:24:12.0842 0x1194  Fs_Rec - ok
10:24:12.0904 0x1194  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:24:12.0920 0x1194  fvevol - ok
10:24:12.0951 0x1194  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:24:12.0967 0x1194  gagp30kx - ok
10:24:13.0045 0x1194  [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
10:24:13.0123 0x1194  GameConsoleService - ok
10:24:13.0185 0x1194  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:24:13.0279 0x1194  gpsvc - ok
10:24:13.0403 0x1194  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
10:24:13.0762 0x1194  Greg_Service - ok
10:24:13.0981 0x1194  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:24:13.0981 0x1194  gupdate - ok
10:24:14.0012 0x1194  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:24:14.0012 0x1194  gupdatem - ok
10:24:14.0027 0x1194  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:24:14.0074 0x1194  gusvc - ok
10:24:14.0090 0x1194  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:24:14.0090 0x1194  hcw85cir - ok
10:24:14.0168 0x1194  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:24:14.0199 0x1194  HdAudAddService - ok
10:24:14.0230 0x1194  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:24:14.0246 0x1194  HDAudBus - ok
10:24:14.0277 0x1194  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:24:14.0293 0x1194  HidBatt - ok
10:24:14.0308 0x1194  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:24:14.0324 0x1194  HidBth - ok
10:24:14.0355 0x1194  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:24:14.0371 0x1194  HidIr - ok
10:24:14.0386 0x1194  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
10:24:14.0402 0x1194  hidserv - ok
10:24:14.0464 0x1194  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:24:14.0480 0x1194  HidUsb - ok
10:24:14.0511 0x1194  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:24:14.0527 0x1194  hkmsvc - ok
10:24:14.0573 0x1194  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:24:14.0620 0x1194  HomeGroupListener - ok
10:24:14.0667 0x1194  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:24:14.0714 0x1194  HomeGroupProvider - ok
10:24:14.0761 0x1194  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:24:14.0776 0x1194  HpSAMD - ok
10:24:14.0901 0x1194  [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:24:14.0963 0x1194  HsfXAudioService - ok
10:24:15.0088 0x1194  [ 26C5D00321937E49B6BC91029947D094, 610BBA49EAB5926FBC4B7990A64A8C3E5B7634CB25A39FC4D9104DD60FA3451A ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:24:15.0213 0x1194  HSF_DPV - ok
10:24:15.0291 0x1194  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:24:15.0322 0x1194  HTTP - ok
10:24:15.0353 0x1194  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:24:15.0369 0x1194  hwpolicy - ok
10:24:15.0416 0x1194  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:24:15.0447 0x1194  i8042prt - ok
10:24:15.0494 0x1194  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:24:15.0556 0x1194  IAANTMON - ok
10:24:15.0634 0x1194  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:24:15.0634 0x1194  iaStor - ok
10:24:15.0697 0x1194  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:24:15.0728 0x1194  iaStorV - ok
10:24:16.0055 0x1194  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:24:16.0133 0x1194  idsvc - ok
10:24:16.0399 0x1194  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:24:16.0695 0x1194  igfx - ok
10:24:16.0773 0x1194  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:24:16.0804 0x1194  iirsp - ok
10:24:16.0882 0x1194  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:24:16.0929 0x1194  IKEEXT - ok
10:24:16.0960 0x1194  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:24:16.0960 0x1194  intelide - ok
10:24:17.0007 0x1194  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:24:17.0007 0x1194  intelppm - ok
10:24:17.0038 0x1194  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:24:17.0054 0x1194  IPBusEnum - ok
10:24:17.0085 0x1194  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:24:17.0116 0x1194  IpFilterDriver - ok
10:24:17.0163 0x1194  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:24:17.0210 0x1194  iphlpsvc - ok
10:24:17.0241 0x1194  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:24:17.0257 0x1194  IPMIDRV - ok
10:24:17.0288 0x1194  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:24:17.0319 0x1194  IPNAT - ok
10:24:17.0413 0x1194  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:24:17.0459 0x1194  iPod Service - ok
10:24:17.0506 0x1194  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:24:17.0522 0x1194  IRENUM - ok
10:24:17.0569 0x1194  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:24:17.0584 0x1194  isapnp - ok
10:24:17.0631 0x1194  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:24:17.0662 0x1194  iScsiPrt - ok
10:24:17.0678 0x1194  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:24:17.0693 0x1194  kbdclass - ok
10:24:17.0725 0x1194  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:24:17.0740 0x1194  kbdhid - ok
10:24:17.0756 0x1194  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
10:24:17.0771 0x1194  KeyIso - ok
10:24:18.0130 0x1194  [ 1C6256096A341051509D36AD724830BE, 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
10:24:18.0442 0x1194  KL1 - ok
10:24:18.0536 0x1194  [ 7189020B8079F90A4930A8DB94002132, E1323898883DD83C1F209460BB9781A4AE023DB2CA4B44A0C19B1E6F4ABDCD87 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
10:24:18.0598 0x1194  KLIF - ok
10:24:18.0629 0x1194  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:24:18.0645 0x1194  KSecDD - ok
10:24:18.0676 0x1194  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:24:18.0692 0x1194  KSecPkg - ok
10:24:18.0723 0x1194  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:24:18.0739 0x1194  ksthunk - ok
10:24:18.0785 0x1194  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:24:18.0817 0x1194  KtmRm - ok
10:24:18.0879 0x1194  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
10:24:18.0879 0x1194  L1E - ok
10:24:18.0957 0x1194  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:24:19.0004 0x1194  LanmanServer - ok
10:24:19.0051 0x1194  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:24:19.0097 0x1194  LanmanWorkstation - ok
10:24:19.0160 0x1194  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:24:19.0175 0x1194  lltdio - ok
10:24:19.0222 0x1194  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:24:19.0253 0x1194  lltdsvc - ok
10:24:19.0285 0x1194  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:24:19.0300 0x1194  lmhosts - ok
10:24:19.0331 0x1194  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:24:19.0347 0x1194  LSI_FC - ok
10:24:19.0347 0x1194  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:24:19.0363 0x1194  LSI_SAS - ok
10:24:19.0409 0x1194  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:24:19.0409 0x1194  LSI_SAS2 - ok
10:24:19.0425 0x1194  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:24:19.0441 0x1194  LSI_SCSI - ok
10:24:19.0487 0x1194  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:24:19.0503 0x1194  luafv - ok
10:24:19.0550 0x1194  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:24:19.0565 0x1194  Mcx2Svc - ok
10:24:19.0581 0x1194  [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:24:19.0597 0x1194  mdmxsdk - ok
10:24:19.0612 0x1194  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:24:19.0628 0x1194  megasas - ok
10:24:19.0659 0x1194  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:24:19.0690 0x1194  MegaSR - ok
10:24:19.0721 0x1194  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:24:19.0737 0x1194  MMCSS - ok
10:24:19.0753 0x1194  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:24:19.0768 0x1194  Modem - ok
10:24:19.0846 0x1194  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:24:19.0862 0x1194  monitor - ok
10:24:19.0909 0x1194  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:24:19.0940 0x1194  mouclass - ok
10:24:19.0955 0x1194  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:24:19.0971 0x1194  mouhid - ok
10:24:20.0018 0x1194  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:24:20.0049 0x1194  mountmgr - ok
10:24:20.0080 0x1194  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:24:20.0096 0x1194  mpio - ok
10:24:20.0158 0x1194  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:24:20.0189 0x1194  mpsdrv - ok
10:24:20.0330 0x1194  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:24:20.0486 0x1194  MpsSvc - ok
10:24:20.0533 0x1194  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:24:20.0564 0x1194  MRxDAV - ok
10:24:20.0657 0x1194  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:24:20.0689 0x1194  mrxsmb - ok
10:24:20.0720 0x1194  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:24:20.0751 0x1194  mrxsmb10 - ok
10:24:20.0767 0x1194  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:24:20.0782 0x1194  mrxsmb20 - ok
10:24:20.0813 0x1194  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:24:20.0829 0x1194  msahci - ok
10:24:20.0860 0x1194  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:24:20.0876 0x1194  msdsm - ok
10:24:20.0891 0x1194  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:24:20.0907 0x1194  MSDTC - ok
10:24:20.0969 0x1194  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:24:21.0001 0x1194  Msfs - ok
10:24:21.0032 0x1194  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:24:21.0047 0x1194  mshidkmdf - ok
10:24:21.0063 0x1194  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:24:21.0063 0x1194  msisadrv - ok
10:24:21.0125 0x1194  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:24:21.0125 0x1194  MSiSCSI - ok
10:24:21.0141 0x1194  msiserver - ok
10:24:21.0172 0x1194  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:24:21.0188 0x1194  MSKSSRV - ok
10:24:21.0203 0x1194  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:24:21.0219 0x1194  MSPCLOCK - ok
10:24:21.0235 0x1194  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:24:21.0250 0x1194  MSPQM - ok
10:24:21.0297 0x1194  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:24:21.0313 0x1194  MsRPC - ok
10:24:21.0359 0x1194  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:24:21.0375 0x1194  mssmbios - ok
10:24:21.0391 0x1194  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:24:21.0406 0x1194  MSTEE - ok
10:24:21.0422 0x1194  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:24:21.0437 0x1194  MTConfig - ok
10:24:21.0484 0x1194  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:24:21.0484 0x1194  Mup - ok
10:24:21.0547 0x1194  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:24:21.0562 0x1194  napagent - ok
10:24:21.0593 0x1194  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:24:21.0625 0x1194  NativeWifiP - ok
10:24:21.0718 0x1194  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:24:21.0765 0x1194  NDIS - ok
10:24:21.0812 0x1194  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:24:21.0827 0x1194  NdisCap - ok
10:24:21.0859 0x1194  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:24:21.0874 0x1194  NdisTapi - ok
10:24:21.0921 0x1194  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:24:21.0952 0x1194  Ndisuio - ok
10:24:21.0999 0x1194  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:24:22.0030 0x1194  NdisWan - ok
10:24:22.0061 0x1194  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:24:22.0077 0x1194  NDProxy - ok
10:24:22.0108 0x1194  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
10:24:22.0124 0x1194  Netaapl - ok
10:24:22.0155 0x1194  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:24:22.0155 0x1194  NetBIOS - ok
10:24:22.0202 0x1194  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:24:22.0217 0x1194  NetBT - ok
10:24:22.0233 0x1194  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
10:24:22.0249 0x1194  Netlogon - ok
10:24:22.0280 0x1194  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:24:22.0311 0x1194  Netman - ok
10:24:22.0358 0x1194  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:24:22.0405 0x1194  netprofm - ok
10:24:22.0436 0x1194  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:24:22.0451 0x1194  NetTcpPortSharing - ok
10:24:22.0779 0x1194  [ 39EDE676D17F37AF4573C2B33EC28ACA, 6C897C8B72D7AC1385302E58509688790CC5F428E967485F92C3CD646907EF59 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
10:24:23.0153 0x1194  NETw5s64 - ok
10:24:23.0403 0x1194  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
10:24:23.0668 0x1194  netw5v64 - ok
10:24:23.0684 0x1194  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:24:23.0699 0x1194  nfrd960 - ok
10:24:23.0762 0x1194  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:24:23.0793 0x1194  NlaSvc - ok
10:24:23.0824 0x1194  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:24:23.0840 0x1194  Npfs - ok
10:24:23.0871 0x1194  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:24:23.0871 0x1194  nsi - ok
10:24:23.0887 0x1194  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:24:23.0902 0x1194  nsiproxy - ok
10:24:24.0011 0x1194  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:24:24.0136 0x1194  Ntfs - ok
10:24:24.0167 0x1194  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:24:24.0183 0x1194  Null - ok
10:24:24.0230 0x1194  [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:24:24.0245 0x1194  NVHDA - ok
10:24:24.0698 0x1194  [ FD39B98FF1BB8ED3848781497E9D02E0, EF078BC65FAF214860C177206793FFA47EB216FCC2F711DB1D63FE584FF18706 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:24:25.0181 0x1194  nvlddmkm - ok
10:24:25.0400 0x1194  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:24:25.0431 0x1194  nvraid - ok
10:24:25.0478 0x1194  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:24:25.0493 0x1194  nvstor - ok
10:24:25.0525 0x1194  [ C1668D58547DD0C4A0FBD6AFA20D5890, CF003E17B4DB83B88E3CE3010BE9A970756BB45C4D3500D3F02EBDC92BBC2AF8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:24:25.0556 0x1194  nvsvc - ok
10:24:25.0603 0x1194  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:24:25.0618 0x1194  nv_agp - ok
10:24:25.0681 0x1194  [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
10:24:25.0712 0x1194  O2FLASH - ok
10:24:25.0728 0x1194  [ 26DA4B40670AD436F7DAEC053A2A9ECA, E43C1DE8EB9156AF2B083C868C71A1282E72FC38C4AF23459A0826CF1C632AC8 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2mdx64.sys
10:24:25.0743 0x1194  O2MDRDR - ok
10:24:25.0759 0x1194  [ 2E69A2ADC12DAA7AC7B4FFD8601E88B0, D153A31389411629A89A14C2631FED8656168C96DB0BD1A53D1017BE9E11853B ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sdx64.sys
10:24:25.0774 0x1194  O2SDRDR - ok
10:24:25.0884 0x1194  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:24:26.0024 0x1194  odserv - ok
10:24:26.0055 0x1194  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:24:26.0071 0x1194  ohci1394 - ok
10:24:26.0118 0x1194  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:24:26.0149 0x1194  ose - ok
10:24:26.0196 0x1194  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:24:26.0227 0x1194  p2pimsvc - ok
10:24:26.0274 0x1194  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:24:26.0336 0x1194  p2psvc - ok
10:24:26.0383 0x1194  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:24:26.0383 0x1194  Parport - ok
10:24:26.0430 0x1194  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:24:26.0445 0x1194  partmgr - ok
10:24:26.0492 0x1194  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:24:26.0508 0x1194  PcaSvc - ok
10:24:26.0554 0x1194  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:24:26.0570 0x1194  pci - ok
10:24:26.0601 0x1194  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:24:26.0617 0x1194  pciide - ok
10:24:26.0664 0x1194  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:24:26.0710 0x1194  pcmcia - ok
10:24:26.0757 0x1194  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:24:26.0773 0x1194  pcw - ok
10:24:26.0835 0x1194  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:24:26.0882 0x1194  PEAUTH - ok
10:24:26.0913 0x1194  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:24:26.0929 0x1194  PerfHost - ok
10:24:27.0054 0x1194  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:24:27.0163 0x1194  pla - ok
10:24:27.0210 0x1194  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:24:27.0256 0x1194  PlugPlay - ok
10:24:27.0288 0x1194  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:24:27.0288 0x1194  PNRPAutoReg - ok
10:24:27.0319 0x1194  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:24:27.0334 0x1194  PNRPsvc - ok
10:24:27.0397 0x1194  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:24:27.0428 0x1194  PolicyAgent - ok
10:24:27.0475 0x1194  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:24:27.0490 0x1194  Power - ok
10:24:27.0553 0x1194  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:24:27.0584 0x1194  PptpMiniport - ok
10:24:27.0631 0x1194  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:24:27.0646 0x1194  Processor - ok
10:24:27.0693 0x1194  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:24:27.0709 0x1194  ProfSvc - ok
10:24:27.0740 0x1194  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:24:27.0740 0x1194  ProtectedStorage - ok
10:24:27.0787 0x1194  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:24:27.0818 0x1194  Psched - ok
10:24:27.0927 0x1194  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:24:28.0052 0x1194  ql2300 - ok
10:24:28.0083 0x1194  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:24:28.0099 0x1194  ql40xx - ok
10:24:28.0146 0x1194  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:24:28.0161 0x1194  QWAVE - ok
10:24:28.0192 0x1194  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:24:28.0208 0x1194  QWAVEdrv - ok
10:24:28.0239 0x1194  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:24:28.0239 0x1194  RasAcd - ok
10:24:28.0286 0x1194  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:24:28.0302 0x1194  RasAgileVpn - ok
10:24:28.0317 0x1194  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:24:28.0333 0x1194  RasAuto - ok
10:24:28.0380 0x1194  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:24:28.0411 0x1194  Rasl2tp - ok
10:24:28.0442 0x1194  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:24:28.0489 0x1194  RasMan - ok
10:24:28.0520 0x1194  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:24:28.0536 0x1194  RasPppoe - ok
10:24:28.0582 0x1194  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:24:28.0598 0x1194  RasSstp - ok
10:24:28.0660 0x1194  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:24:28.0707 0x1194  rdbss - ok
10:24:28.0738 0x1194  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:24:28.0738 0x1194  rdpbus - ok
10:24:28.0770 0x1194  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:24:28.0785 0x1194  RDPCDD - ok
10:24:28.0832 0x1194  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:24:28.0848 0x1194  RDPENCDD - ok
10:24:28.0879 0x1194  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:24:28.0894 0x1194  RDPREFMP - ok
10:24:28.0926 0x1194  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:24:28.0957 0x1194  RDPWD - ok
10:24:29.0019 0x1194  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:24:29.0066 0x1194  rdyboost - ok
10:24:29.0097 0x1194  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:24:29.0113 0x1194  RemoteAccess - ok
10:24:29.0144 0x1194  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:24:29.0160 0x1194  RemoteRegistry - ok
10:24:29.0206 0x1194  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:24:29.0238 0x1194  RpcEptMapper - ok
10:24:29.0269 0x1194  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:24:29.0284 0x1194  RpcLocator - ok
10:24:29.0347 0x1194  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
10:24:29.0362 0x1194  RpcSs - ok
10:24:29.0409 0x1194  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:24:29.0425 0x1194  rspndr - ok
10:24:29.0440 0x1194  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
10:24:29.0440 0x1194  SamSs - ok
10:24:29.0487 0x1194  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:24:29.0503 0x1194  sbp2port - ok
10:24:29.0550 0x1194  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:24:29.0596 0x1194  SCardSvr - ok
10:24:29.0628 0x1194  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:24:29.0628 0x1194  scfilter - ok
10:24:29.0721 0x1194  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:24:29.0784 0x1194  Schedule - ok
10:24:29.0830 0x1194  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:24:29.0830 0x1194  SCPolicySvc - ok
10:24:29.0877 0x1194  [ 3777C449916F72C807CC056624F40C7E, 18D24FD2E4B5F9860624E0D99F5145473559DD078E5D69C4F2689C59655E9897 ] scssifilter     C:\Windows\system32\Drivers\scssifilter64.sys
10:24:29.0893 0x1194  scssifilter - ok
10:24:29.0940 0x1194  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
10:24:29.0971 0x1194  sdbus - ok
10:24:30.0018 0x1194  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:24:30.0064 0x1194  SDRSVC - ok
10:24:30.0111 0x1194  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:24:30.0127 0x1194  secdrv - ok
10:24:30.0174 0x1194  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:24:30.0189 0x1194  seclogon - ok
10:24:30.0220 0x1194  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
10:24:30.0220 0x1194  SENS - ok
10:24:30.0283 0x1194  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:24:30.0298 0x1194  SensrSvc - ok
10:24:30.0314 0x1194  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:24:30.0330 0x1194  Serenum - ok
10:24:30.0408 0x1194  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:24:30.0439 0x1194  Serial - ok
10:24:30.0470 0x1194  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:24:30.0486 0x1194  sermouse - ok
10:24:30.0564 0x1194  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:24:30.0595 0x1194  SessionEnv - ok
10:24:30.0657 0x1194  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:24:30.0673 0x1194  sffdisk - ok
10:24:30.0704 0x1194  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:24:30.0704 0x1194  sffp_mmc - ok
10:24:30.0720 0x1194  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:24:30.0735 0x1194  sffp_sd - ok
10:24:30.0751 0x1194  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:24:30.0766 0x1194  sfloppy - ok
10:24:30.0813 0x1194  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:24:30.0844 0x1194  SharedAccess - ok
10:24:30.0891 0x1194  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:24:30.0922 0x1194  ShellHWDetection - ok
10:24:30.0954 0x1194  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:24:30.0954 0x1194  SiSRaid2 - ok
10:24:30.0985 0x1194  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:24:31.0000 0x1194  SiSRaid4 - ok
10:24:31.0063 0x1194  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:24:31.0063 0x1194  Smb - ok
10:24:31.0141 0x1194  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:24:31.0156 0x1194  SNMPTRAP - ok
10:24:31.0203 0x1194  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:24:31.0203 0x1194  spldr - ok
10:24:31.0266 0x1194  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
10:24:31.0312 0x1194  Spooler - ok
10:24:31.0500 0x1194  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:24:31.0718 0x1194  sppsvc - ok
10:24:31.0765 0x1194  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:24:31.0780 0x1194  sppuinotify - ok
10:24:31.0827 0x1194  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:24:31.0858 0x1194  srv - ok
10:24:31.0921 0x1194  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:24:31.0968 0x1194  srv2 - ok
10:24:32.0030 0x1194  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:24:32.0061 0x1194  SrvHsfHDA - ok
10:24:32.0217 0x1194  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:24:32.0295 0x1194  SrvHsfV92 - ok
10:24:32.0389 0x1194  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:24:32.0467 0x1194  SrvHsfWinac - ok
10:24:32.0514 0x1194  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:24:32.0545 0x1194  srvnet - ok
10:24:32.0607 0x1194  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:24:32.0654 0x1194  SSDPSRV - ok
10:24:32.0701 0x1194  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:24:32.0701 0x1194  SstpSvc - ok
10:24:32.0763 0x1194  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:24:32.0779 0x1194  stexstor - ok
10:24:32.0872 0x1194  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:24:32.0919 0x1194  stisvc - ok
10:24:32.0997 0x1194  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:24:33.0013 0x1194  swenum - ok
10:24:33.0060 0x1194  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:24:33.0106 0x1194  swprv - ok
10:24:33.0138 0x1194  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:24:33.0153 0x1194  SynTP - ok
10:24:33.0278 0x1194  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
10:24:33.0434 0x1194  SysMain - ok
10:24:33.0481 0x1194  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:24:33.0496 0x1194  TabletInputService - ok
10:24:33.0528 0x1194  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:24:33.0559 0x1194  TapiSrv - ok
10:24:33.0590 0x1194  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:24:33.0590 0x1194  TBS - ok
10:24:33.0730 0x1194  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:24:33.0871 0x1194  Tcpip - ok
10:24:33.0964 0x1194  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:24:33.0996 0x1194  TCPIP6 - ok
10:24:34.0058 0x1194  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:24:34.0089 0x1194  tcpipreg - ok
10:24:34.0152 0x1194  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:24:34.0152 0x1194  TDPIPE - ok
10:24:34.0198 0x1194  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:24:34.0198 0x1194  TDTCP - ok
10:24:34.0245 0x1194  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:24:34.0261 0x1194  tdx - ok
10:24:34.0308 0x1194  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:24:34.0323 0x1194  TermDD - ok
10:24:34.0370 0x1194  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
10:24:34.0417 0x1194  TermService - ok
10:24:34.0464 0x1194  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:24:34.0464 0x1194  Themes - ok
10:24:34.0495 0x1194  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:24:34.0495 0x1194  THREADORDER - ok
10:24:34.0542 0x1194  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:24:34.0557 0x1194  TrkWks - ok
10:24:34.0635 0x1194  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:24:34.0682 0x1194  TrustedInstaller - ok
10:24:34.0744 0x1194  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:24:34.0760 0x1194  tssecsrv - ok
10:24:34.0822 0x1194  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:24:34.0838 0x1194  TsUsbFlt - ok
10:24:34.0916 0x1194  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:24:34.0932 0x1194  tunnel - ok
10:24:34.0963 0x1194  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:24:34.0994 0x1194  uagp35 - ok
10:24:35.0041 0x1194  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:24:35.0072 0x1194  udfs - ok
10:24:35.0134 0x1194  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:24:35.0150 0x1194  UI0Detect - ok
10:24:35.0197 0x1194  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:24:35.0212 0x1194  uliagpkx - ok
10:24:35.0259 0x1194  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
10:24:35.0290 0x1194  umbus - ok
10:24:35.0337 0x1194  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:24:35.0353 0x1194  UmPass - ok
10:24:35.0431 0x1194  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
10:24:35.0509 0x1194  Updater Service - ok
10:24:35.0571 0x1194  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:24:35.0602 0x1194  upnphost - ok
10:24:35.0649 0x1194  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:24:35.0680 0x1194  USBAAPL64 - ok
10:24:35.0727 0x1194  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:24:35.0743 0x1194  usbccgp - ok
10:24:35.0805 0x1194  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:24:35.0836 0x1194  usbcir - ok
10:24:35.0883 0x1194  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:24:35.0883 0x1194  usbehci - ok
10:24:35.0930 0x1194  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:24:35.0977 0x1194  usbhub - ok
10:24:36.0008 0x1194  [ 4DF4D5FA8F79269848B15B84D437B0DC, 97AAC0F3E1B6B28C864C2E1DADC40B44DAF7098206A7E4E6BC4F1FAF388EA28C ] usbmp3          C:\Windows\system32\Drivers\usbmp364.sys
10:24:36.0008 0x1194  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbmp364.sys. md5: 4DF4D5FA8F79269848B15B84D437B0DC, sha256: 97AAC0F3E1B6B28C864C2E1DADC40B44DAF7098206A7E4E6BC4F1FAF388EA28C
10:24:36.0008 0x1194  usbmp3 - detected LockedFile.Multi.Generic ( 1 )
10:24:39.0081 0x1194  Detect skipped due to KSN trusted
10:24:39.0081 0x1194  usbmp3 - ok
10:24:39.0190 0x1194  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:24:39.0237 0x1194  usbohci - ok
10:24:39.0284 0x1194  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:24:39.0315 0x1194  usbprint - ok
10:24:39.0346 0x1194  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:24:39.0362 0x1194  USBSTOR - ok
10:24:39.0393 0x1194  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:24:39.0409 0x1194  usbuhci - ok
10:24:39.0471 0x1194  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:24:39.0487 0x1194  usbvideo - ok
10:24:39.0534 0x1194  [ F64DE82B9EC47F79B32F55B303D00FE4, C22918BC121FC9473E061FCA3149C18DCFB7ED8F90CF72648D85258FC4090A21 ] usbvox          C:\Windows\system32\Drivers\usbvox64.sys
10:24:39.0534 0x1194  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvox64.sys. md5: F64DE82B9EC47F79B32F55B303D00FE4, sha256: C22918BC121FC9473E061FCA3149C18DCFB7ED8F90CF72648D85258FC4090A21
10:24:39.0534 0x1194  usbvox - detected LockedFile.Multi.Generic ( 1 )
10:24:42.0778 0x1194  Detect skipped due to KSN trusted
10:24:42.0778 0x1194  usbvox - ok
10:24:42.0888 0x1194  [ DA6B19F1AD2544A1E1EB351C539173AE, C30AF87F4C680481B79099032F363BD444F57593663FDAB3610B532685B98687 ] usbwav          C:\Windows\system32\Drivers\usbwav64.sys
10:24:42.0888 0x1194  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbwav64.sys. md5: DA6B19F1AD2544A1E1EB351C539173AE, sha256: C30AF87F4C680481B79099032F363BD444F57593663FDAB3610B532685B98687
10:24:42.0888 0x1194  usbwav - detected LockedFile.Multi.Generic ( 1 )
10:24:46.0054 0x1194  Detect skipped due to KSN trusted
10:24:46.0054 0x1194  usbwav - ok
10:24:46.0164 0x1194  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:24:46.0195 0x1194  UxSms - ok
10:24:46.0226 0x1194  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
10:24:46.0242 0x1194  VaultSvc - ok
10:24:46.0273 0x1194  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:24:46.0304 0x1194  vdrvroot - ok
10:24:46.0382 0x1194  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:24:46.0429 0x1194  vds - ok
10:24:46.0460 0x1194  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:24:46.0476 0x1194  vga - ok
10:24:46.0522 0x1194  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:24:46.0538 0x1194  VgaSave - ok
10:24:46.0585 0x1194  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:24:46.0600 0x1194  vhdmp - ok
10:24:46.0647 0x1194  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:24:46.0647 0x1194  viaide - ok
10:24:46.0678 0x1194  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:24:46.0694 0x1194  volmgr - ok
10:24:46.0756 0x1194  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:24:46.0788 0x1194  volmgrx - ok
10:24:46.0819 0x1194  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:24:46.0834 0x1194  volsnap - ok
10:24:46.0928 0x1194  [ F8C69EB4CC46FD2681B65212CA20DD97, 290CC81B0F1C6EC26AD445442E1705710CFCCCB68D305205AE03A2DE49A6BEB3 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
10:24:46.0975 0x1194  Vsdatant - ok
10:24:47.0037 0x1194  vsmon - ok
10:24:47.0084 0x1194  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:24:47.0100 0x1194  vsmraid - ok
10:24:47.0224 0x1194  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:24:47.0318 0x1194  VSS - ok
10:24:47.0365 0x1194  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:24:47.0380 0x1194  vwifibus - ok
10:24:47.0412 0x1194  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:24:47.0412 0x1194  vwififlt - ok
10:24:47.0458 0x1194  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:24:47.0490 0x1194  W32Time - ok
10:24:47.0552 0x1194  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:24:47.0568 0x1194  WacomPen - ok
10:24:47.0646 0x1194  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:24:47.0661 0x1194  WANARP - ok
10:24:47.0692 0x1194  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:24:47.0692 0x1194  Wanarpv6 - ok
10:24:47.0802 0x1194  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:24:47.0895 0x1194  WatAdminSvc - ok
10:24:48.0020 0x1194  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:24:48.0114 0x1194  wbengine - ok
10:24:48.0145 0x1194  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:24:48.0176 0x1194  WbioSrvc - ok
10:24:48.0238 0x1194  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:24:48.0270 0x1194  wcncsvc - ok
10:24:48.0316 0x1194  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:24:48.0348 0x1194  WcsPlugInService - ok
10:24:48.0379 0x1194  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:24:48.0394 0x1194  Wd - ok
10:24:48.0457 0x1194  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
10:24:48.0457 0x1194  WDC_SAM - ok
10:24:48.0566 0x1194  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:24:48.0628 0x1194  Wdf01000 - ok
10:24:48.0660 0x1194  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:24:48.0675 0x1194  WdiServiceHost - ok
10:24:48.0706 0x1194  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:24:48.0706 0x1194  WdiSystemHost - ok
10:24:48.0784 0x1194  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
10:24:48.0831 0x1194  WebClient - ok
10:24:48.0894 0x1194  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:24:48.0909 0x1194  Wecsvc - ok
10:24:48.0972 0x1194  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:24:49.0003 0x1194  wercplsupport - ok
10:24:49.0050 0x1194  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:24:49.0065 0x1194  WerSvc - ok
10:24:49.0128 0x1194  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:24:49.0128 0x1194  WfpLwf - ok
10:24:49.0206 0x1194  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:24:49.0237 0x1194  WIMMount - ok
10:24:49.0315 0x1194  [ A6EA7A3FC4B00F48535B506DB1E86EFD, B2A28C0438BA679D760FB8B68289D625CF6204DFF8000A285B5CA68417314F65 ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:24:49.0346 0x1194  winachsf - ok
10:24:49.0393 0x1194  WinDefend - ok
10:24:49.0471 0x1194  WinHttpAutoProxySvc - ok
10:24:49.0564 0x1194  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:24:49.0627 0x1194  Winmgmt - ok
10:24:49.0752 0x1194  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:24:49.0892 0x1194  WinRM - ok
10:24:49.0970 0x1194  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:24:49.0986 0x1194  WinUsb - ok
10:24:50.0064 0x1194  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:24:50.0110 0x1194  Wlansvc - ok
10:24:50.0173 0x1194  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:24:50.0173 0x1194  WmiAcpi - ok
10:24:50.0235 0x1194  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:24:50.0251 0x1194  wmiApSrv - ok
10:24:50.0298 0x1194  WMPNetworkSvc - ok
10:24:50.0329 0x1194  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:24:50.0329 0x1194  WPCSvc - ok
10:24:50.0391 0x1194  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:24:50.0422 0x1194  WPDBusEnum - ok
10:24:50.0469 0x1194  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:24:50.0469 0x1194  ws2ifsl - ok
10:24:50.0516 0x1194  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
10:24:50.0532 0x1194  wscsvc - ok
10:24:50.0547 0x1194  WSearch - ok
10:24:50.0719 0x1194  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:24:50.0844 0x1194  wuauserv - ok
10:24:50.0890 0x1194  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:24:50.0922 0x1194  WudfPf - ok
10:24:50.0984 0x1194  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:24:51.0000 0x1194  WUDFRd - ok
10:24:51.0031 0x1194  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:24:51.0046 0x1194  wudfsvc - ok
10:24:51.0109 0x1194  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:24:51.0187 0x1194  WwanSvc - ok
10:24:51.0218 0x1194  [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio          C:\Windows\system32\DRIVERS\XAudio64.sys
10:24:51.0234 0x1194  XAudio - ok
10:24:51.0280 0x1194  [ 79D9CE9614C955DD31AA2556B4014662, 2692681268A5DEE2E07B0F848D76B330CD3AB065451EC9E35653066015EEF135 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
10:24:51.0312 0x1194  yukonw7 - ok
10:24:51.0374 0x1194  [ F0814A5318A534E4742F5358DF59F3AD, 4A8877987D9DFAD57AF409D9C35EAF480D5260730E392EF3CFA9725F46640086 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
10:24:51.0405 0x1194  ZAPrivacyService - ok
10:24:51.0452 0x1194  ================ Scan global ===============================
10:24:51.0468 0x1194  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:24:51.0514 0x1194  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:24:51.0546 0x1194  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:24:51.0561 0x1194  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:24:51.0608 0x1194  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:24:51.0608 0x1194  [ Global ] - ok
10:24:51.0608 0x1194  ================ Scan MBR ==================================
10:24:51.0624 0x1194  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:24:51.0920 0x1194  \Device\Harddisk0\DR0 - ok
10:24:51.0936 0x1194  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:24:51.0951 0x1194  \Device\Harddisk1\DR1 - ok
10:24:51.0951 0x1194  ================ Scan VBR ==================================
10:24:51.0967 0x1194  [ 53F71214507A7B052DB9238ACE10B1D1 ] \Device\Harddisk0\DR0\Partition1
10:24:51.0967 0x1194  \Device\Harddisk0\DR0\Partition1 - ok
10:24:51.0998 0x1194  [ DADF4039FE0288C55C5CA5BBC725574C ] \Device\Harddisk0\DR0\Partition2
10:24:51.0998 0x1194  \Device\Harddisk0\DR0\Partition2 - ok
10:24:51.0998 0x1194  [ 0BABCB918F5B424B7EB187052A408E88 ] \Device\Harddisk1\DR1\Partition1
10:24:51.0998 0x1194  \Device\Harddisk1\DR1\Partition1 - ok
10:24:51.0998 0x1194  Waiting for KSN requests completion. In queue: 54
10:24:53.0012 0x1194  Waiting for KSN requests completion. In queue: 54
10:24:54.0026 0x1194  Waiting for KSN requests completion. In queue: 54
10:24:55.0040 0x1194  Waiting for KSN requests completion. In queue: 14
10:24:56.0319 0x1194  AV detected via SS2: ZoneAlarm Antivirus, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 12.0.104.0 ), 0x41000 ( enabled : updated )
10:24:56.0335 0x1194  FW detected via SS2: ZoneAlarm Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 12.0.104.0 ), 0x41010 ( enabled )
10:24:59.0236 0x1194  ============================================================
10:24:59.0236 0x1194  Scan finished
10:24:59.0236 0x1194  ============================================================
10:24:59.0252 0x0c3c  Detected object count: 0
10:24:59.0252 0x0c3c  Actual detected object count: 0

    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 February 2014 - 10:01 AM

Hi leafaninottawa,

bullseye_zpse9eaf36e.gif Show Hidden Files & Folders in Windows 7
  • To show hidden files, just click on the Organize button in any folder, and then select Folder and Search Options from the menu.
  • Click the View tab, and then you should select Show hidden files and folders in the list.
  • Then click OK.
=========================

bullseye_zpse9eaf36e.gif VirusTotal

Please go to: VirusTotal

virustotal2-SWI.png
  • Click the Browse button and search for the following files: (one at a time)
    c:\windows\system32\mutex-Threads.exe
    c:\windows\system32\latch-Threads.exe
    c:\windows\system32\idle-Threads.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

=========================

Re-hide Hidden files & Folders

In your next post please provide the following:
  • Virus Total results

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 03 February 2014 - 10:23 AM

these files are not in the system32 folder



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 February 2014 - 11:09 AM

Hi leafaninottawa,
 

these files are not in the system32 folder

 

:thumbup:

 

=========================

Delete the copy of ComboFix you have on your computer.
Reboot, then download a new copy and save it to your Desktop. (location is important)

 

Your previous copy was not run from the desktop.
Running from: c:\users\Easyhome\Downloads\ComboFix.exe

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • ComboFix.txt
    • Any update on symptoms?

     

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 leafaninottawa

leafaninottawa

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 03 February 2014 - 05:24 PM

here is the ComboFix log

 

ComboFix 13-12-24.02 - Easyhome 03/02/2014  18:03:38.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4091.1995 [GMT -5:00]
Running from: c:\users\Easyhome\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Corporation\Microsoft® Windows® Operating System
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.Net Semaphore
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-03 to 2014-02-03  )))))))))))))))))))))))))))))))
.
.
2014-02-03 23:12 . 2014-02-03 23:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-03 23:12 . 2014-02-03 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-03 05:37 . 2014-02-03 05:55 -------- d-----w- c:\users\Easyhome\AppData\Local\Microsoft Games
2014-02-02 05:20 . 2014-02-02 05:20 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2014-02-02 05:10 . 2014-02-03 23:12 -------- d-----w- c:\programdata\Microsoft Corporation
2014-01-16 12:54 . 2014-01-16 12:54 -------- d-----w- c:\users\Easyhome\AppData\Local\ElevatedDiagnostics
2014-01-16 10:40 . 2014-01-16 10:40 -------- d-----w- c:\users\Easyhome\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 20:15 . 2013-12-23 20:15 640957 ----a-w- c:\windows\unins000.exe
2013-12-22 04:05 . 2013-12-22 04:05 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-17 23:36 . 2013-12-17 23:36 597104 ---h--r- c:\windows\system32\ProgramlicenseRequired.exe
2013-12-17 17:14 . 2012-02-22 03:35 126976 ------w- c:\windows\system32\Interop.SHDocVw.dll
2013-12-17 17:13 . 2012-02-22 03:35 18928 ------r- c:\windows\system32\drivers\scssifilter64.sys
2013-12-17 14:22 . 2013-12-17 14:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 14:22 . 2013-12-17 14:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-17 14:22 . 2013-12-17 14:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-17 14:22 . 2013-12-17 14:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-12-17 14:22 . 2013-12-17 14:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-17 14:22 . 2013-12-17 14:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-17 14:22 . 2013-12-17 14:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-12-17 14:22 . 2013-12-17 14:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-12-17 14:22 . 2013-12-17 14:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-17 14:22 . 2013-12-17 14:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-17 14:22 . 2013-12-17 14:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-17 14:22 . 2013-12-17 14:22 441856 ----a-w- c:\windows\system32\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-12-17 14:22 . 2013-12-17 14:22 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-17 14:22 . 2013-12-17 14:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-12-17 14:22 . 2013-12-17 14:22 235008 ----a-w- c:\windows\system32\url.dll
2013-12-17 14:22 . 2013-12-17 14:22 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-12-17 14:22 . 2013-12-17 14:22 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-17 14:22 . 2013-12-17 14:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-17 14:22 . 2013-12-17 14:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-12-17 14:22 . 2013-12-17 14:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-17 14:22 . 2013-12-17 14:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-12-17 14:22 . 2013-12-17 14:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-12-17 14:22 . 2013-12-17 14:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-17 14:22 . 2013-12-17 14:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-02-22 03:59 405504 --sha-r- c:\windows\System32\vshadow.exe
2012-02-22 03:59 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2012-02-22 03:59 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CloudSystemBooster"="c:\program files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" [2013-12-24 527544]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2012-02-22 600688]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-10-21 1636536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 .Net Crypt;Microsoft.NET Framework SecurityCrypt x2.0c;c:\windows\system32\mutex-Threads.exe;c:\windows\SYSNATIVE\mutex-Threads.exe [x]
R2 .Net Security;Microsoft.NET Framework KernelSecurity x2.0c;c:\windows\system32\latch-Threads.exe;c:\windows\SYSNATIVE\latch-Threads.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 scssifilter;scssifilter;c:\windows\system32\Drivers\scssifilter64.sys;c:\windows\SYSNATIVE\Drivers\scssifilter64.sys [x]
S0 usbmp3;usbmp3;c:\windows\system32\Drivers\usbmp364.sys;c:\windows\SYSNATIVE\Drivers\usbmp364.sys [x]
S0 usbvox;usbvox;c:\windows\system32\Drivers\usbvox64.sys;c:\windows\SYSNATIVE\Drivers\usbvox64.sys [x]
S0 usbwav;usbwav;c:\windows\system32\Drivers\usbwav64.sys;c:\windows\SYSNATIVE\Drivers\usbwav64.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 .Net Main;Microsoft.NET Framework Kernel x2.0c;c:\windows\system32\idle-Threads.exe;c:\windows\SYSNATIVE\idle-Threads.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 13:38 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000Core.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000UA.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-29 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-02-22 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-22 823840]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21983
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.entru.com/?s=21983
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
   47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
   2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,f4,bc,f4,a5,12,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2014-02-03  18:21:45 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-03 23:21
ComboFix2.txt  2014-02-02 05:27
ComboFix3.txt  2013-12-25 14:43
ComboFix4.txt  2013-12-13 22:45
.
Pre-Run: 182,074,732,544 bytes free
Post-Run: 182,017,921,024 bytes free
.
- - End Of File - - 98DCD50DEB48FBE83E453EEB6D936CB2
A36C5E4F47E84449FF07ED3517B43A31


#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 February 2014 - 07:28 PM

Hi leafaninottawa,

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • JRT.txt
  • OTL.txt
  • Describe what symptoms you are experiencing.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users